Acceptable data collection and usage Policy
Hero Insurance Broking India Pvt. Ltd.
Document Name: HIBIPL-Data Usage-V1_0 Version Number: 1.0
|Description||Date||No. of Pages||Approved / Authorized By|
The objective of this policy is to establish safeguards that minimize the risk of compromising data security and privacy during personal data collection and usage
Note: This Policy may be referred to in conjunction with policies and standards provided under the References section below for understanding the overall perspective relating to data protection/privacy.
This policy is applicable to:
- Mass e-mail processing & communication (using HIBIPL’s email domain)
- Tele-calling activities either in-house or through HIBIPL’s vendors/service providers.
- Collection and usage of customer’s, prospect’s, vendor’s and employee’s personal information.
Prospect, customer, vendor, employees and other individuals would be referred to as “User” in this policy.
User data includes data such as, but not limited to –
- Contact information (Office and mobile telephone numbers),
- Organization name,
- Areas of interest,
- Email address,
- Personal data of User collected by HIBIPL for carrying out business processes shall be protected against unauthorized access.
- While collecting personal data of Users (example- HIBIPL website or any other sites on behalf of HIBIPL), the following shall be considered-
Legal/regulatory requirements if any, related to the data protection
- HIBIPL shall provide comprehensive information about the identity of the data controller.
- Data will be collected only for specific, explicit and legitimate purpose and subsequently processed in accordance with those purposes and will be kept up to date.
- The user shall be given option to opt out (unsubscribe) anytime either via dealer.
- User’s email address shall be added to a mailing list only after verification of user’s intention of joining the mailing list.
Processing and Communication
- E-mails / SMS for broadcast shall contain accurate subject lines and shall not be deceptive in nature.
- E-mails/SMS shall be sent to outside world only through company approved email system/ SMS Server.
- Appropriate security measures would be taken against unauthorized access to, or alteration, disclosure or destruction of personal information and against its accidental loss or destruction.
- HIBIPL employees and contractors engaged in processing of users personal information shall undergo background check before commencing their job and also ensure relevant NDA is signed and restored for future reference.
- The application/system in which user data is stored shall be protected against breach. Adequate measures should be taken before using the data for testing purpose.
- User data shall be classified as “Confidential” information and shall be shared on need to know basis only.
- E-mails shall be sent only to the intended recipient of such communication.
Data shall be deleted or anonymized as soon as it is no longer necessary for the purpose for which it was collected or processed.
Employees found violating any of the above clauses shall be subject to disciplinary action.