Vendor Privacy Policy

Effective date: 09/24/2019

  • What is the Purpose of this Privacy Policy?

    AuthBridge Research Services Pvt Ltd and all affiliates, respect your concerns about privacy. This Privacy Policy describes the types of Personal Data we collect about our vendors and how we may use the information and with whom we may share it. This policy also describes the measures we take to safeguard the Personal Data.

    Personal Data is any data relating to identified or identifiable natural person (Personal Data)

    This policy applies to all current, prospective and former vendors.

  • Why are we collecting your Personal Data?

    · The process of applying for and becoming a vendor (such as deciding about procuring services)

    · Performing due diligence and Background checks on you/ organization

    · Make payments to you for your services

    · Determining your continued vendor status

    · To comply with our legal obligations

    · Complaints (such as gathering evidence in relation to any complaints made by or about you; dealing with legal disputes involving you)

  • Types of Personal Data that we collect from you

    We may collect information about you (Owner, Director, Senior Management, Staff of our vendor providing services to AuthBridge and having access to AuthBridge’s or its client’s confidential information/ Personal Data).

    The information that we collect may include-
    · Full Name
    · Name of the establishment
    · Contact details (such as Address, Mobile number and email address);
    · Confirmation of your identity (such as your PAN)
    · Financial information (such as bank account details)
    · Your reference details

    Apart from these Personal Data, we also collect following information-
    · Infrastructure and security information
    · Business details

  • Sources of collecting your Personal Data

    The above information which we collect about you will be obtained through a variety of sources which include-

    · From you directly as part of the process of becoming our vendor

    · Information obtained about you in the course of our working relationship

    · From respective sources while conducting Background verification

  • What may happen, in case you don’t provide your Personal Data

    If you refuse to provide certain information when requested, we may not be able to get into the contract/ continue the contract/ perform the contract we have entered with you (such as making payments without your bank information), or we may be prevented from complying with our legal obligations.

  • Sharing your information

    Within AuthBridge- We may share your information within AuthBridge with its employees and subsidiaries to start and manage our working relationship with you.

    Outside AuthBridge –

    • Our third-party service providers with whom we share/ transfer your information are also required to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your Personal Data for specified purposes (such as for due diligence, data backup, payment processing etc.) and in accordance with our instructions.

    • AuthBridge Client’s to fulfill our contractual requirement.

    • We may share your Personal Data with other third parties, for example with a regulator.

    The records of such transfers are maintained.

  • How does AuthBridge protect the Personal Data it holds?

    AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard: –

    Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.

    Risk Assessment:

    Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.

    Personnel Security:

    All employees are background verified prior to sharing the Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically. For AuthBridge’s third party service providers, background verification is also conducted along with signing the agreement including data privacy or data security terms, NDA and Code of conduct.

    IT Controls:

    Access provisioning and de-provisioning is performed in accordance with the defined access management procedure. Accesses are granted only to authorized personnel on need to know basis.

    Antivirus and Patches are updated on the regular basis in accordance with the respective defined procedures. Personal Data is disposed in a secure manner so that it can be made unrecoverable.

    WAPT/VAPT is performed for all critical applications, servers and networks.  AuthBridge has its business continuity policy and plan made to deal with any situation where the current business is interrupted. On-site backup is taken for AuthBridge business critical applications and servers real time. Off-site back is taken every 24 hours.

    Physical Security Controls:

    AuthBridge’s premises are protected 24/7 through security guards to restrict any unauthorized entry.

    ID card & entry process is in place for the employees and visitors. No visitor is allowed on operations floor unless escorted and approved. Off-site asset movement procedure is implemented for maintaining all logs of assets moving in and out of premises.

    Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done quarterly.

    There is 24/7 CCTV monitoring on floors. Restricted areas are labeled, and only authorized users can enter. Documents are kept in lock and key.

    There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented.

    Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, visitor register, and inventory movement register in place.

    Incident Management Process:

    Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted vendors (if applicable).

  • How long does AuthBridge retain your Personal Data?

    We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Rights for EU Data Subjects

    If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws-

    ·  To learn whether your Personal Data is processed by us and to request a copy of your Personal Data and information relating to the processing of your Personal Data
    · To request the correction of any inaccurate or incomplete Personal Data
    · To request the erasure of your Personal Data or the restriction of the processing of your Personal Data
    · To object to our processing of your Personal Data
    · To withdraw your consent, you have given
    ·  To lodge a complaint with the applicable regulatory/ supervisory authority

    Please write to us on the email id/ address provided in Contact us section given below at the end of this policy.

  • Change to this privacy policy

    We may review and update this Privacy Policy from time to time. To let you know, we will amend the revision date on top of this page.

  • Contact Us

    We commit to handle your Personal Data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your Personal Data you are encouraged to contact AuthBridge and we will cooperate with any investigation to resolve any issues.

    If you wish to contact AuthBridge for any privacy-related query/concern, then please send an email at privacy@authbridge.com or mail to:
    Privacy & Compliance Officer
    AuthBridge Research Services Pvt Ltd
    Plot No. 123, II Floor, Udyog Vihar,
    Phase IV – Gurgaon – 122 015
    Haryana, India