Privacy Policy
Compliance to the data privacy policy shall be reviewed on an annual basis by Privacy Review Team
(refer Annexure 2 of ‘Data Privacy Annexures’ document) to ensure continuous compliance
monitoring through the implementation of compliance measurements and periodic review processes.
For proactive detection of data breaches, please refer breach management policy.
In cases where non-compliance is identified, the Data Privacy officer shall review the reasons for such
non-compliance along with a plan for remediation and report them to Privacy Review Team.
Depending on the conclusions of the review, need for a revision to the policy may be identified. In
instances of persistent non-compliance by the individuals concerned, they shall be subject to action
in accordance with the TSL Disciplinary Policy.
1.5. Data Privacy Principles
This Policy describes generally acceptable privacy principles (GAPP) for the protection and appropriate
use of personal information at TSL. These principles shall govern the use, collection, disposal and
transfer of personal information, except as specifically provided by this Policy or as required by
applicable laws:
longer than is necessary to fulfil the purposes for which it was collected and to maintain
reasonable business records. TSL shall dispose the personal information once it has served its
intended purpose or as specified by the data subject.
•
Access:
TSL shall allow data subjects to make inquiries regarding the personal information about
them, that TSL shall hold and, when appropriate, shall provide access to their personal
information for review, and/or update.
• Disclosure to Third Parties: TSL shall disclose personal information to Third Parties / partner
firms only for purposes identified in the privacy notice / SoW / contract agreements.
TSL shall
disclose personal information in a secure manner, with assurances of protection by those parties,
according to the contracts, laws and other segments, and, where needed, with consent of the
data subject.
•
Obligations for Sub-processor:
Where a processor (vendor or 3rd party acting on behalf of TSL’s
data processor) engages another processor (Sub-processor) for carrying out specific processing
activities on behalf of TSL (controller), the same data protection obligations as set out in the
contract or other legal act between TSL and the processor shall be imposed on the Sub-processor
by way of a contract or other legal act under Union or Member State law, in particular providing
sufficient guarantees to implement appropriate technical and organisational measures in such a
manner that the processing will meet the requirements of GDPR. Where the Sub-processor fails
to fulfil its data protection obligations, the initial processor (relevant vendor or 3rd party acting
on behalf of TSL’s data processor) shall remain fully liable to TSL for the performance of that Subprocessor's obligations.
•
Security for Privacy:
TSL shall protect personal information from unauthorized access, data
leakage and misuse.
• Quality: TSL shall take steps to ensure that personal information in its records is accurate and
relevant to the purposes for which it was collected.
• Monitoring and Enforcement: TSL shall monitor compliance with its privacy policies, both
internally and with Third Parties, and establish the processes to address inquiries, complaints
and disputes