Data Privacy Policy
Data Privacy Policy
Data Privacy Policy
Definitions
ZTPL
ZNet Technologies Pvt. Ltd.
Data Subjects
A natural person whose personal data is processed by ZTPL, or third parties contracted by ZTPL.
Processor
Governance, Risk, and Compliance Manager (GRCO).
Controller
ZNet Technologies Pvt. Ltd.
Third Country
Any country outside India.
Vendor
Vendors contracted by ZTPL.
Rights of Data Subjects
- In alignment with the applicable regulations, ZTPL shall provide data subjects with certain access rights with respect to their personal data.
Those rights are summarized below:
- Basic Information – the right to understand about the organization and how a data subject’s personal data is processed.
- Access Rights – the right to request a summary of the data subject’s personal data that is processed by ZTPL, along with a copy of such personal data.
- Portability – the right to request ZTPL to provide a copy of data subject’s personal data in a machine-readable form for transportation to another party, if applicable.
- Rectification – the right to request to correct errors or update a data subject’s personal data.
- Erasure – the right to request the erasure of personal data in possession of ZTPL, if not required by ZTPL.
- Restriction on Use – the right to request to stop processing a data subject’s personal data.
- Objection to Use – the right to object the assertion that ZTPL has a legitimate interest in processing a data subject’s personal data. This also includes automatic processing of personal data.
Requests received from the Data Subjects shall be maintained by GRCO.
Fair and Lawful Processing of Personal Data and Special Categories of Personal Data
- ZTPL shall ensure that the personal data is processed fairly and lawfully and that the legal grounds for the processing of your personal data have been clearly identified prior to processing. While collecting and processing the personal data of data subjects:
- ZTPL shall collect and process personal data when one of the following applies:
- The Data Subject has explicitly consented for the processing of his or her personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which Data Subject is a party to or to take steps at his or her request prior to entering a contract.
- Processing is necessary in accordance with the applicable laws.
- Processing is necessary to protect the vital interests of Data Subject or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Processing is necessary for the purposes of the legitimate interests pursued by ZTPL or by a third-party vendor.
- ZTPL shall/may provide Data Subject with following additional information if personal data was collected indirectly:
- Source from which the personal data was collected.
- Notification to Data Subject shall be provided latest within a month of obtaining the data.
- At the time of first communication with Data Subject.
- In case of disclosure to another recipient is envisaged, at the latest when the personal data is first disclosed.
- Where the personal data is collected for marketing purposes or might be used in the future for marketing purposes, ZTPL shall ensure that how an individual can object to such marketing is clearly explained to that individual.
Specific Purpose
- ZTPL shall ensure that the personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Grounds for Processing:
- ZTPL shall ensure that the processing of personal data is not carried out in a way which breaches or potentially breaches any legal and regulatory obligations, including statutory provisions, applicable laws, or contractual terms.
- ZTPL shall ensure that the personal data or special categories of personal data that are collected for specified, explicit and legitimate purposes is not used for another incompatible purpose, unless there is a relevant exemption from the legislation which applies.
- ZTPL shall ensure that, where personal data is to be used for a new purpose, the consent of Data Subject is obtained prior to processing, unless a relevant exemption applies.
Accuracy
- ZTPL shall make all possible efforts to ensure the accuracy of personal data, as provided by Data Subject and where necessary, take all possible steps to keep it up to date.
- Every reasonable step shall be taken by ZTPL to ensure that the personal data that is inaccurate with regard to the purposes for which they are processed, are erased, or rectified without delay.
Security
ZTPL shall make all possible and available efforts to ensure that the personal data is protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage by the implementation of appropriate technical or organizational security measures.
- ZTPL shall specify security controls as appropriate:
- ZTPL shall implement appropriate technical and organizational measures which are designed to implement data privacy principles in an effective manner and to integrate the necessary safeguards into processing such as:
- Encryption/pseudonymization of personal data and special categories of personal data.
- The ability to ensure ongoing confidentiality, integrity, availability, and resiliency of the processing systems.
- The ability to restore the availability and access to personal data in a timely manner in the event of a data privacy incident and personal data breach.
- Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.