Introduction

This Privacy Policy outlines our commitment to data protection and compliance with data protection laws within India. It aims to provide transparency and assurance to our members regarding the collection, storage, and use of their personal information. By becoming a member and using our services, you consent to the practices described in this policy.

Our Role

We are an Association that provides Membership services to restaurants, hotels, and other establishments in Western India who choose to be our members. We collect personal and business data as part of the membership process, which helps us deliver our services effectively.
Consent of the prospect member is sought in the application form filled by the prospect member.

Why We Collect PII

We collect personally identifiable information (PII) to ensure the efficient delivery of our services and to comply with the requirements of operating an association. The specific reasons for collecting each category of PII are as follows:

  • Name: Your name is collected to establish your membership, personalize communications, and facilitate interactions with our services.
  • Address: Your address is required for various purposes, including verifying your membership eligibility, enabling specific features within our application, and delivering relevant communications.
  • Aadhar Card Number: We collect your Aadhar card number as part of compliance with legal and regulatory requirements.
  • PAN Card: Your PAN card information may be collected for taxation purposes and to comply with legal obligations.

Please note that the collection of PII is done in accordance with applicable laws and regulations, and we take appropriate measures to protect the confidentiality and security of the collected information. This information is not shared with third parties except as required by law.

Security of PII

We employ robust security measures to ensure the secure storage of collected PII:

  • Access Control: Authorized personnel with specific job responsibilities have limited access to stored PII, enforced through unique user credentials and role-based permissions.
  • Physical Security: Physical safeguards like access controls and surveillance systems protect against unauthorized physical access.
  • Disciplinary Policy: Strict policies and non-disclosure agreements prevent misuse of Personal Data by staff and vendors.
  • Vendor Policy: Strong agreements are in place with vendors processing personal data, including regular risk assessments.
  • Security Audits: Periodic security audits and assessments identify and address vulnerabilities to maintain robust security.

Please note that while we implement these measures, no method of data transmission or storage can be entirely guaranteed as 100% secure. However, we strive to adhere to industry best practices for data protection.

Obligations to Members

We offer a Member Helpdesk for Modification, Deletion, and Consent Withdrawal of Personal Data. Our Data Protection Officer (DPO), Mr. Hemanshu Chauhan (asg@hrawi.com), oversees privacy practices, compliance, and acts as the main point of contact for queries related to PII processing.

Security Incidents

We take PII security seriously and have outlined guidelines for addressing security incidents:

  • Critical Security Incidents: A dedicated response team addresses critical incidents promptly, mitigating their impact, investigating causes, and implementing corrective actions.
  • Incidents Involving PII: Unauthorized access, disclosure, alteration, or destruction prompts immediate assessment and necessary actions. Affected individuals are informed with protective measures.

Security Protocols with Vendors

Our data sharing with trusted vendors is governed by robust security protocols:

  • Confidentiality Measures: Legally binding agreements enforce vendor confidentiality and restrict data use.
  • Data Encryption: Industry-standard encryption protocols protect data during transmission and storage.
  • Security Audits: Regular assessments of vendors' security practices ensure compliance.
  • Incident Response and Notification: An incident response plan addresses breaches or incidents involving vendors, ensuring timely notifications.
  • Any Vendor/ Consultant/ Service Provider under an active Agreement/ Contract is restricted to compromise any data/ information in any format within their custody. Upon the expiration or termination of any Agreement/ Contract vendor shall promptly return all data/ information, in any format, held within their custody & any residual copies must be explicitly destroyed, with confirmation provided to HRAWI. Detection of any unauthorized use or abuse is imperative & the liability solely stands with the Vendor/ Consultant/ Service Provider & not HRAWI.

No Misuse of PII

We want to assure our members that the PII collected by us is never misused for any purpose other than those explicitly mentioned in this policy. We are committed to upholding the trust you place in us and ensuring that your data is treated with the utmost respect and integrity.

Conclusion

This Privacy Policy underscores our commitment to protecting your personal information and complying with data protection laws. Regular updates and compliance with best practices reflect our dedication to data security and privacy.

For any queries, concerns, or requests related to your personal data, please contact our Data Protection Officer, Mr. Hemanshu Chauhan, at (asg@hrawi.com).