Reddy Ventures is fully committed to ensuring continued and effective implementation of this policy, and expects all Reddy Ventures employees and third parties to share in this commitment.
This Policy applies to all Reddy Ventures entities where a data subject’s Personal Data is processed:
- In the context of the business activities of the Reddy Ventures entity.
This Policy applies to all processing of Personal Data either in electronic form or where it is held in manual files that are structured in a way that allows ready access to information about individuals. Wherever the context requires in this Policy, Personal Data shall be interpreted to also include sensitive Personal Data.
This policy has been designed to establish a worldwide baseline standard for the processing and protection of Personal Data by all Reddy Ventures entities. All inquiries about this Policy can be directed to add email ids here
3.1 Privacy Organization
Data subject concerns shall be addressed and their rights related to information access; objection to processing, automated decision-making and profiling; restriction of processing; data portability; data rectification; and data erasure shall be upheld through an internal data protection office.
If an individual makes a request relating to any of the rights above, Reddy Ventures shall consider each such request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/ or complying with such a request unless the request is deemed to be unnecessary or excessive in nature. This demonstrates our commitment to data protection and it shall enhance the effectiveness of our compliance efforts.
3.2 Policy Dissemination & Enforcement
The management team of each Reddy Ventures entity must ensure that all Reddy Ventures employees responsible for the Processing of Personal Data are aware of and comply with the contents of this policy.
In addition, each Reddy Ventures entity will make sure all third parties engaged to process Personal Data on their behalf are aware of and comply with the contents of this policy. Assurance of such compliance must be obtained from all third parties, whether companies or individuals, prior to granting them access to Personal Data controlled by Reddy Ventures.
3.3 Compliance Monitoring
To confirm that an adequate level of compliance is being achieved by all Reddy Ventures entities in relation to this policy, the Organization will carry out periodic Data Protection compliance audits for all such entities. Each audit will, inter alia, assess:
- Compliance with Policy in relation to the protection of Personal Data, including:
- The assignment of responsibilities
- Raising awareness
- Training of Employees
- The effectiveness of Data Protection related operational practices, including:
- Data Subject rights
- Personal Data transfers
- Personal Data incident management
- Personal Data complaints handling
- The level of understanding of Data Protection policies and Privacy Notices
- The currency of Data Protection policies and Privacy Notices
- The accuracy of Personal Data being stored
- The conformity of third party activities
- The adequacy of procedures for redressing poor compliance and Personal Data breaches.
4. Data Protection & Privacy Principles
Reddy Ventures has adopted the following principles to govern its collection, use, retention, transfer, disclosure, and destruction of Personal Data.
- Purpose Limitation: Personal Data shall only be collected and processed for specific, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Lawfulness, Fairness, and Transparency: Personal Data shall be processed lawfully, fairly, and transparently, regardless of the source of Personal Data collected.
- Data minimization: Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. No Personal Data shall be stored beyond what is strictly required.
- Accuracy: Personal Data shall be accurate and kept up-to-date as per the instructions of the data subjects.
- Storage Limitation: Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
- Integrity and confidentiality: Personal Data shall be processed in a manner that ensures its appropriate security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.
- Accountability: Reddy Ventures must demonstrate that the principles outlined above are met for all Personal Data for which it is responsible.
5. Data Protection & Privacy Measures
In pursuance of the above principles, Reddy Ventures abides by the following measures.
- Privacy by design: All data protection requirements shall be identified and addressed when designing new systems or processes and/ or when reviewing or expanding existing systems or processes. Protection Impact Assessment (DPIA) shall be conducted, for all new and / or revised systems or processes. The impact of any new technology uses on the security of Personal Data shall be assessed.
- Training: All employees shall be given appropriate training regarding implementation of data protection policies of the Company.
- Data collection: Personal Data may be collected from related data subjects unless the nature of the business purpose necessitates collection of Personal Data from other persons. If Personal Data is collected from someone other than the data subject, the data subject shall be informed of the collection. In all cases where notices are required to be issued to the data subject, these shall be issued promptly.
- Data subject notification: Reddy Ventures shall, when required by applicable law, contract, or where it considers that it is reasonably appropriate to do so, provide data subjects with information as to the purpose of the processing of their Personal Data, by way of a notice, and obtain consent only where the legal basis of processing Personal Data is consent.
- Data processing: Reddy Ventures shall use Personal Data for the broad purposes of general running and administration of Reddy Ventures entities, to provide services to Reddy Ventures’ customers, and the ongoing administration and management of customer services. Reddy Ventures shall process Personal Data in accordance with all applicable laws and contractual obligations.
- Data retention: To ensure fair processing, Personal Data shall be retained only for as long as necessary to fulfil the purposes of collection or as required by applicable laws. All Personal Data shall be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a need to retain it.
- Data transfer: Reddy Ventures entities may transfer Personal Data internally or to third party recipients. In order for Reddy Ventures to carry out its operations across its various entities, there may be occasions when it is necessary to transfer Personal Data from one entity to another, or to allow access to the Personal Data from an overseas location. Each Reddy Ventures entity will only transfer Personal Data to, or allow access by, third parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient. An approved transfer mechanism with adequate safeguards shall be used in all such cases.
- Data access: Access to Personal Data shall be granted only to authorized employees. Such access shall be suitably granted, modified, and revoked in line with the employee lifecycle and access management requirements.
- Data protection: Each Reddy Ventures entity shall adopt physical, technical, and organizational measures to ensure the security of Personal Data. Further, adequate safeguards in the form of contractual clauses and data transfer agreements shall be included when transferring Personal Data across jurisdictions or to any third party. In all cases where Reddy Ventures entities are processing Personal Data as a data processor, the data shall be processed only in accordance with the instructions of the data controller.
- Data quality: Reddy Ventures shall adopt all necessary measures to ensure that the Personal Data it collects and processes is complete and accurate in the first instance, and is updated to reflect the current situation of the data subject as notified by such subject.
- Breach reporting: Any individual who suspects that a Personal Data breach has occurred due to the theft or exposure of Personal Data shall immediately notify the internal Privacy Organization on add email id here. The Privacy Organization shall record and investigate all reported incidents to confirm whether or not a Personal Data breach has occurred. If confirmed, the Privacy Organization shall follow the procedures prescribed in the Personal Data Breach Management Guideline based on the criticality and quantity of the Personal Data involved, to notify the relevant supervising authority and the affected data subjects within prescribed timelines.
- External privacy notices: Each external website provided by a Reddy Ventures entity shall include an online ‘Privacy Notice’ and an online ‘Cookie Notice’ fulfilling the requirements of applicable law. All privacy and cookie notices must be approved by the Privacy Organization prior to publication on any Reddy Ventures external website.
- Law Enforcement Requests and Disclosures: If any Reddy Ventures entity receives a request from a court or any regulatory or law enforcement authority for information relating to a Reddy Ventures contact, the data subject shall be immediately notified.
- Complaint handling: Data subjects with a complaint about the processing of their Personal Data, should put forward the matter in writing to the Privacy Organization. An investigation of the complaint shall be carried out to the extent that is appropriate based on the merits of the specific case. The Privacy Organization shall inform the data subject of the progress and the outcome of the complaint within a reasonable period. If the issue cannot be resolved through consultation between the data subject and the Privacy Organization, the data subject may then, at their option, seek redress through mediation, binding arbitration, litigation, or via complaint to the Data Protection Authority within the applicable jurisdiction.
6. Publication Policy
This policy shall be available to all Reddy Ventures employees through Reddy Ventures’ policy portal (add portal if it exists) or via alternative means as deemed appropriate by the Privacy Organization.
Reddy Ventures reserves the right to update this Policy at any time. Any updates shall be made available via means deemed appropriate, in most cases through an email and/ or publication on Reddy Ventures’s website and intranet portal.