Personal Data Protection Policy
The purpose of this Personal Data Protection Policy is to protect all personal data collected, stored, processed and/or transferred by,Trigyn Technologies Limited and its subsidiaries (ìTrigynî) in accordance with internationally recognized standards for data protection in particular: General Data Protection Regulation (GDPR) effective 25th May, 2018.
To give people control over how their data is used and to protect ìfundamental rights and freedoms of natural personsî. 2. To collect, store, process and transfer personal data in a lawful manner. 3. Treatment of Personal Data is consistent throughout Trigyn entities and operations. 4. Transfer Personal Data to Trigyn entities and other enterprises that use this data in a manner consistent with the data privacy norms set at Trigyn.
This policy applies to the following individuals / entities under the Trigyn operations that collect, store and/or process personal data:
Trigyn shall ensure that Personal Data relating to natural persons including employees (current as well as former), suppliers and customers, are obtained and processed fairly, in accordance with the data subjectsí rights under Data Protection Laws and Regulations. Trigyn respects the privacy and is committed to promoting the responsible use of personal information and protecting individualís privacy rights.
Trigyn may collect, store, use and disclose information about data subjects which may constitute personal data (including sensitive personal data) as per GDPR ,for lawful, explicit and legitimate business and contractual purposes and for further processing of personal data consistent with those purposes. The personal data may be processed for purposes including, without limitation,
Trigyn shall obtain consent from the data subject willingly prior to collecting, storing and processing of personal data. Trigyn shall not utilize an individual's personal data beyond this scope without prior consent from the individual, and shall take measures to ensure that this principle is observed. An individual's personal data shall not be provided or otherwise disclosed to third parties other than Trigyn affiliates, investigators, or law enforcement personnel when consent has been obtained from the individual in question or when disclosure is legally mandated. To the extent permitted by applicable law, Trigyn may record and monitor electronic and voice communications to ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined above.
Trigyn takes prudent steps to safeguard the confidentiality and security of all personal data including taking procedural and organizational steps to protect personal data from accidental or unlawful destruction and disclosure. These steps include entering into written agreements with all its vendors, subcontractors who process personal data. Trigyn strives to protect personally identifiable information by using appropriate administrative, physical, and technical safeguards that it maintains or disseminates, so it is not obtained by unauthorized individuals or used in unauthorized ways.
Trigyn recognizes the right of data subjects at reasonable intervals to seek / request a copy of the personal data held in relation to them by Trigyn. If any personal data is found to be wrong, the individual concerned has the right to ask us to amend, update or delete it, as appropriate. In some circumstances individuals also have a right to object to the processing of their personal data as per the prevailing laws. If Trigyn undertake transactions or other services that involve the disclosure of personal data on behalf of any of its client or counterparty, it shall be the responsibility of such client or counterparty to ensure that they have all necessary authority to permit Trigyn to process and disclose the personal data accordingly. Privacy consent can be withdrawn easily and at any time by the data subject by informing the appropriate authority within Trigyn. The privacy data shall be deleted from the system based on evaluation of compliance with a legal obligation or business process and technologies available to erase individual data. Evaluation will be done by Trigynís Data Protection Officer.
Any personal data breach shall be reported to the concerned authorities. Measures shall be taken to mitigate and minimize the breach. All personnel of Trigyn handling personal data have a responsibility to report any data privacy breach related incidents in case of violation of the data protection policy.
This policy shall be reviewed periodically (at least once a year) and whenever necessitated by changes within Trigyn, to ensure the policyís appropriateness for the companyís business objectives.
Enforcement of this policy is mandatory & violations of this policy will be reported through the Breach Notification process and Information Security Council Team. The action taken after a violation is as follows:
Data subject refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity. In other words, a data subject is an end user whose personal data can be collected.
Personal Data means any information relating to a living individual who can be identified directly or indirectly by an identifier such as:
a name, identification number, image, location data, an online identifier.
one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Employee personal details like birth date, address, personal phone number.
personal email address, race, nationality, ethnicity, origin, colour, religious or political beliefs or associations, age, sex, sexual orientation, marital status, family status, identifying number, code, finger prints, blood type, inherited, characteristics, health care history including information on physical/mental.
disability, educational, financial, criminal, history. Photographs of employee and internal gatherings.
Lawful processing means that the activity is conducted in accordance with applicable national or international laws.
Specified purpose means being clear from the outset about why we are collecting personal data and are transparent about our purposes with the individuals concerned.
Accurate means that the data collected and stored are correct and their integrity is protected.
Adequate, relevant and not excessive means that data should be sufficient for the intended purpose and that we should not hold more data than necessary for that purpose.
Data Protection Laws and Regulations means, in the European Union, the General Data Protection Regulation(GDPR) 2016 / 679 and the national statutory legislation passed in each Member State implementing this Directive, as well as national law that exists outside the EU in each country.
European Union – means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.