Maruti Suzuki India Limited
Data Provider Consent Policy
1. Introduction
- This policy is drawn by Maruti Suzuki India Limited (hereinafter referred to as MSIL) and creates the framework to set standards for gaining consent from the data providers. The policy is based on the general legal and ethical principle that valid consent must be obtained from the data providers. This principle reflects the rights of the data providers.
- The data provider’s consent is the legal/statutory requirements under Rule 5(1) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 made under the Information Technology Act, 2000. As per the said rule, it is legitimate for MSIL to obtain consent in writing through letter or fax or email from the data provider of the sensitive personal data or information regarding purpose of usage, before collection of such information. Data providers can ask MSIL to release data about themselves at any time. MSIL has informed the data providers that they will be sharing personal data with the third parties for the purpose of carrying out their essential business functions.
2. Definitions
- Data means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
- Information includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer-generated micro fiche.
- Cyber incidents mean any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorized access, denial of service or disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.
- Data Subject/Provider: Data Subject/Providers means and includes the employees, managements, contractors, agents, subsidiaries, affiliates, staffs, clients, business partners and users of the computer resources of MSIL.
- Disclosure means the release, transfer, provision of access to, or divulging of information in any manner (verbally or in writing) by MSIL to persons who are not MSIL employees, affiliates or to any other person or entity outside of MSIL.
- Personal information means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
-
Sensitive personal information (SPI): Sensitive personal data or information of a person means such personal information which consists of information relating to:
- Password;
- Financial information such as Bank account or credit card or debit card or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Any detail relating to the above clauses as provided to MSIL for providing service; and
- Any of the information received under above clauses by MSIL for processing, stored or processed under lawful contract or otherwise.
3. Purpose
The purpose of this Policy is to ensure that sensitive data and information of data providers are adequately protected and maintained and that providers of such data have given their consent to the purpose of usage of such data, prior to the collection of such data and information.
4. Applicability
This policy applies to all staff members, contractors, agents, shareholders, affiliates, clients, customers, business partners, dealers, sub-dealers, prospective employees and present employees, who provide their sensitive personal data and information to MSIL and all its direct predecessor organizations or bodies.
5. Data collection method(s)
MSIL collects the data and information, either personal or sensitive, from the present and prospective employees, contractors, agents, affiliates, clients, business partners dealers, sub- dealers and other entities through various methods.
6. Information provided by legal entities including customers
During the course of business relations or interaction with MSIL, legal entities including customers often provide information (a) about themselves, their legal status, contact details, phone numbers, emails. Bank account details, PAN No details, bank/wire transfer details (b) personal information and/or sensitive personal data or information or (c) to submit questions about MSIL service. If a person submits a question about MSIL service, he/she will be asked to provide his/her name, telephone number, and e-mail address.
7. Suppliers, Employee and Contract Workers and Others
In order to ensure that MSIL has adequate resources to conduct its business, it may often need to acquire supplies and additional casual labour. To properly pay for these supplies and services, MSIL is required to collect financial information such as banking details and home contact information from service providers. Additionally, the collection of contact information will permit MSIL to maintain a list of suppliers to fill vacancies or to perform similar tasks in the future as such opportunities arise. MSIL also obtains the personal information from its employees and also the prospective employees who are willing to work with it.
8. General Public
In order to ensure a high quality of staffing as vacancies arise, MSIL will solicit applications from qualified individuals. Although not requested by MSIL, candidates will often supply personal information such as birth dates, citizenship, educational background and community involvement and other sensitive personal information as defined above. In order to ensure the safety and security of its staff and of visitors to its facility, MSIL utilizes Closed-Circuit Cameras in its premises. The data obtained from these cameras is recorded and is used for security, monitoring and other related purposes.
9. Information provided by customers about others
In providing personal information about other individuals (such as someone in whose name one is registering the car/other products of MSIL), one represents that one has notified them of the purposes for which the information will be used, the recipients of the information, and how they can access and correct the information, and that one has obtained their consent. MSIL processes personal data about its employees etc., its clients and suppliers, customers, Contract Workers and other individuals, including former employees, for a number of business purposes, including, but not limited to:
- Scheduling
- Recruitment
- Personnel management
- Payroll and accounting
- Business and market development
- Building and managing external relationships
- Research and development
- Technology infrastructure
- Other purposes required by law or regulation
10. Sources used
MSIL primarily collects personal information directly by requesting that one completes forms or questionnaires, and also in connection with provision of services to one at one’s request. MSIL may also collect information regarding one’s internet protocol address, browser type, domain name and access time. MSIL collects the data and information, either personal or sensitive, through various sources such as emails, logs, website visiting and hard copy and other sources.
11. Use of Information
None of the data or information, either sensitive or personal, collected shall be used for any other purpose than the purposes outlined in the data collection policy.
12. Data retention
As a general rule, data or information, either sensitive or personal, shall be retained for a minimum period outlined in the data retention policy.
13. Accessing, Correcting and Updating Information
One is required to correct any erroneous or out-of-date information concerning oneself. One can access the information one provides, correct it, and update it.
14. Choice
MSIL will offer individuals the opportunity to choose whether their personal information is (1) disclosed to a third-party, or (2) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, MSIL will give individuals the opportunity to affirmatively consent to the disclosure of the information to a third-party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
15. Withdrawal of Consent
MSIL discloses one’s information to third parties with one’s prior consent; one have the right to give one’s consent for the use and storage of personal information, and to revoke consent at any time.
16. Confidentiality
One’s sensitive personal data or information will be treated as confidential. However, any data obtained as a result of oneself obtaining the services of or for jobs with MSIL may be inspected by the relevant stipulated legal authorities under the Information Technology Act, 2000 and rules and regulations made thereunder, and in case of any lawful order or legal requirements by any relevant governmental agency, provided that such legal authorities are legally obligated to protect any identifiable information from public disclosure, except where disclosure is otherwise required by law or a court of competent jurisdiction. These records will be kept private in so far as permitted by law.
17. Security
The security of one’s personal information is important to MSIL. MSIL provides a framework to establish processes and procedures to protect sensitive personal data and information against security threats, whether accidental or deliberate, external or internal; to ensure confidentiality, integrity and availability of data; and minimize the impact of security incidents. The security team works closely with the senior management team of MSIL to develop the high level policies and for their continuous conformant and enforcement.
- The data providers have read the present consent policy and are free to ask any questions and MSIL questions have been answered to its satisfaction.
- The data providers are over 18 years of age and, exercising free power of choice, hereby give consent in relation to their sensitive personal data and information which have been provided to MSIL.
- The data providers acknowledge that they have read and understood the consent policy and the information provided to them.
- The data providers acknowledge that they have also read and understood the data collection policy, which clearly contains how and from where and from whom MSIL collects the data.
- The consent document has been explained to the data providers.
- The data providers acknowledge that they have been advised about the risks associated with data.
- The data providers acknowledge that they are aware of the fact that they can opt out of data at any time without having to give any reason.
- The data providers acknowledge that they hereby give permission to MSIL to release the information obtained from them as a result of their visiting of the website of MSIL or the service obtained by them or by filling the form for a job, or during the course of any business.
18. Authorization
Data providers have read and understand this consent policy, and voluntarily agree to provide their sensitive personal information.