Company Data & Privacy Policy
Scope
This Policy applies to all employees of the Company and, where applicable, to contractors, consultants, interns, or third-party vendors who have access to any Company data. This includes data of customers, employees, partners, vendors, and clients, whether in electronic, digital, or any other form (collectively referred to as “Employees” for ease of reference).
Authority Concerned
For any questions or clarifications regarding this Policy, please contact the HR Team.
Conflict
This Policy should be read in conjunction with all other Company policies related to data confidentiality and privacy. In the event of any conflict with an employment or engagement agreement, the terms of that agreement shall prevail.
Purpose
The purpose of this Policy is to establish clear guidelines for handling, protecting, and maintaining the confidentiality of Company data, trade secrets, sensitive information, and personal data of customers, partners, and employees. It also outlines the rights and obligations of Employees with respect to their own personal data.
Definitions and General Obligations
Company Data refers to all information related to the Company and its stakeholders, created or accessed during the course of employment, including personal and confidential information.
Confidential Information includes proprietary and non-public information such as product roadmaps, source code, financial data, compensation details, personnel files, trade secrets, and business plans.
Personal Data includes personally identifiable information (PII) such as names, financial data, health records, passwords, and background verification details. Employees must not access or disclose such data without proper authorization.
Employees must maintain strict confidentiality of Company Data at all times and must not use or disclose such data unless specifically authorized. This obligation continues even after the end of employment.
Unauthorized use or disclosure of confidential information may result in disciplinary action, up to and including termination, and may also invite legal consequences. If an employee has any uncertainty as to whether someone is authorized to receive certain trade secret or Confidential Information, including colleagues at the Company, the employee should contact the Company’s CEO or Reporting Manager.
Compliance with Related Policies
This Policy must be followed along with related Company policies, including but not limited to:
- Acceptable Use Policy
- Access Control Policy
- Asset Management
- Backup and Restoration Procedures
- Business Continuity
- Cloud Security
- Confidentiality and Data Breach Policies
- Disaster Recovery
- Encryption and Endpoint Security
- Incident Management
- Network and Physical Security
- Risk Management
- Vendor Management
- IT and HR Security Policies
Inventions and Intellectual Property
All inventions, designs, documents, or intellectual property created during employment shall remain the sole property of the Company. Employees are required to sign a Confidentiality and Invention Assignment Agreement as a condition of employment.
Responsibilities of Employees
Data Handling
Handle data responsibly and only access what is required for your role.
Collect data only with explicit consent and use it solely for authorized purposes.
Store data securely on Company-approved platforms.
Access Control
Access to data must be based on job requirements.
Do not share login credentials.
Always log out from systems containing personal data when not in use.
Data Sharing
Personal data must not be shared with unauthorized third parties.
When required for business purposes, ensure secure transmission and consent from the data subject.
Compliance
Follow all applicable data protection and privacy laws.
Process personal data lawfully, transparently, and for legitimate purposes only.
Prohibited Activities
Unauthorized copying, downloading, transferring, or deletion of Company Data.
Use of personal email or storage for Company Data.
Sharing credentials or granting unauthorized access to Company systems.
Offensive or Inappropriate Use
Use of Company systems for offensive, discriminatory, or illegal content is strictly prohibited.
Examples include but are not limited to: sexually explicit material, racial slurs, gender-based insults, or accessing pirated or pornographic content.
Monitoring and Compliance
The Company reserves the right to monitor Employee access and usage of Company Data to ensure policy compliance. Violations may result in disciplinary action, including termination, and may be legally actionable.
Incident Reporting
Employees must immediately report any suspected data breach, unauthorized access, or loss of Company Data to the HR or IT team. Do not attempt to handle breaches independently. Non-reporting will be treated as serious misconduct.
Training and Awareness
All Employees are required to attend data security and privacy training as part of onboarding and as per periodic schedules. Attendance in these sessions is mandatory.
Employee Personal Data and Privacy
Consent
By accepting employment, Employees consent to the collection, processing, and use of their personal data for lawful employment-related purposes, including:
- Recruitment and onboarding
- Payroll, taxation, and benefits
- Performance management
- IT and security monitoring
- Legal compliance and investigations
Retention and Security
- Personal data will be retained only as long as necessary or as mandated by law.
- Upon termination, data will be archived or destroyed securely in compliance with Company policy and legal requirements.
Data Sharing
Personal data may be shared with third-party service providers (e.g., payroll processors, insurers) only for legitimate purposes and with appropriate safeguards.
No Expectation of Privacy
All data stored or transmitted on Company devices, systems, or platforms is Company property. The Company reserves the right to access, monitor, and review such data, including personal messages sent through Company systems.
Review and Amendment
This Policy may be reviewed and updated periodically at the Company’s discretion to reflect changes in Company practices or applicable laws, with reasonable notice of substantial changes to Employees.
