(A) "User" (hereinafter collectively referred to as "You", "Your",), mean our customers who use our Service(s) or any other natural person who visit our website(s) and whose personal data is being collected, held or processed by SP Consultancy.
(B) "Service Data" means all electronic data, text, messages or other materials, including personal data of Users, submitted to the service(s) by You in connection with Your use of the service(s), including, without limitation, to Personal Data.
(C) "Personal Data" means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the SP Consultancy.
(A) The primary aim of this Policy is to set out limits for the retention of Service Data or personal data.
(B) In addition to safeguarding the rights of users by ensuring that excessive amounts of data are not retained by SP Consultancy, this Policy also aims to improve the speed and efficiency of managing data.
(A) This Policy applies to all personal data held by SP Consultancy for the sole purpose of processing and fulfilling requests made by users.
(B) This policy applies on all SP Consultancy workstations – desktops, laptops, servers, physical modes of personal data collection including but not limited to physical forms, visitor logs, visiting cards collected etcetera, this policy also covers all virtual machines including cloud servers under control of SP Consultancy.
(B) Such records may be of one person or may be of several persons. Such records may be present in electronic format or as a paper copy. Such records may be present inside the local machines or on a cloud or simply as a printout on a paper.
(A) SP Consultancy shall not retain any personal data for any longer than is necessary considering the purpose(s) for which that data is collected, held, and processed, unless required by the law.
(B) Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed).
(C) When establishing and/or reviewing retention periods, the following points shall be considered:
i. The objectives and requirements of SP Consultancy;
ii. The type of personal data in question;
iii. The purposes for which the data in question is collected, held, and processed;
(D) If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.
(E) Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within SP Consultancy to do so whether in response to a request by a user or otherwise.
(F) The required retention period for any category of documents not specifically defined elsewhere in this Policy including the Data Retention Schedule covered under Annexure 1, unless otherwise mandated differently in accordance with applicable law, will be deemed to be 12 months from the date of creation of the document.
Your Personal Data and files are stored on SP Consultancy’s servers and the servers of companies we hire to provide services to us. We have servers located in India, however your personal information may be transferred across national borders as the companies we hire to help us run our business may be located in different countries around the world. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We understand that the security of your personal information is important. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. Our Site is also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for you. While we provide administrative, technical, and physical security controls to protect your personal information. At the same time, it is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer. However, despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.
Upon the expiry of the data retention periods set out in this Policy, personal data shall be deleted, destroyed, or otherwise disposed unless as required by the law.
The grievance officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, SP Consultancy’s other data management policies, with the Information Technology Act 2008(Amended) and other applicable data protection legislation.
Any questions regarding this Policy, the retention of personal data, or any other aspect of compliance with IT Act 2008 should be referred to the grievance officer.
Exemptions for prolonging of retention periods covered in this Policy in view of special circumstances are mentioned below:
Ongoing investigations from any competent authorities under Indian law, if there is a chance records of personal data are needed by us to prove compliance with any legal requirements; or
When exercising legal rights in cases of lawsuits or similar court proceeding.
SP Consultancy expects that its Users read and understand this policy and in case you are unable to understand anything, you are required to contact the grievance officer of this Policy in SP Consultancy i. e. Mr. Sagar Patil available at email@example.com. This Policy has been approved and authorised by the Partners of SP Consultancy.
Annexure 1: Data Retention Schedule
|Data Type||Review Period||Retention Period||Purpose of Data Retention|
|Name||Quarterly or as soon as business allows||For no longer than 12 months after last contact.||
|Postal Address||Quarterly or as soon as business allows||For no longer than 12 months after last contact.|
|Email and other electronic addresses||Quarterly or as soon as business allows||For no longer than 12 months after last contact.|
|Telephone Numbers including landline numbers||Quarterly or as soon as business allows||For no longer than 12 months after last contact.|
|Email Correspondence||Quarterly or as soon as business allows||For no longer than 12 months after last contact.|
Despite all the best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. However, if we learn of a security breach, we will notify affected users so that they can take appropriate protective steps. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
Our databases are backed up on a regular basis and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability.
Keeping your data secure also requires that user maintains the security of his account by using sufficiently complicated drivinglicences and storing them safely. You should also ensure that you have sufficient security on your own systems.
Our systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized personnel. We will provide users with reasonable assistance in the event of a security incident impacting their account.
In case of any queries that you may have please reach to our Information Security Officer at firstname.lastname@example.org.