We at ELGI respect the privacy of every person and company; we give great importance towards the protection of your data collected by us. We want you to feel secure while we have your data with us.
We secure the data with good technical mechanisms, proper data management policies and applicable laws. We ensure that the data are not into unauthorized access and unlawful disclosures.
This privacy policy is adopted by ELGI and its subsidiaries globally.
(ELGI and its subsidiaries are also referred as “WE” in this policy)
This policy will enable you to know:-
- What type of data do we collect?
- For which purpose do we collect/process data?
- What type of security is given at ELGI and its subsidiaries?
- Where your data could be processed?
- Will your data be disclosed/shared with any third parties?
- How long will we preserve your data?
- What rights do you have with regard to data processing?
- How can you deal with any inconvenience?
- How to manage Data Breach?
- How are the disputes resolved?
- What kind of Internet Privacy we assure?
- Who can effect changes to this policy?
- How to contact us?
- When was this policy last updated?
The categories of personal data that ELGi processes about you for the purposes described herein are:
ELGi generally collects personal data directly from you (electronically, in writing) by way of, among others, website forms and messages you address to us. You may also provide new, or updated or correctedpersonal data to ELGi from timeto time. Personal data we process may include the following:
1.1 Personal details, such as name, contact details including address, mobile/telephone number, company/employer, e-mail address;
1.2 Other customer details, such as username, password, fax number, job title/function, contact person, tax number, ELGi account number,
1.3 Other employee details, such as photos, nationality, date of birth, age, gender, national identification number, employee identification number, online identifier, username and password, family status, information about dependents, beneficiary and emergency contact information, experience and qualifications, job-related details (e.g. letters of offer and acceptance, employment contract), participation in compliance trainings, payroll and benefit information (such as salary and wage, banking details, bonus, benefits including for dependents), and where not prohibited by laws, information about recent travel destinations for leisure, only to the extent necessary to determine whether you have visited zones with significant health risks such as the risk of contracting a contagious disease.
1.4 Other supplier or partner details, such as invoice data, including invoice mailing address, contact name, bank account details, description of work or scope of services and associated information made available for the payment of invoices.
1.5 Customer preferences, such as product preferences or interest, purchase history,distribution channel used, financial information;
1.6 Your enquiries and our responses, which may contain personal data;
1.7 Transaction data, such as when you purchase a product or service from us;
1.8 Customer service, warranty or other claims.
ELGi collects certain personal data directly from your device, when you visit our website:
2.1 Device and browser information: We may collect information about your computer and/or device, including device type, IP address, Internet Service Provider, device identifier, and operating system.
2.2 Location data: If you have enabled access to your location on your mobile device, we may collect location information, including precise and imprecise location derived from your IP address.
2.3 Information and statistics on site usage: We use cookies to collect information about your use of our website, including content viewed or downloaded, time spent on pages, links clicked, features used, and dates and times of interactions.
For further details concerning the above, including how to disable these technologies, please see our cookie policy.
3.1 ELGi collects certain personal data directly from third parties who provide services to ELGi or carry them out on our behalf, such as payment services providers or website management providers.
3.2 In certain cases, ELGi receives personal data from third parties who provide services to ELGi for the purposes described below. Such parties include social networks that you use to connect with us, such as LinkedIn. We may also receive data from third party service providers such as recruiters who may send us candidates’ profiles and data, or providers who perform personality tests on candidates.
Providing personal data is under your voluntary knowledge and there is no compulsion and under legal requirements some data shall be requested. If you are not able to provide certain data, then you may not be able to use some systems which require such data.
In case you are giving us data of any other person/s as reference, then it’s your responsibility to make them aware about providing their information to ELGI and its subsidiaries.
1. ELGi processes your personal data, in accordance with applicable law, for the following purposes:
- 1.1 performing our contract with you, for instance by providing our goods and services to you;
- 1.2 enabling our distributors, suppliers and service providers to perform certain functions on our behalf, including payment processing, logistical or other functions, as may be necessary to fulfil your orders;
- 1.3 sending you a newsletter or marketing communications, to inform you of our products and services, which we consider may be of interest to you;
- 1.4 responding to your questions and communications with you, for example if you have left your contact details on our website in order for us to contact you;
- 1.5 ensuring the security of our website, systemsand networks, including by preventing or detecting fraud or abuses, which includes the protection of intellectual property, trade or business secrets;
- 1.6 improving our goods and services, for example, by reviewing visits to our website and monitor the demand for specific goods and services;
- 1.7 managing HR matters, including recruitment, execution and termination of employment, managing payroll and benefits, ensuring health and safety at the work place, verifying attendance at work, handling promotions and assessing qualifications for a particular job or task, providing trainings and ensuring professional development of staff members, talent management;
- 1.8 carrying out other business operations, including invoicing, accounting, business networking, auditing transactions;
- 1.9 complying with applicable law, for example, in response to a request from a court or regulatory authority, where such request is made in accordance with the law.
2. The bases for processing of your personal data for the purposes described above will include:
- 2.1 to perform a contract that we have in place with you or the company you represent;
- 2.2 for the ELGi’s legitimate business interests as outlined in paragraphs 1.1, 1.3, 1.5, 1.6 and 1.8 above;
- 2.3 you provided us with your consent;
- 2.4 for the establishment, exercise or defense of a legal claims; or
- 2.5 for compliance with a legal or statutory obligation to which ELGi is subject.
3. In the event that we use your personal data for other purposes, not specified above, we will inform you about them, and, if required, of our basis for doing so, at the time we collect the personal data from you, to the extent required by law.
ELGI and its subsidiaries have always aimed at giving strong protection to personal data.
We conduct internal audit on data protection system regularly and also conduct external audit through audit agencies.
ELGI and its subsidiaries have a strong technical team for strong technical security of data and also good privacy policy for data. We always keep our security systems updated.
We also review our privacy policy regularly. We hold stable and strong procedures for physical security given by employees.
ELGI is a global company with operations spread across the globe. Processing of data is always done in a systematic manner.
- 1. Mostly, processing happens in the respective country or city itself, but some circumstances or legal provisions require transfer of your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in Section 3 above.
- 2. In particular, your personal data may be transferred throughout the ELGi group of companies located abroad. You can find locations of all of our global affiliates here. Intra-group transfers of personal data to recipients in non-EEA countries which do not have the same level of protection as the EEA, take place based on standard clauses approved by the European Commission.
- 3. In circumstances where your personal data is transferred to our outsourced service providers located abroad, we will, where required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organization, contractual or other lawful means. In particular, we take measures to help protect your personal data when it is transferred from the EEA to third countries. We rely on European Commission adequacy decisions about certain countries, as applicable (see here).Other measures include having standard clauses approved by the European Commission (see here) in our contracts with third parties that receive information outside the EEA or using other acceptable data transfer mechanisms, such as the EU-U.S. Privacy Shield framework for transfers to self-certified U.S. organizations (see here), Binding Corporate Rules (see here), approved Codes of Conduct and Certifications or, in exceptional circumstances, based on permissible statutory derogations.
- 4. Please contact ELGi at @elgi.com for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.
Except as stated above, we do not encourage any data being shared with any of the third parties, provided that you have given permission for such third parties to process your data and permitted us to disclose. In certain circumstances, we wish to disclose or are compelled to disclose your personal data to third parties for the purposes described in this Privacy Policy. Such disclosure will only take place in accordance with the relevant applicable laws and for the purposes listed above. These scenarios may include disclosure:
- to our affiliates or associated offices (for more information about ELGi’s affiliates and subsidiaries, please contact us at the address provided in Section 10 below); to our outsourced service providers or suppliers to facilitate the provision of our goods or services, such as hosting service providers, IT system administrators and support services, online payment services and customer services providers;
- to third party service providers and consultants, in particular [providers of IT and server security services], in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- to public authorities where we are required by law to do so and to defend or enforce our rights, protect our property, assets or safety of others.
- Some links in our website will take you to ELGi social media pages located on social media sitessuch as LinkedIn. Our pages on social media sites are governed by the privacy policy of the companiesoperating suchsites.
We will preserve your data as long as it is necessary. We have management procedure for the duration of maintenance of data, accordingly after a reasonable period of time the data will be deleted.
- We will delete your data once the business relationship is completely over
- We shall retain the data in case to comply with our global standard of obligation
The right to access personal information: you can access your personal information and know the reason for processing data and also the recipient who will be getting this information. You can also ask about the recipient’s basic information.
The right to data accuracy: you can have a check whether your data are updated, if not request the company to do the needful.
The right to rectification: you can verify the correctness of the information and in case of error; you can report about it to the company and get it correct.
The right to object processing of personal data:this right entitles you to request that ELGI and its subsidiaries shall not process any of your personal information
The right to request erasure of personal data:This right entitles you to request for erasure of personal data that are no longer necessary to achieve any objectives.
The right to withdraw consent: This right entitles you to withdraw any consent you had earlier given. Withdrawing consent could lead to drop of any purpose that was previously entitled.
The right to data portability: this right entitles you to receive a copy of your data in a structured and machine readable format, or request for transfer of data to another data controller.
The right to restriction of data processing: this right entitles you to request that ELGI and its subsidiaries to process data under limited circumstances with your consent.
In case of any inconvenience caused, we request you to approach the company and solve them or you can also file a complaint with the company to the Information Technology team before approaching any other authorities within the company at______.
Company is responsible to protect the data possessed by it with adequate data protection system, surveillance and audit of the protection system. All individuals in the company who use the data, process data and transfer data shall take responsibility to secure the data.
- Hard copy files or records are left unattended, lost or stolen;
- Laptops, Tablet, phones, data sticks or any other removable portable device holding personal or sensitive data are lost or stolen
- Databases or case file management systems are accessed by unauthorised users – either accidentally due to inadequate system access controls or intentionally by hackers; Equipment fails;
- Sensitive information is posted, Faxed or emailed to the wrong recipient;
- Unforeseen circumstances such as a fire or flood damage storage or buildings;
- Information is obtained by eavesdropping to phone calls, viewing pc screens in unprotected public spaces and shoulder surfing;
- The data engineer who identifies the breach shall inform the Head-Information Technologyand also the concerned department about the breach;
- The Head-Information Technologythen shall inform the executive directorin charge of the concerned department about the breach; who shall in turn, inform the data owner and the EU commission if the breach is in respect of individuals residing within the European Union;
- Determine the risk that breach involves and make a report on that breach about the data lost, what and whose data was lost, whether it was partial loss or complete loss;
- If the data is lost by stolen hardware then ensure that the data were encrypted and also password protected.
- Try to retrieve the data in stolen hardware if it is remotely possible and make a plan to prevent and tackle such data breach in future
- In case of critical loss make press announcement
Any queries or clarifications regarding Elgi’s compliance with this privacy policy should be directed to the Elgi Data Protection officer at the address given below. Elgi will make reasonable efforts to investigate and resolve the complaints and disputes regarding the use and disclosure of Personal data in accordance with this Policy.
In case of any unresolved dispute/concerns that have not been addressed satisfactorily, Elgi agrees to participate in the dispute resolution procedures of the panel established by the EU data protection authorities and to cooperate and comply with the appropriate authority/authorities of the territory to resolve disputes pursuant to the relevant privacy principles. Binding arbitration may be invoked when other dispute resolution procedures have been exhausted. Any such dispute resolution mechanism sought would be free of charge to you.
Elgi operates its websites to provide information concerning its products and services to the general public. Elgi understands the importance of protecting the privacy of Personal data collected through its websites. There is no legal requirement for the visitors to provide any data in our Website. However, our Website may not work without routing the required information essential for its working. Elgi collects personal data of visitors who voluntarily provide them by submitting online queries, feedback, requesting product/service information, or seeking job opportunities. The collected personal data is limited to user’s name, contact details including address, mobile/telephone number, company/employer, e-mail address and is used by Elgi only for providing best possible solution to users’ concern. Elgi may also collect data concerning website users by using “cookies” in order to render better customer service. (See our Cookie policy)
Elgi reserves the right to change, modify and update this policy at any time without notice in accordance with the requirements of applicable law. Please check our website periodically on the updated policy.
If you have any questions, comments, or requests regarding this Privacy Policy, please direct your request to: [email protected]
08th September 2020