This Privacy Policy outlines our commitment to data protection and compliance with
data protection laws within India. It aims to provide transparency and assurance to
our members regarding the collection, storage, and use of their personal information.
By becoming a member and using our services, you consent to the practices
described in this policy.
We are an Association that provides Membership services to restaurants, hotels, and
other establishments in Western India who choose to be our members. We collect
personal and business data as part of the membership process, which helps us
deliver our services effectively.
Consent of the prospect member is sought in the application form filled by the
prospect member.
We collect personally identifiable information (PII) to ensure the efficient delivery of
our services and to comply with the requirements of operating an association. The
specific reasons for collecting each category of PII are as follows:
- Name: Your name is collected to establish your membership, personalize
communications, and facilitate interactions with our services.
- Address: Your address is required for various purposes, including verifying
your membership eligibility, enabling specific features within our application,
and delivering relevant communications.
- Aadhar Card Number: We collect your Aadhar card number as part of
compliance with legal and regulatory requirements.
- PAN Card: Your PAN card information may be collected for taxation purposes
and to comply with legal obligations.
Please note that the collection of PII is done in accordance with applicable laws and
regulations, and we take appropriate measures to protect the confidentiality and
security of the collected information. This information is not shared with third parties
except as required by law.
We employ robust security measures to ensure the secure storage of collected PII:
- Access Control: Authorized personnel with specific job responsibilities have limited access to stored PII, enforced through unique user credentials and role-based permissions.
- Physical Security: Physical safeguards like access controls and surveillance systems protect against unauthorized physical access.
- Disciplinary Policy: Strict policies and non-disclosure agreements prevent misuse of Personal Data by staff and vendors.
- Vendor Policy: Strong agreements are in place with vendors processing personal data, including regular risk assessments.
- Security Audits: Periodic security audits and assessments identify and address vulnerabilities to maintain robust security.
Please note that while we implement these measures, no method of data
transmission or storage can be entirely guaranteed as 100% secure. However, we
strive to adhere to industry best practices for data protection.
We offer a Member Helpdesk for Modification, Deletion, and Consent Withdrawal of
Personal Data. Our Data Protection Officer (DPO), Mr. Hemanshu Chauhan
(asg@hrawi.com), oversees privacy practices, compliance, and acts as the main
point of contact for queries related to PII processing.
We take PII security seriously and have outlined guidelines for addressing security
incidents:
- Critical Security Incidents: A dedicated response team addresses critical
incidents promptly, mitigating their impact, investigating causes, and
implementing corrective actions.
- Incidents Involving PII: Unauthorized access, disclosure, alteration, or
destruction prompts immediate assessment and necessary actions. Affected
individuals are informed with protective measures.
Our data sharing with trusted vendors is governed by robust security protocols:
- Confidentiality Measures: Legally binding agreements enforce vendor
confidentiality and restrict data use.
- Data Encryption: Industry-standard encryption protocols protect data during
transmission and storage.
- Security Audits: Regular assessments of vendors' security practices ensure
compliance.
- Incident Response and Notification: An incident response plan addresses
breaches or incidents involving vendors, ensuring timely notifications.
- Any Vendor/ Consultant/ Service Provider under an active Agreement/
Contract is restricted to compromise any data/ information in any format within
their custody. Upon the expiration or termination of any Agreement/ Contract
vendor shall promptly return all data/ information, in any format, held within
their custody & any residual copies must be explicitly destroyed, with
confirmation provided to HRAWI. Detection of any unauthorized use or abuse
is imperative & the liability solely stands with the Vendor/ Consultant/ Service
Provider & not HRAWI.
We want to assure our members that the PII collected by us is never misused for any
purpose other than those explicitly mentioned in this policy. We are committed to
upholding the trust you place in us and ensuring that your data is treated with the
utmost respect and integrity.
This Privacy Policy underscores our commitment to protecting your personal
information and complying with data protection laws. Regular updates and
compliance with best practices reflect our dedication to data security and privacy.
For any queries, concerns, or requests related to your personal data, please contact
our Data Protection Officer, Mr. Hemanshu Chauhan, at (asg@hrawi.com).