Last updated: 24th August 2020
- Personal Data that may be collected includes name, company name(s), e-mail address, and telephone number(s). Such Personal Data is stored with us and may be collected and processed in one or more databases maintained directly by AuthBridge.
- In addition to Personal Data that you choose to submit to us, we may also collect Technical information which may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Marketing and Communications Data includes your preferences in receiving marketing services from us and our third parties and your communication preferences.
- We do not collect any Sensitive/ Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) through our website. Please do not share such information on our website form or email id shared on website.
We may use your Personal Data for the purpose(s) for which it was collected or provided to us (as stated while collecting). We may also use Personal Data as follows:
- In addition to identification, registration, authentication, and transaction processing, AuthBridge may use that data for marketing purposes in order to make you aware of additional products and services which may be of interest to you, or to contact you regarding changes to and new offerings on our website, and special events and promotions. We may provide these communications and offers via email, postal mail, online, social media platforms, text messages, and other means.
- to manage and respond to any request you submit through our Website.
We will further seek your consent if we use your Personal Data for any purpose other than the mentioned above.
Within AuthBridge: We may share your Personal Data and Usage Information within AuthBridge (i.e., between and among AuthBridge and its subsidiaries). Such information may be used for business purposes in consistence with the purpose for which the information was originally collected or subsequently authorized by you.
AuthBridge also uses Enterprise Email service by Gmail for its business purpose and may communicate with you using the same. Please referhttps://policies.google.com/privacy to know more about their security measures.
Our website and the server on which it is hosted is at AWS Mumbai. There are reasonable and appropriate controls also at AWS to secure your data against any accidental or unlawful loss, access or disclosure. For more details visit https://aws.amazon.com/privacy/
AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard-
Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.
IT Controls -
- Risk Assessment - Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.
- Personnel Security - All employees are background verified prior to sharing the Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically. For AuthBridge's third party service providers, background verification is also conducted along with signing the agreement including data privacy or data security obligations, NDA and Code of conduct.
- Systems & Network Security controls are applied such as System Hardening, Patch Management, VPN Connectivity, Firewall, Intrusion Detection and Prevention System, Patch Management, End Point Protection, Anti-virus, Data Leak Prevention, VAPT of systems, servers, applications, networking devices and applications and Log Management.
- Communication Security controls such as Encryption (Data at rest and transit, SSL/TLS, SSH, Message digest)
- Application security practices including secure SDLC process, security scanning and IP based restriction. Other data security and access management practices are as per controls described in this section.
- Access Management controls such as access role-based access, password protection, multi-factor authentication and principle of least privileges.
- Masking of personal data wherever not needed. Periodic and need basis access review and reconciliation.
- Log Management -Logs are stored at secure place. All accesses to the applications are logged in a secure platform and/or application specific database down to the activity level.
- Business Continuity is ensured through highly resilient and redundant architecture, regular and systematic backups for all business-critical applications and servers as per the defined frequencies. Periodic testing of business continuity & disaster recovery plans is conducted, and continual improvement actions are taken.
- Physical Security Controls - AuthBridge's premises are protected 24/7 through security guards to restrict any unauthorized entry. Visitor management process and Material In/Out process is implemented. Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done periodically. There is 24/7 CCTV monitoring. Restricted areas are labeled, and entry is allowed for only authorized users. There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented. Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, separate visitor registers for restricted area, and inventory movement register in place.
- Incident Management Process – Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated, and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted clients (if applicable) who must further notify the respective individual/s.
The records of processing activities are maintained as per applicable laws.
If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws:
- to learn whether your Personal Data is processed by us and to request a copy of your Personal Data and information relating to the processing of your Personal Data
- to request the correction of any inaccurate or incomplete Personal Data
- to request the erasure of your Personal Data or the restriction of the processing of your Personal Data
- to object to our processing of your Personal Data
- to withdraw the consent, you have given
- to lodge a complaint with the applicable regulatory/ supervisory authority
We commit to handle your Personal Data in a way that provides you comfort and confidence. We also have processes for investigating and resolving any complaints regarding privacy concerns.
If you wish to contact AuthBridge for any privacy related query/concern, then please send email at email@example.com Or mail to:
Data Privacy & Compliance Officer
AuthBridge Research Services Pvt. Ltd.
Plot No. 123, II Floor, Udyog Vihar,
Phase IV – Gurgaon – 122 015