The purpose of this privacy statement is to explain how AuthBridge Research Services Private Limited & its subsidiaries (“AuthBridge”) collect, process, store, use, transfer, maintain quality and protect your Personal Data (as defined herein after) for providing Background verification services to its clients.
AuthBridge is committed to protecting the privacy and confidentiality of Personal Data about its Clients and their candidates, vendors, partners and customers and ensuring that any Personal Data supplied by/ collected on behalf of its Clients or otherwise generated by its business activities is collected and processed fairly and lawfully.
Scope
This Statement applies to AuthBridge’s clients or individuals or entities who furnish their Personal Data to AuthBridge’s client or on behalf of AuthBridge’s client, directly submit to AuthBridge on iBridge or offline for Background verification service.
Personal Data is any data relating to identified or identifiable natural person (Personal Data)
AuthBridge collects/receives your Personal Data on this application to provide its services i.e. background verification to its Clients.
The Personal Data collected will generally include-
Sensitive Personal Data is a specific set of “special categories” that must be treated with extra security. AuthBridge collects the below mentioned sensitive Personal Data
The extent of Personal Data collected from you would vary depending on the background verification checks agreed with your employer/ AuthBridge’s client you have engagement with.
AuthBridge collects/receives Personal Data by fair, lawful, and transparent means. AuthBridge obtains Personal Data in an authorized manner for legitimate business purposes including data collected on behalf of AuthBridge’s client(s) whether by telephone, e-mail, hard copy, via AuthBridge’s online application form, client’s online portal for providing services to its clients. The specific kind of user data collection will depend on the services used.
Consent for undertaking Background verification:
AuthBridge being a processor does not undertake collection of Personal Data for background verification unless it or the Client has obtained the prior consent of the individual. The consent by the individual is required to be provided in written as a hard copy or electronically before AuthBridge undertakes the services as may be required for the Client(s). Where AuthBridge directly collects the Personal Data from an individual on client’s behalf, prior to such collection AuthBridge provides the individual an option to deny the consent for processing its Personal Data.
While collecting the Personal Data, AuthBridge requires its clients to ensure that the Authorization Note is duly read & signed by the individual, stating the purpose of Personal Data disclosure to AuthBridge and its third party/ies service providers for the purpose of delivering the intended services to ensure adherence to applicable legal and regulatory laws.
Your data is used by AuthBridge only for the purpose of providing its services to the Clients. The records of processing activities are maintained.
Whenever we undertake trend analysis of Background verification results and discrepancies, the data used for analysis does not contain any Personal Data.
AuthBridge, with partnerships globally, may need to transfer individual’s Personal Data to third party service providers including overseas' to render certain elements of background verification services. However, any such information transferred shall be subject to appropriate data privacy obligations.
The Personal Data may be shared/transferred only if it is necessary for the performance of a lawful contract between AuthBridge and Client(s) or where the individuals have provided their consent to such share/transfer. AuthBridge always, binds its employees and third-party service providers to the high standard of protection of Personal Data and its processing only for the authorized purpose. The records of such transfers are maintained.
AuthBridge will share your Personal Data to its employees in order to undertake your Background Verification done.
As a rule, AuthBridge does not disclose Personal Data to any third party unless such disclosures would be necessary for AuthBridge provision of the service to the Client(s). Such necessary disclosures other than written request from government would occur in accordance with applicable laws and may include-
AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard-
Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.
Risk Assessment - Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.
Personnel Security - All employees are background verified prior to sharing the Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically. For AuthBridge's third party service providers, background verification is also conducted along with signing the agreement including data privacy or data security obligations, NDA and Code of conduct.
IT Controls - Systems & Network Security controls are applied such as System Hardening, Patch Management, VPN Connectivity, Firewall, Intrusion Detection and Prevention System, Patch Management, End Point Protection, Anti-virus, Data Leak Prevention, VAPT of systems, servers, applications, networking devices and applications and Log Management.
Communication Security controls such as Encryption (Data at rest and transit, SSL/TLS, SSH, Message digest)
Application security practices including secure SDLC process, security scanning and IP based restriction. Other data security and access management practices are as per controls described in this section.
Access Management controls such as access role-based access, password protection, multi-factor authentication and principle of least privileges.
Masking of personal data wherever not needed. Periodic and need basis access review and reconciliation.
Log Management-Logs are stored at secure place. All accesses to the applications are logged in a secure platform and/or application specific database down to the activity level.
Business Continuity is ensured through highly resilient and redundant architecture, regular and systematic backups for all business-critical applications and servers as per the defined frequencies. Periodic testing of business continuity & disaster recovery plans is conducted, and continual improvement actions are taken.
Physical Security Controls - AuthBridge's premises are protected 24/7 through security guards to restrict any unauthorized entry. Visitor management process and Material In/Out process is implemented. Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done periodically. There is 24/7 CCTV monitoring. Restricted areas are labeled, and entry is allowed for only authorized users. There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented. Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, separate visitor registers for restricted area, and inventory movement register in place.
Incident Management Process - Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated, and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted clients (if applicable) who must further notify the respective individual/s.
To withdraw/ update/ delete your consent for AuthBridge to process your Personal Data or request to update/delete your Personal Data, we encourage you to speak to your employer/AuthBridge’s client you have engagement with. On his/her request, your request will be withdrawn, or Personal Data will be updated/deleted. On receiving such requests, AuthBridge will immediately act upon the same
AuthBridge neither directly collect personally identifiable data from anyone under the age of 18 (minors) nor provide any services to them.
In case our clients require us to do processing of data of a minor AuthBridge needs the parental consent for the child is below 16 years of age.
If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws-
If you are an AuthBridge client, please write to us on the email id/ address provided in Contact us section given below.
If your Personal Data is being processed by AuthBridge as a third party for your Background verification, and you wish to exercise any of your rights under the applicable law, we request you to reach out to your employer/AuthBridge's client you have engagement with. On receiving the communications from its clients about your request, AuthBridge will immediately act upon the same in accordance with the applicable law.
As AuthBridge collects your Personal Data only on behalf of its client, it is retained as per the retention period agreed with such client by way of a written agreement. In case you have any query, please connect with your employer/AuthBridge's client you have engagement with.
We may review and update this privacy statement from time to time. To let you know, we will amend the revision date on top of this page.
We commit to handle your Personal Data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your Personal Data you are encouraged to contact your employer/AuthBridge's client you have engagement with. AuthBridge will cooperate with any investigation to resolve any issues.
If you wish to contact AuthBridge for any privacy related query/concern, then please send email at privacy@authbridge.com Or mail to:
Chief Information Security & Privacy Officer
AuthBridge Research Services Pvt Ltd
Plot No. 123, II Floor, Udyog Vihar,
Phase IV – Gurgaon – 122 015
Haryana, India