Data Compliance

Data Compliance Document for B&B ITES

Last updated: 16th May 2024

Table of Contents

1. Introduction
2. Purpose
3. Scope of Compliance
4. Definitions
5. Data Collection Methods
6. Data Elements Collected
7. Data Storage and Encryption
8. Data Sharing and Internal Usage
9. User Rights and Consent Mechanisms
10. Data Retention and Deletion
11. Security Measures
12. Data Audits and Accountability
13. Incident Response and Data Breach Procedure
14. Data Protection Officer (DPO)
15. Training and Awareness
16. Non-Compliance Penalties
17. Amendments
18. Contacts

1. Introduction

This Data Compliance Document outlines the policies and procedures in place at B&B ITES for ensuring the secure and compliant management of data. It is intended to align with legal and ethical standards for data protection and privacy.

2. Purpose

The purpose of this document is to provide clear guidelines for data compliance related to B&B ITES, specifically regarding data collection, storage, sharing, and usage.

3. Scope of Compliance

This document is applicable to all data collected via B&B ITES from registered users. This includes data collected through inquiry forms.

4. Definitions

• Personal Data: Any information related to an identified or identifiable natural person.

• Processing: Any operation performed on personal data, whether or not by automated means.

• Data Subject: The individual whose personal data is being processed.

• Data Controller: The entity that determines the purposes and means of processing personal data.

5. Data Collection Methods

• Form Submission: A form on B&B ITES collects contact information after the user consents to our privacy policy.

6. Data Elements Collected

7. Data Storage and Encryption

• Storage: All data collected via B&B ITES is stored in our internal CRM system.

• Encryption: All stored data is encrypted using AES 256-bit encryption.

8. Data Sharing and Internal Usage

• Internal Sharing: Data is used internally for sales, marketing, and customer service.

• Third-Party Sharing: There is no third-party sharing of data collected via B&B ITES.

9. User Rights and Consent Mechanisms

• Consent: A checkbox is provided to obtain explicit user consent before data collection.

• Rights: Users have the right to access, correct, and delete their data.

10. Data Retention and Deletion

• Retention Policy: Data is retained indefinitely unless a deletion request is made by the user.

11. Security Measures

• Firewall: AWS firewall services are implemented to restrict unauthorized access.

• Encryption: Data is encrypted both at rest and in transit.

12. Data Audits and Accountability

• Audit Logs: All access to and actions on data are logged for audit purposes.

• Accountability: Employees with access to data are trained and accountable for compliant handling.

13. Incident Response and Data Breach Procedure

• Incident Response Team: Headed by the Data Protection Officer, this team is responsible for managing data breaches.

• Notification: In the event of a breach, affected parties will be notified within 72 hours.

14. Data Protection Officer (DPO)

• Name: Mr. Rushab Sharma

• Experience: 15 years

• Role: Overseeing data protection strategy and its implementation to ensure compliance.

15. Training and Awareness

• Employee Training: All employees are required to undergo data protection training.

16. Non-Compliance Penalties

• Internal Penalties: Employees found in violation may face disciplinary action up to and including termination.

17. Amendments

This document may be periodically updated to reflect changes in laws, technologies, or company policies.

18. Contacts

For further queries and clarifications, please contact Mr. Rushab Sharma, Data Protection Officer at dpo@b&b-ites.com