Data Privacy Policy

Last updated: 21 August 2020

Introduction

The purpose of this Data Privacy Policy is to explain how AuthBridge Research Services Private Limited & its subsidiaries (“AuthBridge”) collect, process, store, use, transfer, and protect the Personal Data (as defined herein after) for providing its services to its clients.

AuthBridge is committed to protecting the privacy and confidentiality of Personal Data about its customers, third party service providers and ensuring that any Personal Data supplied by/ collected on behalf of its customers or otherwise generated by its business activities is collected and processed fairly and lawfully.

Scope

This policy is applicable to AuthBridge for protecting the privacy of individuals whose Personal Data is being collected by AuthBridge, including but not limited to its employees, clients, third party service providers, individuals whose Personal Data is being processed for undertaking its business activities.

Definitions

Personal Data: Personal Data is any data relating to identified or identifiable natural person.

Sensitive Personal Data: Sensitive Personal Data is a specific set of “special categories” that must be treated with extra security.

EU data subject: European Union data subject as per GDPR (General Data Protection Regulation

What type of Personal Data does AuthBridge collect?

AuthBridge collects/receives certain Personal Data to enable it to provide its products and services to its Clients which may vary as per Client’s scope of work. The Personal Data collected will generally include:

  • individual name, date & place of birth, gender
  • contact number (mobile, residence), E-mail ID
  • family details (parents’ name);
  • address details (previous, current, permanent)
  • Identity details (passport/driving license/PAN card/voter card/ration card no.)
  • education details (degree/mark sheet/certificate)
  • employment history (previous, current)
  • professional reference (current, previous)
  • personal reference (known, but not blood relative)
  • criminal record check (police verification)

AuthBridge collects the below mentioned sensitive Personal Data:

  • Fingerprint/health records / credit and financial details

How does AuthBridge obtain Personal Data?

AuthBridge collects/receives Personal Data by fair, lawful, and transparent means. AuthBridge obtains Personal Data in an authorized manner for legitimate business purposes including data collected on behalf of AuthBridge’s client(s) whether by telephone, e-mail, hard copy, via AuthBridge’s online application form, client’s online portal, from third party service providers for providing services to its clients. The specific kind of user data collection will depend on the services used.

AuthBridge collects some Personal Data directly through its website/online links for enquiries made by existing and potential Client(s) (including Data gathered from direct marketing). Please refer our website privacy policy to know about the security measures for your Personal Data collected through website.

Consent for undertaking Background verification:

AuthBridge being a processor does not undertake collection of Personal Data for Background verification unless it or the Client has obtained the prior consent of the individual. The consent by the individual is required to be provided in written as a hard copy or electronically before AuthBridge undertakes the services as may be required for the Client(s). Where AuthBridge directly collects the Personal Data on client’s behalf, prior to collecting, provides an option to not provide consent for processing Personal Data if he/she is not willing to do so.

While collecting the Personal Data, AuthBridge requires the client to ensure that the Authorization Note is duly read & signed by the individual, stating the purpose of Personal Data disclosure to AuthBridge and its third party/ies service providers for the purpose of delivering the intended services to ensure adherence to applicable legal and regulatory laws.

What purpose does AuthBridge use the Personal Data (it holds) for?

Your data is used only for providing background verification services. The records of processing activities are maintained as per applicable laws. AuthBridge maintains the quality of data collected, processed, stored and transferred.

Whenever we undertake trend analysis of Background verification results and discrepancies, the data used for analysis does not contain any Personal Data.

Does AuthBridge transfer the Personal Data?

AuthBridge, with partnerships globally, may need to transfer individual’s Personal Data to third party service providers including overseas’ to render certain elements of background verification services. AuthBridge’ third party service providers must use that Personal Data only for the purpose(s) for which it was shared by Client(s) with AuthBridge or pursuant to an agreement between the Parties and protect it from any further use. However, any such information transferred shall be subject to appropriate data privacy obligations.

The Personal Data may be shared/transferred only if it is necessary for the performance of a lawful contract between AuthBridge and Client(s) or where the individuals have provided their consent to such share/transfer. AuthBridge providers always, binds its employees and third-party service providers to the high standard of protection of Personal Data and its processing only for the authorized purpose. The records of such transfers are maintained.

To whom AuthBridge discloses your Personal Data?

AuthBridge will pass Personal Data to its employees in order to fulfill its business activities.

As a rule, AuthBridge does not disclose Personal Data to any third party unless such disclosures would be necessary for AuthBridge provision of the service to the Client(s).

Such necessary disclosures other than written request from government would occur in accordance with applicable laws and may include:

  • Data shared with relevant sources to obtain verification
  • Instances where AuthBridge has contracted with third parties to assist in providing services to AuthBridge’s Client(s), including such elements as delivery, verification and system support
  • Where AuthBridge is under an obligation by law to disclose Personal Data
  • Or where AuthBridge believes that a disclosure is necessary to identify or bring legal action against individuals who may be endangering public safety or interfering with AuthBridge property or services, or with our Client’s or others’ use of them.

How does AuthBridge protect your Personal Data it holds?

AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard-

Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.

  • Risk Assessment – Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.
  • Personnel Security – All employees are background verified prior to sharing the Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically. For AuthBridge’s third party service providers, background verification is also conducted along with signing the agreement including data privacy or data security obligations, NDA and Code of conduct.

IT Controls –

  • Systems & Network Security controls are applied such as System Hardening, Patch Management, VPN Connectivity, Firewall, Intrusion Detection and Prevention System, Patch Management, End Point Protection, Anti-virus, Data Leak Prevention, VAPT of systems, servers, applications, networking devices and applications and Log Management.
  • Communication Security controls such as Encryption (Data at rest and transit, SSL/TLS, SSH, Message digest)
  • Application security practices including secure SDLC process, security scanning and IP based restriction. Other data security and access management practices are as per controls described in this section.
  • Access Management controls such as access role-based access, password protection, multi-factor authentication and principle of least privileges.
  • Masking of personal data wherever not needed. Periodic and need basis access review and reconciliation.
  • Log Management -Logs are stored at secure place. All accesses to the applications are logged in a secure platform and/or application specific database down to the activity level.
  • Business Continuity is ensured through highly resilient and redundant architecture, regular and systematic backups for all business-critical applications and servers as per the defined frequencies. Periodic testing of business continuity & disaster recovery plans is conducted, and continual improvement actions are taken.

Physical Security Controls –

  • AuthBridge’s premises are protected 24/7 through security guards to restrict any unauthorized entry.
  • Visitor management process and Material In/Out process is implemented.
  • Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done periodically.
  • There is 24/7 CCTV monitoring. Restricted areas are labeled, and entry is allowed for only authorized users.
  • There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented.
  • Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, separate visitor registers for restricted area, and inventory movement register in place.

Incident Management Process 

  • Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated, and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted clients (if applicable) who must further notify the respective individual/s.

Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). If we should process your Personal Data with the objective of conducting profiling, we will, if prescribed by law, specifically inform you of this and of your rights in this respect. For the purpose of undertaking the trend analysis of Background verification results and discrepancies, the data used for analysis does not contain any Personal Data.

How can you withdraw your consent or request to update/delete your Personal Data?

To withdraw/ update/ delete your consent for AuthBridge to process your Personal Data or request to update/delete your Personal Data, we encourage you to speak to your employer/AuthBridge’s client you have engagement with. On client’s instruction, AuthBridge will immediately act upon the same and your request will be processed.

Children’s Privacy

AuthBridge neither directly collect personally identifiable data from anyone under the age of 18 (minors) nor provide any services to them.

In case our clients require us to do processing of data of a minor they must provide the parental consent if the child is below 16 years of age.

Rights for EU Data Subjects

If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws:

  • to learn whether your Personal Data is processed by us and to request a copy of your personal information and information relating to the processing of your Personal Data
  • to request the correction of any inaccurate or incomplete Personal Data
  • to request the erasure of your personal information or the restriction of the processing of your Personal Data
  • to object to our processing of your Personal Data
  • to withdraw your consent, you have given
  • to lodge a complaint with the applicable regulatory/ supervisory authority

If you are an AuthBridge prospect or existing client or vendor/ any other third party, please write to us on the email id/ address provided in Contact us section given below at the end of this policy.

If your Personal Data is being processed by AuthBridge as a third party for Background verification, and you wish to exercise any of your rights under the applicable law, we request you to reach out to your employer/AuthBridge’s client you have engagement with. On receiving the communications from its clients about your request, AuthBridge will immediately act upon the same in accordance with the applicable law.

How long does AuthBridge retain your Personal Data?

As AuthBridge collects your Personal Data only on behalf of its client, it is retained as per the retention period agreed with client through the signed agreement. In case you have any query, please connect with your employer/AuthBridge’s client you have engagement with.

Change to this privacy policy

We may review and update this Data Privacy Policy from time to time. To let you know, we will amend the revision date on top of this page.

Contact Us

We commit to handle your Personal Data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your Personal Data you are encouraged to contact your employer/AuthBridge’s client you have engagement with and AuthBridge will cooperate with any investigation to resolve any issues.

If you wish to contact AuthBridge for any privacy-related query/concern, then please send an email to privacy@authbridge.com & raj.pandey@authbridge.com or Mail us at:

Chief Information Security Officer (CISO)
AuthBridge Research Services Pvt. Ltd.
Plot No. 123, II Floor, Udyog Vihar,
Phase IV – Gurgaon – 122 015
Haryana, India

In order to report any incident, grievance or non-compliance to the policies, please drop an email to the Email address below:

Name: Raj Narayan Pandey
Email ID: raj.pandey@authbridge.com
Phone No: 8826821000

Want to Check More Udyam Registration/Reference Numbers?

Want to Verify More GST Numbers?