Nexval Privacy Statement

Introduction:

This privacy statement applies to the collection, process, disclosure and use of Personal Identifiable Information (PII) or the Personal Sensitive Information (PSI), as the case may be, which is followed by Nexval Infotech Pvt. Ltd. (a Private Limited Company, duly registered under the Indian Companies Act1956, having Corporate Identity Number or CIN: U72200WB2009PTC138529), having its registered office at Ecospace Business Park, Action Area 3, Newtown Rajarhat, Ambuja Realty Campus, Block 4A, 3rd Floor, Unit No.303, Kolkata 700 160, West Bengal, India. And HMG Ambassador Building,9th Floor, 137 Residency Road, Bengaluru – 560 025, Karnataka, India hereinafter will be mentioned as Nexval or the Company.

Nexval is committed to maintaining the privacy and integrity of PII and PSI and this privacy statement describes Nexval’s approach on addressing all such issues. This privacy statement provides details about the types of personal information that we collect, how we use, process, protect and disclose such personal information and the rights of the individuals who have to control our usage and thereafter disclose of such personal information. Certain Personal Identifiable Information (Nexval Employees) need to be shared with external vendor for the internal security control purposes of the Company, such as preparation of employee I.D. Card, Background Verification etc.

Data collection

The Company may collect personal information from clients, employees, contractors, Third party and other individuals. The Company may collect such information when it is necessary for business purposes. Usually, Nexval collect information like the contact details for the interest of the client and employee’s personal details for legal requirements.

Nexval is committed to safeguard Privacy of each & every employee’s information as well as each & every Customer’s Information and/or data. Typically, the Company consider PII means any information about an individual maintained by Nexval, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as Name, Date & Place of birth, Mother‘s maiden name, Passport Number, Driver’s license number, Driving license number, Taxpayer identification number, Telephone number, Financial account or credit card number and (2) any other information that is linked or linkable to an individual, such as employee’s contact details, address details, educational details, employee’s id proof details (PAN card, Aadhar Card etc.), Salary related documents (Payslip, Bank statement, last company salary break up details etc.). During the course of providing professional services to clients, the Company may need to collect more detailed personal information (for instance, Contact details, Business information etc.).
It is the policy to limit the information collected to only the minimum information required to fulfill the legal or statutory or business requirement.

Use of personal information

The main purposes of collecting personal information about individuals are as follows:

  • Providing services
  • Maintaining regular contact with clients for General management and reporting purposes (such as invoicing and account management etc.)
  • All other Lawful & Statutory purposes related to our business and in furtherance to fulfilment of lawful contract.

Personal information collected by us is used only for the intended purpose stated at the time that the information is collected or for the purposes specified above.

Disclosure of personal information

Nexval do not routinely disclose or transfer an individual’s personal information to other organizations unless there is any legal or business requirement viz. Background Verification, Creation of Employee Identity Card, sharing information with the Government & Statutory Authorities like PF, ESI etc.

Nexval will not disclose, share, sell or rent an individual’s personal information to any third party.

Nexval uses a range of service providers and contractors to maximize the quality and efficiency of services & business operations (including internal business requirements). This means that third-party individuals and organizations may sometimes have access to personal information held by Nexval and may collect it from, process or use it on behalf of Nexval.

Nexval may be allowed service providers & the contractors to the establishments for limited Physical & Logical Access as and when the Company deem fit & proper in accordance with the relevant Security Policies and Procedures (such as Network Security, Logical Access Control, Physical Access Control etc.).

Personal information retention

Nexval receives information usually is not retained, but some of the information’s, which are kept by the Company will be destroyed or deleted after a reasonable period, when it becomes outdated or is no longer required. However, the Company needs to retain copies of information (which may include personal information) for internal record-keeping purposes and/or for compliance with applicable law or professional standards.

Usually, Nexval does not retain customer’s any information because the company used to provide the services through customer’s remote environment viz. Remote Citrix environment or Oracle system.

Security

Nexval has implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. We follow a network-wide security policy. Only authorized personnel are provided access to sensitive personal information (Logical & Physical access control policy) and these personnel have agreed to maintain confidentiality, security and integrity of this information.

While Nexval follows the standard industry practices and takes reasonable security measures to protect the personal information under our control, information may be disclosed through any unlawful or unauthorised access or regulatory environment and measures or interception of transmissions or private communications and other users and third parties may abuse or misuse an individual’s personal information. The Company disclaims all liability for error in transmissions and unauthorised access or interceptions, abuse or misuse by third parties and other users.

Nexval identified the following Fair Information Practices to protect PII

Collection Limitation —

Nexval follows principles that there should be limits to the collection of personal data and any such data should be obtained by lawful and fair means.

Data Quality —

Personal data are relevant to the purposes for which they are to be used and to the extent necessary for those purposes should be accurate, complete and kept up to date.

Purpose Specification —

Personal data are collected by Nexval for specific purpose, which have been mentioned during the time of data collection.

Use Limitation —

Personal data generally not been disclosed, made available or otherwise used for purposes other than those specified, except with the consent of the data subject or by the authority of law.

Security Safeguards —

Nexval protects Personal data by adequate or reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.

Openness —

The Company practices a general Policy of openness about developments, practices and policies in respect to personal data.

Accountability —

Each & Every data controller of the company is accountable for complying with measures which give effect to the principles stated above and/or as stated there service conditions.

References :

  • Information Classification Policy, procedure & standard
  • Physical Security Policy & Procedure
  • HR Procedure & Practices
  • Information Security Policies
  • Vendor Risk Management Policy