header

Privacy Policy

We at Re Sustainability Limited (“ReSL”) are committed to protecting your privacy. We have prepared this Privacy Policy (“Policy”) to describe to you our practices regarding the personal data we collect from you.

This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable and the provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures to make the terms of this policy binding.

This Policy is published in compliance with, inter alia:

  • Section 43A of the Information Technology Act, 2000;
  • Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
  • Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.

OVERVIEW OF THE POLICY:

The right to privacy is a fundamental right and is necessary to protect personal data as an essential facet of informational privacy. Our aim is to ensure that the right data is used by a person in the right role and only in the right context, so that internal and external customers and other stakeholders can trust us for their business. This Policy is a legal document that we use to disclose the way we gather, use and manage the personal information of our customers and clients. We follow strict security procedures in the storage and disclosure of any information so that our internal and external employees, clients, suppliers or vendors, contractors or subcontractors, shareholders or any third parties feel confident about the privacy and security of their personal information.

DEFINITIONS:

Act: means the Information Technology Act, 2000 (21 of 2000).
Personal Data: means data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Processing of Personal Data: means any operation or series of operations carried out on Personal Data or sets of Personal Data, whether automated or not. These operations include collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, and disclosure by transmission, dissemination, or any other means of making the data available, alignment or combination of data, restriction, erasure, or destruction.

Sensitive personal data or information: means such personal information which consists of information relating to:
i. password;
ii. financial information such as Bank account or credit card or debit card or other payment instrument details;
iii. physical, physiological and mental health condition;
iv. sexual orientation;
v. medical records and history;
vi. Biometric information;
vii. any detail relating to the above clauses as provided to ReSL for providing service; and
viii. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

Website: shall mean our Website https://resustainability.com/ and the features and functionality thereof (“Services”).

SCOPE OF THE POLICY:

The Privacy Policy applies to Re Sustainability Limited entities in India for all dimensions and activities, in all geographies where we operate.

This policy applies to the Processing of Personal Data collected by ReSL, directly or indirectly, from all individuals including, but not limited to ReSL’s Website, ReSL’s current, past or prospective job applicants, employees, clients, consumers, suppliers or vendors, contractors or subcontractors, shareholders or any third parties.

In this Policy, “you” and “your” means any covered individual. “We”, “us”, “our” and “ReSL” means Re Sustainability Limited.

OUR ASSURANCE:

We have made the below provision:

  • To protect the autonomy of individuals in relation with their personal data,
  • To specify where the flow and usage of personal data is appropriate,
  • To create a relationship of trust between people and entities processing their
  • personal data
  • To specify the rights of individuals whose personal data are processed
  • To create a framework for implementing organizational and technical measures in processing personal data
  • To lay down norms for sharing of personal data
  • To ensure the accountability of entities processing personal data
  • To provide remedies for unauthorized and harmful processing
  • To establish a Data Protection Authority (Data Protection Officer) for overseeing processing activities
  • To protect privacy throughout processing from the point of collection to deletion of personal data
  • To carry out processing of personal data in a transparent manner.

PERSONAL DATA COLLECTION:

A. Throughout the course of the relationship with you, ReSL needs to collect Personal Data. The type of Information that may be collected includes (but is not limited to), where relevant:

  • Your Basic Information such as name, contact details, address, gender, birth date, marital status, children, parents details, dependent details, photos, photo id proof, pan card, passport, voter ID, aadhar card, life insurance nominees/beneficiaries, fingerprint information/facial recognition, emergency contact details, citizenship, visa, work permit details, etc.;
  • Recruitment, engagement or training records including curriculum vitae’s, applications, notes of interview, applicant references, qualifications, education records, test results (as applicable);
  • Information about your medical condition – health and sickness records;
  • The terms and conditions of employment/engagement, employment/engagement contracts with ReSL and/or previous employer;
  • Performance, conduct and disciplinary records within ReSL and/or with previous employers; mobility records generated in the course of employment/work with ReSL;
  • Information relating to your membership with professional associations or trade unions;
  • Leave records (including annual leave, sick leave and maternity leave);
  • Financial Information relating to compensation, bonus, pension and benefits, salary, travel expenses, stock options, stock purchase plans, tax rates, taxation, bank account, provident fund account details;
  • Information captured as result of monitoring of ReSL assets, equipment, network owned and/ or provided by ReSL;
  • If you correspond with us by e-mail, we may retain the content of your e mail messages, your e- mail address, and our responses;
  • Any other Information as required by ReSL.

B. Throughout the course of your association with ReSL, ReSL may collect the following data:

  • Device Information: We may automatically collect information about the device you use in association with ReSL, including the hardware model, operating system and version, unique device identifier, phone number, International Mobile Equipment Identity (“IMEI”) and mobile network information.
  • Geo-location Information- We may collect your device’s geo location data and save your device’s coordinates to offer certain features to you. We may determine your city, state, and country location based on your IP address (but not your exact location).
  • Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to you. Accepting a cookie does not provide us access to your device or any Personal Data about you, other than the information you choose to share. Other servers cannot read them, nor can they be used to deliver a virus. Most browsers automatically accept cookies, but you can usually adjust yours (Microsoft Internet Explorer, Firefox or Google Chrome) to notify you of cookie placement requests, refuse certain cookies, or decline cookies completely.
  • “Web beacons” or clear .gifs are small pieces of code placed on a Web page to monitor behavior and collect data about the visitors viewing a Web page. For example, Web beacons or similar technology can be used to count the users who visit a Website or to deliver a cookie to the browser of a visitor viewing that page. We may use Web beacons or similar technology on our Services from time to time for this and other purposes.
  • We gather certain information automatically and stores it in log files. This information includes internet protocol addresses as well as browser, internet service provider, referring/exit pages, search terms, operating system, date/time stamp, and click stream data. Occasionally, we may connect Personal Information to information gathered in our log files, as necessary to improve the Service for individual customers. Otherwise, we generally use this information as we would any  Usage Data, to analyze trends, administer and maintain the Service, or track usage of various features within the Service.

PURPOSES FOR DATA COLLECTION:

A. We collect the abovementioned Personal Data for purposes connected with our business activities including the following purposes, hereinafter the “Accepted Purposes”:

  • Managing your employment/work with ReSL including deployment/assignment of the individual to specific client projects;
  • Record-keeping purposes; Payroll Administration, Payment of your salary or invoice; Performance Assessment and Training;
  • Compliance with a legal requirement/obligations; health and safety rules and other legal obligations; Administration of benefits, including insurance, provident fund, pension plans; immigration, visa related purposes; ReSL’s reporting purposes;
  • Back ground verification purposes; credit and security checks;
  • Operational issues such as promotions, disciplinary activities, grievance procedure handling;
  • Audits, investigations, analysis and statistics, like various recruitment and employee retention programs;
  • IT, Security, Cyber security and Access Controls;
  • Disaster recovery plan, crisis management, internal and external communications;
  • For any other purposes as ReSL may deem necessary.

B. Personal data shall also be processed if such processing is necessary for such reasonable purposes related to the below activities after taking into consideration (“Accepted Purposes”):

  • Prevention and detection of any unlawful activity including fraud
  • Whistle blowing
  • Mergers and acquisitions
  • Network and information security
  • Recovery of debt

C. At our sole discretion, for any reason or no reason at all, we reserve the right to remove any data/information or messages, if we believe that such action is necessary:

  • to conform to the law, comply with legal process served on us, or investigate, prevent, or take action regarding suspected or actual illegal activities;
  • to enforce this policy, to take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of ReSL; or
  • to exercise or protect the rights, property, or personal safety of ReSL, or others entities associated with us.

DATA PROCESSING BY RESL:

We are committed to complying with any applicable legislation relating to Personal Data and we shall ensure that Personal Data is collected and processed in accordance with applicable data protection law in India.

Lawfulness, fairness and transparency: We only collect and process Personal Data when there is a lawful basis to do so. This may occur in situations where it is necessary for fulfilling a contract in which you are involved, or when we need to comply with legal obligations, or with your explicit consent. Additionally, we may process your Personal Data for ReSL’s legitimate interests, as long as they do not override your own interests or fundamental rights and freedoms.
Access to personal data and Sensitive Personal Data or Information (SPDI) is restricted solely to authorized personnel on a need-to know basis. Role-based access controls are implemented to ensure that only individuals with appropriate authorization can access sensitive data, thereby preventing unauthorized access and enhancing data security. Moreover, in cases where applicable law requires it, we will seek your prior consent before processing any Sensitive Personal Data.

Legitimate Purpose, Limitation and data minimization: We collect your Personal Data for specific, explicit, and legitimate purposes and do not further process it in a manner that is inconsistent with those purposes. We collect only the necessary amount of data required for a particular purpose.

Data accuracy and storage limitation: ReSL ensures that the Personal Data processed is accurate and, when necessary, kept up to date. Additionally, we will retain Personal Data only for as long as required to fulfill the purposes for which it was collected. This includes meeting legal, accounting, or reporting obligations, as well as asserting or defending against legal claims until the relevant retention period ends or until the claims are resolved. Once the applicable retention period has expired, we will securely dispose of your personal data in accordance with relevant laws and regulations.

CONFIDENTIALITY, SECURITY AND AVAILABILITY:

We are committed to maintaining the Confidentiality, Security, and Availability of the data we collect. Confidentiality is ensured by restricting unauthorized access to data exchanged, while Integrity is preserved by protecting systems and data from unauthorized modifications. We also ensure Availability so that data, systems, and applications are accessible to users as needed. To further protect data, personal information and sensitive personal data (SPDI) stored electronically are encrypted to prevent unauthorized access. Additionally, data transmitted over networks is safeguarded using secure encryption protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), to uphold data integrity and confidentiality.

LIMITED ACCESS TO THE PERSONAL DATA:

Only employees who have a legitimate need-to-know or require access for their specific job roles will be granted access to Personal Data. We will not share Personal Data with any external individuals or entities, except for the Accepted Purposes, or with the explicit consent person who’s Data is to be shared, or when there is a legitimate interest or legal requirement to do so, provided that it is allowed by applicable law. In such cases, the disclosure of Personal Data will be limited strictly to what is necessary and reasonable to fulfil the Accepted Purposes.
When ReSL collaborates with third-party entities that may have access to Personal Data while providing their services, ReSL ensures that these third parties are contractually obligated to process the Personal Data solely based on ReSL’s instructions. They must adhere to ReSL’s Data Privacy policies and comply with Data Protection laws.

PROTECTION OF YOUR PERSONAL DATA:

We are very concerned about safeguarding the confidentiality of your personal data. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access. We use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Information. We cannot, however, ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission of information, we make commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps.
Notwithstanding anything to the contrary in this Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our rights or property. However, nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party, including a government’s, request to disclose your information.

DELETION OF YOUR PERSONAL DATA:

You may request deletion of your personal data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may also retain your information for fraud prevention or similar purposes.

YOUR RIGHTS:

A. You have the right to request a copy of the Personal Data that we have about you. Additionally, if you find any inaccuracies in your Personal Data, you can request for it to be corrected, or if your data is incomplete, you can ask for it to be completed appropriately.
B. You have the right to be forgotten which grants you the authority to request the erasure of your Personal Data under various circumstances, including when the data is no longer necessary for its original purpose, when you withdraw your consent, when you object to the processing of your data, when your Personal Data has been unlawfully processed, when there is a legal obligation to erase your data, or when erasure is necessary to comply with applicable laws.
C. You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the details mentioned in the Policy.

OBLIGATIONS IF YOU COME ACROSS PERSONAL DATA OF OTHERS:

You shall be diligent and extend caution while dealing with Personal Data of others, in the course of performance of your duties and shall also, at all times:

A. Prevent any un-authorized person from having access to any computer systems processing Personal Data, and especially: (i) un-authorized reading, copying, alteration, deletion or removal of data; (ii) un-authorized data input, disclosure, uploading, transmission/transfer of Personal Data;
B. Abide by ReSL’s internal security policies and procedures;
C. Ensure that authorized users of a data-processing system can access only the specific Personal Data to which their access rights have been granted;
D. Maintain a comprehensive record of all instances where Personal Data has been shared, including details of what data was communicated, the date and time of communication, and the recipient’s identity;
E. Refrain from disclosing any Personal Data to third parties without prior consultation with the individual’s Manager or the Human Resources Department;
F. Ensure that Personal Data processed on behalf of a third party (client) can be processed only in the manner prescribed by such third party;
G. Implement security measures to ensure that, during the communication of Personal Data and transfer of storage media, the data remains protected from unauthorized access, copying, or erasure;
H. Immediately, on becoming aware report and notify any vulnerabilities and privacy related breach/security breaches (including potential risks);
I. Attend mandatory and voluntary trainings on security and data privacy including e-learnings and online sessions.

BREACH OF THIS POLICY:

Non-compliance with the Policy and relevant laws can have severe consequences and may subject both ReSL and you to damages, criminal fines, and penalties. ReSL considers any failure to adhere to this Policy as a grave matter and may result in the initiation of appropriate disciplinary actions, which may include but are not limited to, the dismissal or termination.

DATA PROTECTION OFFICER:

If you have any questions, discrepancies, or grievances regarding the processing of your Personal Data, you can contact the ReSL Data Protection Officer (DPO) at [MENTION EMAIL ADDRESS]. The DPO will promptly address your concerns within the period prescribed by law. If you have any queries about the content, interpretation, or implications of the Policy, you may also reach out to the DPO.
However, ReSL retains the right to reject any request that might compromise the security and confidentiality of other Personal Data or those requests that are impractical or not made in good faith. This is in accordance with the circumstances outlined in the law, allowing ReSL to refuse such requests.