Company Data & Privacy Policy

Scope

This Policy applies to all employees of the Company and, where applicable, to contractors, consultants, interns, or third-party vendors who have access to any Company data. This includes data of customers, employees, partners, vendors, and clients, whether in electronic, digital, or any other form (collectively referred to as “Employees” for ease of reference).


Authority Concerned

For any questions or clarifications regarding this Policy, please contact the HR Team.

Conflict

This Policy should be read in conjunction with all other Company policies related to data confidentiality and privacy. In the event of any conflict with an employment or engagement agreement, the terms of that agreement shall prevail.

Purpose

The purpose of this Policy is to establish clear guidelines for handling, protecting, and maintaining the confidentiality of Company data, trade secrets, sensitive information, and personal data of customers, partners, and employees. It also outlines the rights and obligations of Employees with respect to their own personal data.

Definitions and General Obligations

Company Data refers to all information related to the Company and its stakeholders, created or accessed during the course of employment, including personal and confidential information.

Confidential Information includes proprietary and non-public information such as product roadmaps, source code, financial data, compensation details, personnel files, trade secrets, and business plans.

Personal Data includes personally identifiable information (PII) such as names, financial data, health records, passwords, and background verification details. Employees must not access or disclose such data without proper authorization.

Employees must maintain strict confidentiality of Company Data at all times and must not use or disclose such data unless specifically authorized. This obligation continues even after the end of employment.

Unauthorized use or disclosure of confidential information may result in disciplinary action, up to and including termination, and may also invite legal consequences. If an employee has any uncertainty as to whether someone is authorized to receive certain trade secret or Confidential Information, including colleagues at the Company, the employee should contact the Company’s CEO or Reporting Manager.


Compliance with Related Policies

This Policy must be followed along with related Company policies, including but not limited to:

  • Acceptable Use Policy
  • Access Control Policy
  • Asset Management
  • Backup and Restoration Procedures
  • Business Continuity
  • Cloud Security
  • Confidentiality and Data Breach Policies
  • Disaster Recovery
  • Encryption and Endpoint Security
  • Incident Management
  • Network and Physical Security
  • Risk Management
  • Vendor Management
  • IT and HR Security Policies


Inventions and Intellectual Property

All inventions, designs, documents, or intellectual property created during employment shall remain the sole property of the Company. Employees are required to sign a Confidentiality and Invention Assignment Agreement as a condition of employment.

Responsibilities of Employees

Data Handling

Handle data responsibly and only access what is required for your role.
Collect data only with explicit consent and use it solely for authorized purposes.
Store data securely on Company-approved platforms.

Access Control

Access to data must be based on job requirements.
Do not share login credentials.
Always log out from systems containing personal data when not in use.

Data Sharing

Personal data must not be shared with unauthorized third parties.
When required for business purposes, ensure secure transmission and consent from the data subject.


Compliance

Follow all applicable data protection and privacy laws.
Process personal data lawfully, transparently, and for legitimate purposes only.

Prohibited Activities

Unauthorized copying, downloading, transferring, or deletion of Company Data.
Use of personal email or storage for Company Data.
Sharing credentials or granting unauthorized access to Company systems.

Offensive or Inappropriate Use

Use of Company systems for offensive, discriminatory, or illegal content is strictly prohibited.
Examples include but are not limited to: sexually explicit material, racial slurs, gender-based insults, or accessing pirated or pornographic content.

Monitoring and Compliance

The Company reserves the right to monitor Employee access and usage of Company Data to ensure policy compliance. Violations may result in disciplinary action, including termination, and may be legally actionable.

Incident Reporting

Employees must immediately report any suspected data breach, unauthorized access, or loss of Company Data to the HR or IT team. Do not attempt to handle breaches independently. Non-reporting will be treated as serious misconduct.

Training and Awareness

All Employees are required to attend data security and privacy training as part of onboarding and as per periodic schedules. Attendance in these sessions is mandatory.

Employee Personal Data and Privacy

Consent

By accepting employment, Employees consent to the collection, processing, and use of their personal data for lawful employment-related purposes, including:

  • Recruitment and onboarding
  • Payroll, taxation, and benefits
  • Performance management
  • IT and security monitoring
  • Legal compliance and investigations

Retention and Security

  • Personal data will be retained only as long as necessary or as mandated by law.

  • Upon termination, data will be archived or destroyed securely in compliance with Company policy and legal requirements.

Data Sharing

Personal data may be shared with third-party service providers (e.g., payroll processors, insurers) only for legitimate purposes and with appropriate safeguards.

No Expectation of Privacy

All data stored or transmitted on Company devices, systems, or platforms is Company property. The Company reserves the right to access, monitor, and review such data, including personal messages sent through Company systems.

Review and Amendment

This Policy may be reviewed and updated periodically at the Company’s discretion to reflect changes in Company practices or applicable laws, with reasonable notice of substantial changes to Employees.

Sign In for Leucine
Employee Handbook