Acceptable data collection and usage Policy
for
Hero Insurance Broking India Pvt. Ltd.
Version 1.0

Document Name: HIBIPL-Data Usage-V1_0 Version Number: 1.0

Description	Date	No. of Pages	Approved / Authorized By
VersionNumber 1.0	01-12-2017	2

Objective

The objective of this policy is to establish safeguards that minimize the risk of compromising data security and privacy during personal data collection and usage

Note: This Policy may be referred to in conjunction with policies and standards provided under the References section below for understanding the overall perspective relating to data protection/privacy.

Scope

This policy is applicable to:

• Mass e-mail processing & communication (using HIBIPL’s email domain)
• Tele-calling activities either in-house or through HIBIPL’s vendors/service providers.
• Collection and usage of customer’s, prospect’s, vendor’s and employee’s personal information.

Prospect, customer, vendor, employees and other individuals would be referred to as “User” in this policy.

User data includes data such as, but not limited to –

• Name,
• Contact information (Office and mobile telephone numbers),
• Address,
• Organization name,
• Areas of interest,
• Title,
• Email address,
• Country.

Policy Details

Data Collection

• Personal data of User collected by HIBIPL for carrying out business processes shall be protected against unauthorized access.
• While collecting personal data of Users (example- HIBIPL website or any other sites on behalf of HIBIPL), the following shall be considered-

Legal/regulatory requirements if any, related to the data protection

• HIBIPL shall provide comprehensive information about the identity of the data controller.
• Data will be collected only for specific, explicit and legitimate purpose and subsequently processed in accordance with those purposes and will be kept up to date.
• Disclaimer shall be provided that data collection is in accordance with the Privacy Policy of the company.
• User shall be clearly notified at the time of obtaining consent on why the data is collected and how it would be protected including terms of use with third parties, as applicable.
• The user shall be given option to opt out (unsubscribe) anytime either via dealer.
• User’s email address shall be added to a mailing list only after verification of user’s intention of joining the mailing list.

Processing and Communication

• E-mails / SMS for broadcast shall contain accurate subject lines and shall not be deceptive in nature.
• E-mails/SMS shall be sent to outside world only through company approved email system/ SMS Server.
• Appropriate security measures would be taken against unauthorized access to, or alteration, disclosure or destruction of personal information and against its accidental loss or destruction.
• HIBIPL employees and contractors engaged in processing of users personal information shall undergo background check before commencing their job and also ensure relevant NDA is signed and restored for future reference.
• The application/system in which user data is stored shall be protected against breach. Adequate measures should be taken before using the data for testing purpose.
• User data shall be classified as “Confidential” information and shall be shared on need to know basis only.
• E-mails shall be sent only to the intended recipient of such communication.

Data Retention

Data shall be deleted or anonymized as soon as it is no longer necessary for the purpose for which it was collected or processed.

Policy Violations:

Employees found violating any of the above clauses shall be subject to disciplinary action.