1 | P a g e

Applies to:

All employees of the Company, including Permanent, Probationers, Temporary,

Contractual & on FTE(Fixed Term employment)

Policy No.

Policy 032

Effective Date of

this Version:

Nov,2022

Policy

Version

V. 1.0

Original Effective

Date:

Nov, 2022

Data Privacy Policy

Prepared by:

Name/Designation

Reviewed by:

Name/Designation

Approved by

Name/Designation

Honey Heera

Mgr (IT & Infosec)

Ajay Sirohi

(CHRO)

Arvind Sirohi

(MD)

Policy Revision History

Policy Revised on

Version No.

Description

Nov,2022

V.1.0

New Policy

Data Privacy Policy

2 | P a g e

DATA PRIVACY POLICY

3 | P a g e

Purpose

The purpose of this policy is to maintain the privacy of and protect the personal information of

employees, vendors, customers/clients and business partners of Jaguar Security Services Pvt. Ltd.

and ensure compliance with the laws and regulations applicable.

Scope

This policy applies to all Jaguar Security employees, vendors, customers/clients and business

partners who may receive personal information, have access to personal information collected

or processed, or who provide information to Jaguar Security, regardless of geographic location.

All employees of Jaguar Security are expected to support the privacy policy and principles when

they collect and/or handle personal information, or are involved in the process of maintaining or

disposing of personal information. This policy provides the information to successfully meet the

organization’s commitment towards data privacy.

All partner companies and any Third-Party working with or for Jaguar Security, and who have or

may have access to personal information, will be expected to have read, understand and comply

with this policy. No Third Party may access personal information held by the organization without

having first entered into a confidentiality/non-disclosure agreement.

Responsibilities

The owner of the Data Privacy Policy shall be the Data Privacy Officer (CHRO) of the Company,

who shall be assisted by the Privacy Coordinators viz. Manager IT & Infosec and DGM HR at the

Head Office. Together, the above personnel will comprise the Privacy Review Team of Jaguar

Security.

Policy Compliance

Compliance with the data privacy policy shall be reviewed on an annual basis by Privacy Review

Team to ensure continuous compliance. In cases where non-compliance is identified, the Data

Privacy Officer shall review the reasons for such non-compliance along with a plan for

remediation. Depending on the conclusions of the review, the need for a revision to the policy

may be identified. In instances of persistent non-compliance by the individuals concerned, they

shall be subject to action under the Jaguar Security Disciplinary Policy.

Data Privacy Principles

This Policy describes generally accepted privacy principles for the protection and appropriate use

of personal information at Jaguar Security. These principles shall govern the use, collection,

disposal, and transfer of personal information, except as specifically provided by this Policy or as

required by applicable laws:

 Notice: Jaguar Security shall provide data subjects with a notice about how it collects, uses,

retains and discloses personal information about them.

4 | P a g e

 Consent: Jaguar Security shall obtain consent regarding collection and use personal

information of data subjects.

 Rights of Data subject: Jaguar Security shall provide individuals with the right to object to

certain uses of their information and withdrawal of earlier given consent to the notice.

 Collection: Jaguar Security shall collect personal information from data subjects only for the

purposes identified in the privacy notice / SoW/contract agreements and only to provide the

requested product or service.

 Use, Retention and Disposal: Jaguar Security shall not retain personal information longer

than is necessary to fulfill the purposes for which it was collected and to maintain reasonable

business records. Jaguar Security shall dispose of the personal information once it has served

its intended purpose.

 Access: Jaguar Security shall allow data subjects to make inquiries regarding the personal

information about them, that Jaguar Security shall hold.

 Disclosure to Third Parties: Jaguar Security shall disclose personal information to Third

Parties/partner companies only for purposes identified in the privacy notice / SoW/contract

agreements. Jaguar Security shall securely disclose personal information, with assurances of

protection by those parties, according to the contracts, laws and other segments.

 Security for Privacy: Jaguar Security shall protect personal information from unauthorized

access, data leakage and misuse.

 Quality: Jaguar Security shall take steps to ensure that personal information in its records is

accurate and relevant to the purposes for which it was collected.

 Monitoring and Enforcement: Jaguar Security shall monitor compliance with its privacy

policies.

Notice

Notice shall be made readily accessible and available to data subjects before or at the time of

collection of personal information or otherwise, notice shall be provided as soon as practical

thereafter. Notice shall be displayed clearly and conspicuously and shall be provided online (e.g.

by posting it on the intranet portal, website, sending emails, newsletters, etc.) and/or offline

methods (e.g. through letter, posts, couriers, etc.). All the websites (including Intranet portals),

and any product or service that collects personal information internally, shall have a privacy

notice.

Privacy notices may include:

 The purpose of collecting personal information;

 Assurance that the personal information will be used only for the purpose identified in the

notice;

 Collection process and how the information is collected; how the information is used including

any onward transfer to Third-Parties;

 Assurance that the personal information is to be retained only as long as necessary to fulfill

the stated purposes, or for a period specifically required by law or regulation and will be

disposed of securely or made anonymous post the identified purpose is completed;

5 | P a g e

 Disclosure process for Third Parties; the assurance that the personal information is disclosed

to Third Parties only for the purpose identified;

 Security measures in place to protect personal information; ways of maintaining the quality

of personal information;

Consent

Consent refers to their agreement to the collection and uses of data and shall include:

 The consent shall be obtained (in writing or electronically) from the data subjects before or

at the time of collecting personal information or as soon as practical thereafter.

 The data subject shall be notified if the data collected is used for marketing purposes,

advertisements, etc.

 Jaguar Security shall review the privacy policies of the Third Parties and types of consent of

Third Parties before accepting personal information from Third-Party data sources.

Collection of Personal Information

Personal information may be collected online or offline. Regardless of the collection method, the

same privacy protection shall apply to all personal information.

 Personal information shall not be collected unless either of the following is fulfilled:

 The data subject has provided valid, informed and free consent;

 Processing is necessary for the performance of a contract to which the data subject

is a party or in order to take steps at the request of the data subject prior to entering into a

contract;

 Processing is necessary for compliance with the organizations legal obligation;

 Processing is necessary in order to protect the vital interests of the data subject; or

 Processing is necessary for the performance of a task carried out in the public

interest

 Data subjects shall not be required to provide more personal information than is necessary

for the provision of the product or service that the data subject has requested or authorized. If

any data not needed for providing a service or product is requested, such fields shall be clearly

labeled as optional. Collection of personal information shall be avoided or limited when

reasonably possible.

 When using vendors to collect personal information on the behalf of Jaguar Security, it shall

ensure that the vendors comply with the privacy requirements of Jaguar Security as defined in

this Policy.

 Jaguar Security shall at minimum, annually review and monitor the information collected.

 Jaguar Security shall review the privacy policies and collection methods of Third-Parties

before accepting personal information from Third-Party data sources.

Use, Retention and Disposal

 Personal information may only be used for the purposes identified in the notice/

SoW/contract agreements and only if the data subject has given consent;

6 | P a g e

 Personal information shall be retained for as long as necessary for business purposes

identified in the notice/SoW/contract agreements at the time of collection or subsequently

authorized by the data subjects.

 Personal information shall be erased if their storage violates any of the data protection rules

or if knowledge of the data is no longer required by Jaguar Security or for the benefit of the

data subject. Additionally, Jaguar Security has the right to retain the personnel information for

legal and regulatory purposes, as applicable.

Access

 Data subjects shall be entitled to obtain the details about their personal information upon a

request made and outlined in writing. Jaguar Security shall provide its response to a request

within 72 hours of receipt of the written request.

 The data subjects shall have the right to require Jaguar Security to correct or supplement

erroneous, misleading, outdated, or incomplete personal information.

 The privacy coordinators shall record and document each access request as it is received

and the corresponding action taken.

 Jaguar Security shall provide personal information to the data subjects in a plain simple

format which is understandable (not in any code format).

Disclosure to Third Parties

Data Subject shall be informed in the privacy notice/ SoW/contract agreement if personal

information shall be disclosed to Third Parties/partner firms, and it shall be disclosed only for the

purposes described in the privacy notice / SoW/contract agreements and for which the data

subject has provided consent.

 Personal information of data subjects may be disclosed to the Third Parties/partner firms

only for reasons consistent with the purposes identified in the notice/ SoW/contract

agreements or other purposes authorised by law.

 The Third Parties shall sign an NDA (Non-Disclosure Agreement) with Jaguar Security before

any personal information is disclosed to the Third Parties.

Security

Information security policy and procedures shall be documented and implemented to ensure

reasonable security for personal information collected, stored, used, transferred and disposed of

by Jaguar Security.

 Jaguar Security shall establish procedures that maintain the logical and physical security of

personal information.

 Incident response protocols are established and maintained to deal with incidents

concerning personal data or privacy practices.

 Individuals noticing or becoming aware of any breach of personal data shall notify the DPO

(by emailing info@jaguarsecurity.in).

7 | P a g e

Quality

Jaguar Security shall maintain data integrity and quality, as appropriate for the intended purpose

of personal data collection and use and ensure data is reliable, accurate, complete and current.

 For this purpose, the data privacy officer and privacy coordinators shall ensure that the

personal information collected is accurate and complete for the business purposes for which it

is to be used.

 Jaguar Security shall perform an annual assessment of the personal information collected to

check for accuracy, completeness and relevance of the personal information.

Monitoring and Dispute Resolution

 Jaguar Security shall perform an annual review of all the complaints related to data privacy

to ensure that all the complaints were resolved in a timely manner and resolutions are

documented and communicated.

 Employees with inquiries or complaints about the processing of their personal information

shall first discuss the matter with their immediate supervisor. If the employee does not wish to

raise an inquiry or complaint with an immediate manager, or if the manager and employee are

unable to reach a satisfactory resolution of the issues raised, the employee shall bring the issue

to the attention of the Data Privacy Officer. (info@jaguarsecurity.in)

 Third-Party with inquiries or complaints about the processing of their personal information

shall bring the matter to the attention of the DPO in writing (info@jaguarsecurity.in). Any

disputes concerning the processing of the personal information of non-employees shall be

resolved through arbitration.

Review

This policy shall be reviewed for updates on an annual basis. Additionally, the data privacy policy

shall be updated in line with any major changes within the organisation’s operating environment

or on recommendations provided by internal/ external auditors or major policy changes

promulgated by the government. Any changes made to the policies shall be communicated to

all the employees, the stakeholders and the customers/clients.