Data Privacy and Data Protection Policy

This Data Privacy and Data Protection Policy outlines the principles and procedures for protecting the privacy and ensuring the responsible handling of personal information by Legistify Services private limited.

All employees, contractors, and third-party partners are required to adhere to this policy to uphold the organization's commitment to data privacy.

This policy applies to all personal information collected, processed, stored, and transmitted by Legistify Services private limited, regardless of the format in which it is stored.

The policy applies to all employees, contractors, and third-party partners who have access to personal information.

Personal information will be processed in accordance with the following principles:

All processing of personal information must have a lawful basis, and individuals will be informed of the purposes for which their data is being collected.

Personal information will only be collected for specified, explicit, and legitimate purposes.

Individuals will be provided with clear and concise information about the collection and processing of their data, and their consent will be obtained before processing, where applicable.

Consent may be withdrawn at any time, and individuals will be informed of the consequences of withdrawing consent.

Appropriate technical and organizational measures will be implemented to ensure the security of personal information.

Access controls, encryption, and regular security assessments will be employed to protect personal data from unauthorized access, disclosure, alteration, and destruction.

Personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected.

Retention periods will be defined based on legal, regulatory, and business requirements.

Personal information that is no longer required will be securely disposed of using methods that prevent unauthorised access.

Individuals have the right to access, rectify, erase, restrict processing, and receive their personal information.

Requests from data subjects to exercise their rights will be promptly addressed in accordance with applicable laws.

A Data Breach Response Plan will be in place to detect, assess, and respond to any security incidents involving personal information.

Data breaches will be promptly reported to the appropriate authorities and affected individuals, as required by law.

DPIAs will be conducted for high-risk processing activities to assess and mitigate the impact on data subjects' privacy.

DPIAs will involve consultation with relevant stakeholders, including data protection authorities where necessary.

Third-party processors engaged to handle personal information on behalf of Legistify Services private limited must adhere to this policy and relevant data protection laws.

Contracts with third parties will include data protection clauses and provisions for auditing their compliance.

All employees will receive training on data protection principles, the organization's policies, and their role in ensuring compliance.

Regular awareness programs will be conducted to keep employees informed about the importance of data privacy.

This policy will be reviewed and updated at least annually or as needed to address changes in the organization's structure, technology, or regulations.

Compliance with this policy will be monitored through regular audits and assessments.

Violations of this Data Privacy and Data Protection Policy may result in disciplinary action, including termination of employment or legal action.

Employees are encouraged to report any breaches or violations promptly and may do so without fear of retaliation.