National Logistics Platform @*
*@
@*
@Html.ActionLink("Back To Login", "Login", "Home", new { @class = "btn btn-outline-primary" })
*@

    Contents

  • Purpose
  • Scope
  • Roles And Responsibility
  • Sensitive Personal Data
  • Data Privacy Principles
  • Processing Of Sensitive Data
  • Data Transfer
  • Procedure And Guidelines For
    Data Security
  • Data Migration
  • Procedure And Guidelines For
    Data Migration
  • Data Privacy And Incident Management

Purpose

Kale Logistics Solutions Private Limited (Kale Logistics Solutions) needs to gather, produce and use certain information that are confidential or private in nature. The security of such information as per industry standard and regulatory requirements is important for Kale Logistics Solutions. This policy describes how this confidential and private data must be collected, handled and stored to meet the company’s data protection standards in compliance with applicable laws.
The objective of the policy is to:
  • To ensure protection of data / information that is confidential or private;
  • To ensure effective procedures are in place to prevent loss of confidential and private information

Scope

This policy applies to
  • KaleLogistics Solutions offices operating globally
  • All staff and employees of Kale Logistics Solutions globally
  • All contractors, suppliers and other people working with/ on behalf of Kale Logistics Solutions globally

Roles And Responsiblity

Roles Responsiblity
Board of Directors, Directors and Senior Management
  • Overall responsibility for ensuring that the organization complies with its legal obligations for data privacy.
Information Security Group
  • Briefing the Board on Data Protection responsibilities
  • Reviewing Data Protection and related policies
  • Advising other staff on tricky Data Protection issues
  • Ensuring that Data Protection and information security induction and training takes place periodically
  • Handling subject access requests
  • Approving unusual or controversial disclosures of personal data
  • Approving contracts with Data Processors if any
Product Heads
  • Each team or department where personal data is handled should be responsible for drawing up its own operational procedures (including induction and training) to ensure that good Data Protection practice is established and followed.
  • Also, the managers must ensure that the Information Security Group is informed of any changes in their uses of personal data that might affect this policy
Staff / Teams
  • All staff and volunteers should be required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Sensitive Personal Information

Sensitive personal data or information of a person means such personal information, which consists of information relating to:
  • Password
  • Financial information such as Bank account or credit card or debit card or other payment instrument details
  • Physical, physiological and mental health condition;
  • Sexual orientation
  • Medical records and history
  • Biometric information

Data Privacy Principles

Kale Logistics Solutions will discharge its responsibilities in accordance with the IT Act and the following Data Protection principles contained therein:
  • Obtain and process information fairly
  • Keep it only for one or more specified, explicit and lawful purposes
  • Use and disclose it only in ways as mentioned in this document
  • Keep it safe and secure
  • Keep it accurate, complete and up to date
  • Ensure it is adequate, relevant and not excessive
  • Retain for no longer than is necessary
  • Give a copy of personal data to the individual upon request

Processing of Sensitive Data

Personal data of customers / employees will be securely stored, in manual or electronic form, and in accordance with the IT Act. In addition, data collected for a specific purpose, product or service may be stored at Kale Logistics Solutions with other information relating to an individual, and only in accordance with the data protection principles mentioned above.

Data Transfer

Kale Logistics shall not disclose an individual's personal data outside the Kale Logistics office except:
  • When Kale Logistics Solutions has collected the data on behalf of a client/s for the purposes of data processing and in such cases to make the same available to such client/s and their duly authorized representatives
  • When Kale Logistics Solutions has express consent to do so, or in circumstances as agreed between Kale Logistics Solutions and an individual.
  • When necessary, to our regulatory bodies and auditors
  • When Kale Logistics Solutions is required or permitted to do so by law
  • To fraud prevention agencies where required

Procedures and Guidelines for Data Security

Kale Logistics Solutions shall maintain physical, technological and procedural safeguards and security that comply with the IT Act. In addition, training procedures shall be in place for all employees of Kale Logistics Solutions to ensure high standards in relation to data protection. Below are some of the steps that Kale Logistics Solutions shall take to ensure customer/ employee data security

  • Access to the sensitive data should be provided strictly on need to know basis.
  • Backup should be kept in safe and secure environment.
  • Sensitive personal data should be shared with proper authorization as required.
  • Data kept in file servers or shared servers should have proper access controls.
  • Logs of the systems should be taken periodically and reviewed to identify user accesses for the applications and servers containing sensitive personal data.
  • Strict disciplinary actions should be taken if any breach of data protection standards is identified as per this policy.
  • Data privacy should be ensured in using Company’s resources such as laptops, online applications, external storage devices, file servers, records and documents.

Data Migration

The data migration plan shall include methods for verification of completeness, consistency and integrity of migration activity and pre and post migration activities along with responsibilities and timelines for completion of the same. The key aspects that are required to be considered include:
  • Integrity of data— indicating that the data is not altered manually or electronically by a person, programme, substitution or overwriting in the new system. Integrity thus, includes error creep due to factors like transposition, transcription, etc.
  • Completeness— ensuring that the total number of records from the source database is transferred to the new database (assuming the number of fields is the same).
  • Confidentiality of data under conversion—ensuring that data is backed up before migration for future reference or any emergency that might arise out of the data migration process.
  • Consistency of data— the field / record called for from the new application should be consistent with that of the original application. This should enable consistency in repeatability of the testing exercise.
  • Continuity—the new application should be able to continue with newer records as addition (or appendage) and help in ensuring seamless business continuity

Procedures and Guidelines for Data Migration

  • Data Migration activity must ensure the key aspects mentioned above
  • Explicit sign offs from users / application owners need to be obtained after each stage of migration and after complete migration process.
  • Each migration phase must include documentation of audit trails, error logs, root cause analysis (if applicable) etc. for easy recovery from migration failure.

Data Privacy Incident Management

Any incident of data privacy violation must be reported immediately to the information security group and respective service line leaders so that the exposure can be contained. Incidents can be reported to individual responsible for the above roles or to the group ID info.sec@kalelogistics.com