This privacy policy indicates that Vibhuti Insurance Brokers Pvt. Ltd. (VIBPL) is
committed to ensure an adequate level of security in terms of confidentiality,
integrity, and availability of information assets including, but not limited to, digital
data, documents, intellectual property, customer data, financial records, trade
secrets and personally identifiable information (PII) of its employees, customers, and
interested parties.
The policy applies to any information generated within the processing of PII, be it
stored electronically or in paper.
Purpose
The purpose of this policy is to describe VIBPL’s responsibilities regarding the
protection of PII.
Principle of processing personally identifiable information
VIBPL collects, stores, and processes information revealing the identity of natural
persons, including names, addresses, usernames and passwords, and photographs.
Such PII is collected only after obtaining consent from the PII principals. Once
collected, the following rules apply with no exception and under any circumstances.
PII shall be:
- Precise and consistently updated
- Collected legitimately and with a clearly stated purpose
- Protected from any unauthorized or illegal access
PII shall not be:
- Communicated informally
- Stored for longer than the determined retention period
- Transferred to organizations, states, or countries that do not provide proper
protection of PII
-
Shared with other parties, unless approved by the PII principal
In the "Policy" section:
- specific policies, guidelines, or principles that the document promotes or
describes are articulated,
- Stored for longer than the determined retention period
- rationale behind these policies and their significance in the context of the
subject matter is explained,
-
a clear and comprehensive overview of the policies and how they are to be
implemented is provided, and
- the intended standards or best practices to be followed are communicated.
Roles Responsibility
All VIBPL employees and other entities who legitimately receive PII, share the
responsibility of ensuring the appropriate collection, processing, storage, and
handling of PII.
The following persons have roles and responsibilities that are specific to the
protection of PII:
- Information security manager: Responsible for providing oversight and continual
improvement of the privacy of PII within VIBPL and for leading the design,
implementation, operation, and maintenance of the privacy information
management system (PIMS) based on ISO/IEC 27701
- IT systems manager: Responsible for complying with the VIBPL policies related
to nondisclosure and confidentiality agreements, checking and monitoring the
general condition of the network and network devices, and conducting the
implementation, configuration, and maintenance of computer networks and
software
System administrator: Responsible for ensuring that access to the PII is restricted to
authorized persons only and will not be shared with or provided to any unauthorized
party
General Guidelines
VIBPL assures that it respects the integrity, confidentiality, and availability of
information generated within the processing of PII. VIBPL also assures the protection
of information assets against internal or external and accidental or deliberate threats.
- Access to PII should be restricted only to those who need it for the purpose of
their work.
- PII should not be shared informally. When access to PII is required, employees
should request it formally and in written form.
- VIBPL will provide comprehensive training to all its employees to help them
understand their responsibilities when handling PII.
- PII should not be disclosed internally or externally without prior written request
and approval.
- Employees should ask their manager, head of department, or information
security manager for when in doubt about the proper handling of PII.
Disclosing Data
Under specific circumstances and when required, VIBPL can disclose PII to law
enforcement agencies without obtaining consent from the PII principal. However,
VIBPL will ensure the request is legitimate by seeking assistance from the legal
advisors, when necessary.
Related Polices
Other policies related to the privacy policy include the information security policy,
human resources management policy, and training of personnelrated within the processing of PII, be it
stored electronically or in paper.