Introduction

Vandey Consultancy Services Pvt. Ltd. is a premier provider of employment solutions, catering to Global clients. As our operations extend globally, Vandey is deeply committed to upholding the privacy rights of individuals and adhering to the General Data Protection Regulation (GDPR) standards. This commitment ensures that personal data handled by Vandey is processed with the highest level of care, fostering trust with our clients, employees, and business partners.

 

Scope of GDPR:

• • Any HR services company offering services to clients within India and internationally, irrespective of where the company is located.

• • Personal data of employees, clients, and job candidates collected, processed, and stored by the company.

 

This document defines Vandey’s policies and procedures for GDPR compliance. It applies to all aspects of Vandey’s operations involving the collection, processing, storage, and sharing of personal data of individuals

 

Key Definitions:

• • Personal Data: Any information related to an identified or identifiable natural person.

• • Data Controller: Vandey, determines the purposes and methods for processing personal data.

• • Data Processor: Any third-party entity engaged by Vandey to process personal data.

• • Data Subject: An individual whose personal data is being processed.

• Processing: Any operation performed on personal data, such as collection, organization, storage, and sharing.

 Principles of Data Processing:

Vandey adheres to the GDPR principles to ensure:

• • Lawfulness, Fairness, and Transparency: All personal data processing is lawful and conducted transparently.

• • Purpose Limitation: Data is collected strictly for defined and legitimate business purposes, such as talent acquisition and payroll processing.

• • Data Minimization: Only the minimum data required for the intended purpose is collected.

• • Accuracy: Vandey maintains accurate and updated records to serve clients effectively.

• • Storage Limitation: Data is retained only as long as necessary for operational and legal purposes.

 

• Integrity and Confidentiality: Advanced security measures protect data against unauthorized access, alteration, or loss.

Legal Basis for Data Processing:

Vandey processes personal data based on the following legal grounds:

• • Explicit consent was obtained from the data subject.

• • The necessity for fulfilling employment contracts or client agreements.

• • Compliance with applicable legal and regulatory obligations.

• • Legitimate business interests that do not infringe on data subject’s rights.

 

Data Subject Rights:

Vandey is dedicated to respecting and fulfilling the rights of data subjects, which include:

• • Right to Access: Providing access to personal data upon request.

• • Right to Rectification: Ensuring data accuracy through corrections.

• • Right to Erasure: Deleting personal data on request, where applicable.

• • Right to Restriction of Processing: Limiting processing in specific circumstances.

• • Right to Data Portability: Facilitating the transfer of data to other service providers.

• • Right to Object: Allowing individuals to object to certain types of processing.

• • Right to Withdraw Consent: Enabling data subjects to revoke consent at any time.

How Vandey keeps Data secured:

At Vandey, we ensure data safety and integrity through the exclusive use of cloud storage solutions. Vandey’s reliance on cloud storage provides robust protection against data loss, unauthorized access, and hardware failures.

In addition to leveraging cloud storage, Vandey implements the following measures:

• • Technical Safeguards:
    • Encryption of sensitive personal data.
    • Role-based access controls for employees and Clients/Partners.
    • Regular security audits and updates.

• • Organizational Safeguards:
    • Comprehensive employee training on data protection standards.
    • Appointment of a Data Protection Officer (DPO) to oversee compliance.
    •  
    • Strict vendor agreements ensuring third-party compliance with GDPR.

 

Data Breach Management:

a) Vandey’s proactive data breach management policy ensures:

• • Immediate identification and containment of breaches.

• • Timely notification to supervisory authorities and affected individuals when required.

• • Implementation of corrective actions to prevent recurrence.

b) Data Breach Notification (In case of a personal data breach):

• • Notify the relevant DPA within 72 hours of becoming aware of the breach.

• • Inform affected individuals if the breach poses a high risk to their rights and freedoms.

c) Incident Response Plan: Vandey has developed a response plan that includes:

• • Immediate containment and investigation procedures.

• • Documentation of the breach and its impact.

• • Communication protocols with the DPA and affected individuals.

• • The data breach response plan is circulated to all employees to ensure readiness and consistent application in case of a breach. This promotes awareness and empowers employees to act swiftly and responsibly.

 

Data Transfers:

To facilitate seamless global operations, Vandey implements:

• • Robust measures for secure cross-border data transfers.

• • Regular audits of international processing activities.

 

Record-Keeping and Accountability:

Vandey’s commitment to accountability includes:

• • Comprehensive records of data processing activities.

• • Regular assessments of data protection measures.

• • Transparent documentation available for review by regulatory authorities.

 

Vandey’s Commitment towards GDPR:

At Vandey, we are dedicated to ensuring the highest standards of data protection and privacy in compliance with the General Data Protection Regulation (GDPR). Our commitment includes the following key measures:

 

1. 1. ISO 27001 Certification: We are ISO 27001 certified, which demonstrates our commitment to establishing, implementing, and maintaining an Information Security Management System (ISMS). This certification ensures that we have implemented robust security measures to protect personal data and manage information security risks effectively.

1. 1. ISO 9001:2015 Certification: We are also ISO 9001:2015 certified, which reflects our commitment to quality management and continuous improvement. This certification ensures that our processes are efficient and that we are consistently meeting the needs and expectations of our clients while complying with applicable regulatory requirements, including GDPR.

Through these certifications, Vandey is dedicated to maintaining a high level of data protection and continuously improving our practices to safeguard personal data in accordance with GDPR requirements.

 

Contact Information:

For GDPR-related inquiries or concerns, please contact Vandey-

• • Email: IT@vandey.in

• • Address: #314, Level III Prestige Center Point, Cunningham Road, Bangalore 560052, India 

• • Phone: +91 8296259993, (O):+91 80 43728176