Our Privacy Policies
A privacy policy is a statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.
The exact contents of a certain privacy policy will depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions. Most countries have their own legislation and guidelines of who is covered, what information can be collected, and what it can be used for. In general, data protection laws in Europe cover the private sector, as well as the public sector. Their privacy laws apply not only to government operations but also to private enterprises and commercial transactions.
The Information Technology (Amendment) Act, 2008 made significant changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a corporate body is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person. This applies when a corporate body possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates.
In 2011, the Government of India prescribed the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 by publishing it in the Official Gazette. These rules require a body corporate to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information. Such a privacy policy should consist of the following information in accordance with the rules:
- Clear and easily accessible statements of its practices and policies.
- Type of personal or sensitive personal data or information collected.
- Purpose of collection and usage of such information.
- Disclosure of information including sensitive personal data or information.
- Reasonable security practices and procedures.
- The privacy policy should be published on the website of the body corporate, and be made available for view by providers of information who have provided personal information under lawful contract.