The Company is committed to complying with all applicable privacy and data protection laws. Any personal information the Company collects, regarding employees or any third party, will be treated with care, protected, and used lawfully and properly.
This Policy applies to employees, customers, business associates and others who share their personal information with the Company.
Personal information means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with the Company, is capable of identifying such person.
Sensitive personal data or information (SPD) means such personal information which consists of information relating to—
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to the Company for providing service;
(viii) any information received under above clauses by the Company for processing, stored or processed under lawful contract or otherwise:
Provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as SPD for the purposes of this Policy.
The Company shall collect SPD only if:
a. Prior consent is obtained in writing through letter / fax / e-mail from provider of SPD regarding purpose of usage of such information;
b. such information is considered necessary and is collected for lawful purpose connected with a function/activity of the Company;
c. Provider of information has knowledge of (a) purpose of collection of data (b) intended recipients of such information.
- SPD shall be retained only for the period required for the purposes for which the information may be lawfully used or is required under law.
- The Company shall permit provider of Personal information (as and requested) to review such information and ensure that inaccurate and deficient data is rectified/amended as feasible. The Company shall not be responsible for the authenticity of Personal information or SPD supplied by the provider of information.
- The Company shall provide an option to provider of such information, not to provide the data/information. The provider of information shall have the option to withdraw, in writing, the consent given earlier about the personal information to the Company.
- The Company shall have the option not to provide goods/services if the provider of information has not given his consent or withdrawn the consent given earlier.
- The Company shall take reasonable steps to keep Personal Information and SPD in a secure manner and shall not publish the same.
Disclosure of SPD to a third party shall require prior permission from provider of information.
Exceptions: (a) where such disclosure has been agreed to in the contract (b) disclosure is necessary for compliance of a legal obligation and (c) disclosure to Government agencies that are mandated under law for the purpose of prevention/detection/ investigation of offences.
- The Company will take reasonable steps to ensure that third Party who receives such SPD, shall not disclose it further to anyone.
- The Company may transfer Personal Information including SPD to a third party in or out of the country, if such transfer is necessary for the performance of the lawful contract between the Company and provider of information or where the provider has consented to such transfer, provided such third party has the same level of data protection as is adhered to by the Company.
- As with most websites, visit to the Company’s website or use of an application thereat may capture information such as IP address, time, date, referring URL, pages accessed and documents downloaded, type of browser and operating system. The Company website may contain links to or from other websites. The Company is not responsible for the privacy practices of other websites. This Policy applies only to the information the Company collects on its website.
- The Company will implement reasonable security and control measures to protect SPD and Personal information from loss, misuse, unauthorized access/disclosure, by adopting the security practices and procedures in accordance with applicable laws and rules, as well as Company’s “User and System Access Management Policy” and the “Network and Telecommunications Security Policy”.
- The Company reserves the right to review and modify the Policy at any time. Current version of this Policy is published on the Company’s website.
- Any grievances or queries with respect to the Policy or processing of SPD including Personal Information should be made to firstname.lastname@example.org, 3M India Ltd., Concorde Block, UB City, Vittal Mallya Road, Bangalore-560 001, India.