This privacy policy indicates that Vibhuti Insurance Brokers Pvt. Ltd. (VIBPL) is committed to ensure an adequate level of security in terms of confidentiality, integrity, and availability of information assets including, but not limited to, digital data, documents, intellectual property, customer data, financial records, trade secrets and personally identifiable information (PII) of its employees, customers, and interested parties.

The policy applies to any information generated within the processing of PII, be it stored electronically or in paper.

Purpose

The purpose of this policy is to describe VIBPL’s responsibilities regarding the protection of PII.

Principle of processing personally identifiable information

VIBPL collects, stores, and processes information revealing the identity of natural persons, including names, addresses, usernames and passwords, and photographs.

Such PII is collected only after obtaining consent from the PII principals. Once collected, the following rules apply with no exception and under any circumstances. PII shall be:

  1. Precise and consistently updated
  2. Collected legitimately and with a clearly stated purpose
  3. Protected from any unauthorized or illegal access

PII shall not be:

  1. Communicated informally
  2. Stored for longer than the determined retention period
  3. Transferred to organizations, states, or countries that do not provide proper protection of PII
  4. Shared with other parties, unless approved by the PII principal In the "Policy" section:
    1. specific policies, guidelines, or principles that the document promotes or describes are articulated,
    2. Stored for longer than the determined retention period
    3. rationale behind these policies and their significance in the context of the subject matter is explained,
    4. a clear and comprehensive overview of the policies and how they are to be implemented is provided, and
    5. the intended standards or best practices to be followed are communicated.

Roles Responsibility

All VIBPL employees and other entities who legitimately receive PII, share the responsibility of ensuring the appropriate collection, processing, storage, and handling of PII.
The following persons have roles and responsibilities that are specific to the protection of PII:

  • Information security manager: Responsible for providing oversight and continual improvement of the privacy of PII within VIBPL and for leading the design, implementation, operation, and maintenance of the privacy information management system (PIMS) based on ISO/IEC 27701
  • IT systems manager:  Responsible for complying with the VIBPL policies related to nondisclosure and confidentiality agreements, checking and monitoring the general condition of the network and network devices, and conducting the implementation, configuration, and maintenance of computer networks and software

System administrator:  Responsible for ensuring that access to the PII is restricted to authorized persons only and will not be shared with or provided to any unauthorized party

General Guidelines

VIBPL assures that it respects the integrity, confidentiality, and availability of information generated within the processing of PII. VIBPL also assures the protection of information assets against internal or external and accidental or deliberate threats.

  • Access to PII should be restricted only to those who need it for the purpose of their work.
  • PII should not be shared informally. When access to PII is required, employees should request it formally and in written form.
  • VIBPL will provide comprehensive training to all its employees to help them understand their responsibilities when handling PII.
  • PII should not be disclosed internally or externally without prior written request and approval.
  • Employees should ask their manager, head of department, or information security manager for when in doubt about the proper handling of PII.

Disclosing Data

Under specific circumstances and when required, VIBPL can disclose PII to law enforcement agencies without obtaining consent from the PII principal. However, VIBPL will ensure the request is legitimate by seeking assistance from the legal advisors, when necessary.

Related Polices

Other policies related to the privacy policy include the information security policy, human resources management policy, and training of personnelrated within the processing of PII, be it stored electronically or in paper.