Data Protection Policy for G7CR Technologies

The purpose of this data protection policy is to establish and communicate the guidelines and standards for collecting, processing, storing, and sharing data to ensure the confidentiality, integrity, and availability of data handled by G7CR Technologies. The Policy is in line with the ISO 27001 standard of Information Security along with ISO 90001 and ISO 20000-1.

This ensures that the G7CR is not only committed to preserve the data of the clients and individuals but also to provide the best IT services.

This policy applies to all employees, contractors, and third-party service providers of G7CR Technologies who have access to data systems and infrastructures.

Collection: Data shall be collected lawfully, fairly, and transparently and only for valid purposes that are clearly explained to data subjects.

Classification: Data shall be categorized based on sensitivity and regulatory requirements (e.g., public, internal, confidential, and highly confidential).

Storage: Data must be stored on secure, Azure cloud-based services and other approved data storage technologies.

Encryption: Data must be encrypted at rest and in transit using industry-standard encryption technologies.

Access Controls: Implement role-based access controls (RBAC) to ensure that only authorized personnel have access to sensitive data.

Data must be used strictly for the purposes specified at the time of collection and in accordance with customer agreements and privacy laws.

Data may be shared with third parties only when necessary and under the protection of appropriate data processing agreements.

Data transfers across borders must comply with international data protection laws, such as GDPR for European data subjects.

Data shall be retained only for as long as necessary for the established purpose and in compliance with legal and regulatory requirements.

Secure disposal methods must be used to ensure that data is irrecoverably deleted when it is no longer needed.

Implement a comprehensive incident response plan to handle data breaches.

Mandatory breach notifications to the appropriate authorities and affected individuals must be made within the stipulated timelines as per applicable laws.

Regular training on data protection principles, the importance of securing data, and the specific roles and responsibilities of employees.

Awareness programs to keep data protection top of mind.

This policy shall be reviewed annually or following significant changes to business practices or regulatory environment.

Regular audits will be conducted to ensure compliance with this policy and to identify and mitigate risks.

Adherence to all applicable laws and regulations including India’s DPDP Act.

Ensure that all contractual obligations related to data protection in customer and vendor agreements are met.

For any queries: ciso@g7cr.com

Grievance office: divya.rajagopalan@g7cr.com

This policy is mandatory for all who access or manage company-held data. Compliance with this policy will be monitored and enforced by G7CR Technologies’ designated Chief Information Security Officer (CISO). Non-compliance will be addressed seriously and may result in disciplinary action. Also, there is one Grievance office who is responsible for taking any kind complaints and getting them resolved at the earliest.

By implementing this data protection policy, G7CR Technologies ensures that it not only complies with applicable data protection laws but also builds trust with customers and partners by responsibly managing and protecting data.