Data Protection Policy

Introduction

Data Privacy and Security is important to all of us. Indev Consultancy Pvt Ltd (Indev) being a company working in the IT sector, considers Data Security and Privacy with highest priority.We present our Data Protection Policy under the following sections.

Physical Access and Data

• Physical access to the server rooms/areas shall completely be controlled and servers are secure area with lock and key.
• Access to the servers is restricted only to designated Systems and Operations Personnel. If any other person wants to work on the servers then he/she shall be able to connect to the servers only through Remote Desktop Connection with a Restricted User Account.
• Critical backup media are kept in a fireproof off-site location in a vault.
• A list of personnel with authorized access to the facilities where information systems reside shall be maintained with appropriate authorization credentials. The access list and authorization credentials shall be reviewed and approved by authorized personnel periodically.
• Physical access to the Data Systems are monitored to detect and respond to physical security incidents.
• Information systems are protected from power failure and other disruptions caused by a failure in supporting utilities.
• Automated mechanisms to recognize potential intrusion are employed to initiate appropriate response actions
• Physical access to the information systems are granted only after authenticating visitors before authorizing access to the facility where the information systems reside other than areas designated as “publicly accessible”.
• The access records of the visitors shall be maintained. Visitors are be escorted by the designated personnel and their activities, if required, shall be monitored.
• Systems Personnel shall examine laptops of visitors for the latest anti-virus definition, latest patches and updates, and any sort of vulnerability which could be harmful to the network.
• Any user who needs to connect to the external network for official work shall be able to do so after an official sanction from the Management and Security Team. This team shall evaluate security risks before issuing any sanction.
• A record of all physical accesses by both visitors and authorized individuals are maintained.

All policies stated above shall be monitored for any changes from time to time in accordance to the contextual situation.

Database Management

Indev team ensure the data security in an integrated manner with following aspects will be taken care.

• Sensitive data are kept in an encrypted manner in the database. Indev works with the Clients to define attributes to be encrypted.

Mobile Device and Transaction Management

• Token based authentication are done while transferring the data from mobile device to the server. The token validity will be for 30 seconds.
• IMEI based authentication are done in the mobile application. This will not allow the unauthenticated user to access the application.
• If necessary, the data from the mobile devices can be deleted by doing necessary changes of the user profile in the server. This can be activated while the application comes to network and tries to access the application – in case of any theft or loss of mobile device.
• Images are stored in table thus making it further secure.
• All transaction will be done in secure connection. The API will not work in insecure connection.
• Top 10 OWASP security vulnerabilities are addressed.

Website Management

We believe in privacy of personal data collected while browsing the data. Our web servers provide analytics and performance enhancement services.

This information is aggregated to measure the number of visits, average time spent on the site, pages viewed and similar information. Indev uses this information to measure the site usage, improve content and to ensure safety and security as well as enhance performance and user experience of the website. In required situations, the user required to register to access an authenticated area of the website. All details collected are kept as secure.

Indev uses cookies (small text files placed on your device) and similar technologies to facilitate proper functioning of our websites and to help collect data: please read here our full cookie policy. Please note that our websites may include links to websites of third parties whose privacy practices differ from those of INDEV; if you provide personal data to any of those websites, your data is governed by their privacy statements.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Storage and Retention Policy

We retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal data are available in our retention policy upon request from our Data Protection Officers. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

How to contact us

If you have a privacy concern, complaint or a question regarding this privacy statement, please direct it to the Chief Privacy Officer of Indev Consultancy Pvt. Ltd. at contact@indevconsultancy.com or contact us through the “Contact us” form on our website.

For the purposes of the data processed under this statement, the controller or business/service provider for the data processing of your personal data collected through our websites is Indev Consultancy Pvt. Ltd., Plot No-42, Vikas Plaza, Third Floor, Kalkaji, New Delhi-110019, India. For all the other purposes indicated above, the controller or business/service provider is the same entity unless indicated otherwise in other privacy statement communicated in each situation.

We have appointed Data Protection Officers (DPOs) to oversee compliance of Indev with applicable data protection laws and privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO.