“Act” shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time.
“Effective Date” shall been the effective date of this policy i.e. 21st October, 2021.
“Information” shall mean and include Personal Information and Sensitive Personal Data and Information as may be collected by KFIPL.
“Personal Information (PI)” shall have the same meaning as under Rule 2 (i) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time. For ease of reference Rule 2 (i) of the Information Technology (Reasonable security practices and procedures and sensitive personal data
or information) Rules, 2011 is re-produced under Schedule 1.
“Rules” shall mean the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time.
“Registered User” shall mean such user whose registration is accepted by KFIPL.
“Sensitive Personal Data and Information (SPDI)” shall mean and include information under Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time. For ease of reference Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is re-produced under Schedule 1.
All words and expressions used and not defined in this document but defined in the Act or the Rules shall have the meanings respectively assigned to them in the Act or the Rules.
1. COLLECTION OF INFORMATION
1.1 You may use KFIPL’s website to access Information, learn about its products and services, read publications and check career opportunities etc. without providing any PI/SPDI.
1.2 KFIPL may collect and process PI/ SPDI provided by you in the following forms:
- Should you opt to purchase products of KFIPL, which are available to all the customer irrespective of being a Registered User, Information is required to be provided by you at the the time of placing order such as your name, date of birth, address, email ID, gender and phone number. Providing additional information beyond what is required at the time of placing order is entirely optional and can be altered or removed by you at any time.
- Should you opt to register yourself as Registered User of KFIPL, you will be required to provide Information and shall be given access to the web portal/business applications based on the password based authentication which is chosen by them and securely stored in KFIPL servers for the purpose of authentication of the Registered Users at the time of login;
- Information that you provide directly to KFIPL via email or electronic communication;
- Information that you provide to KFIPL over telephone. KFIPL may make and keep a record of such information shared by you;
- Information that you provide to KFIPL in physical form whether sent through post or courier or handed over to a KFIPL representative in person; and
- PI/SPDI collected by KFIPL from its employees, suppliers or onsite consultants for the purpose of employment, availing their services and recording their attendance etc.
You will at all times have the option of not providing KFIPL with PI/SPDI that KFIPL seeks to collect. Even after you have provided KFIPL with any PI/SPDI, you will have the option to withdraw the consent given earlier. In such cases, KFIPL will have the right to not provide or discontinue the transaction or commercial understanding that is linked with such PI/SPDI.
2. USE OF INFORMATION COLLECTED
2.1 Any information, if collected will be used in connection with the relevant purpose as per the contract / arrangement and as under Section 1.2. The provider of information continuing the transaction with KFIPL shall be deemed to have consented to KFIPL for the use of such information as under this Policy.
2.2 Employees, suppliers or consultants of KFIPL shall be duly advised about the purpose for which any Information is being collected at the time of such collection.
3. SHARING OF INFORMATION
3.1 Where PI/SPDI is required to be shared, arising out of any contractual obligation, KFIPL shall part with such PI/SPDI only in accordance with your consent for the same.
3.2 To the extent necessary to provide you the requested Services or to the extent required under applicable law, we may provide your PI/SPDI to the following Third Parties without notice to you:
(a) Consultants (including auditors, authorized vendors) on a 'need to know' basis under a Non-Disclosure Agreement;
(b) Governmental authorities, in such manner as permitted or required by applicable law; and
3.3 Legal proceedings: In the event, KFIPL is required to respond to subpoenas, court orders or other legal process, your PI/SPDI may be disclosed pursuant to such subpoena, court order or legal process, which may be without notice to you.
4. SECURITY OF INFORMATION
4.1 KFIPL strives to ensure the security, integrity and privacy of your PI/SPDI and to protect your Information against unauthorized access, alteration, disclosure or destruction. Stringent security measures (physical, electronic and managerial) are in place to protect against the loss, misuse, and alteration of the PI/SPDI under our control. KFIPL’s servers are accessible only to authorized personnel and your Information is shared with employees and authorized personnel strictly on a 'need to know' basis.
4.2 As a consumer goods company, KFIPL uses and has a comprehensive information security process. KFIPL periodically assesses, audits and updates its information security protocols and policies to achieve the highest standards on a continuous and ongoing basis.
4.3 You may review the Information you have provided to KFIPL at any time. On your request, KFIPL will ensure that any PI/SPDI notified to be inaccurate or deficient, shall be corrected or amended. However, KFIPL shall not be responsible for the authenticity of the PI/ SPDI.
5. RETENTION AND REVOCATION OF INFORMATION
5.1 Your PI/SPDI will be retained with KFIPL as long as you avail the Services of KFIPL or for such period as may be necessary under applicable law.
5.2 In the event, you wish to no longer avail the Services of KFIPL or intend to request that KFIPL no longer retain your PI/SPDI or where you intend to modify the current PI/ SPDI, you may contact KFIPL as provided herein below.
6. NOTIFICATION OF CHANGES
6.2 In the event, if you object to any of the changes, and you no longer wish to use the Services or intend to revoke your consent to retain your PI/SPDI with KFIPL, you may contact KFIPL as provided hereunder.
6.3 Last Updated Date: 21st October, 2021
below. KFIPL will use reasonable efforts to respond promptly to requests, questions or concerns you may have regarding the use of your PI/SPDI.
8. GRIEVANCE OFFICER
8.1 In accordance with the Information Technology Act, 2000 and the rules made thereunder, the name and contact details of the Grievance Officer are provided below. You may contact the Grievance Officer to address any discrepancies and grievances you may have with respect to your Information with KFIPL. The Grievance Officer will redress your grievances expeditiously
Name – Mr. Jatin Mevada
[Head – Finance & I.T]
Contact Number: [+91 90040 39096]
Email ID: [firstname.lastname@example.org]
Rule 2 (i)
“Personal information" means any information that relates to a natural person, which, either directly
or indirectly, in combination with other information available or likely to be available with a body
corporate, is capable of identifying such person.
Sensitive personal data or information of a person means such personal information which consists
of information relating to:-
(ii) financial information such as Bank account or credit card or debit card or other payment
instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for providing service;
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.