Protection Policy

Adrosonic is committed to protecting the security of the personal information of its employees, clients, and other persons whose details may be collected or processed by it. This policy describes how Adrosonic collects and uses such personal information, in accordance with the applicable laws and regulations. This policy ensures that Adrosonic:

•  Complies with data protection law and follows good data management and usage practices,
•  Protects the rights of its employees, clients, partners, and other individuals,
• Is transparent about how it stores, processes, and uses Personal Data of individuals, and
•  Gives individuals a choice regarding how their Personal Data will be processed by Adrosonic.

This policy adds to and complements other Adrosonic policies on privacy and data protection, and is effective from 08 August 2023.

This policy applies to:

• Adrosonic IT Consultancy Services Private Limited
• Adrosonic UK Limited
• Adrosonic Inc.
• Adrosonic LATAM SpA
  (the above being referred to collectively in the singular in this policy as “Adrosonic ”)
• Employees, officers, and management of Adrosonic
• Contractors, suppliers and other people engaged by Adrosonic to process personal information.

In this policy:

• A Controller or a Data Fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of Personal Data.
•  A Processor or Data Processor means any person who processes Personal Data on behalf of a Data Fiduciary.
•  The Data Subject or Data Principal means the individual to whom the Personal Data relates.
• Personal Data means any data about an individual who is identifiable by or in relation to such data. Personal Data excludes data that is rendered anonymous in such a way that individuals cannot be identified from such anonymised data.

Personal Data of a Data Principal shall be acquired by Adrosonic on the basis of consent provided by the concerned Data Principal. Consent may be express or implied by action. For example, an inquiry made by a Data Principal regarding the nature of services offered by Adrosonic shall be regarded as a consent by such Data Principal to their use Personal Data to contact them for providing such information. The Personal Data acquired by Adrosonic shall be used only for the purposes for which the consent was given.

It may sometimes be necessary for Adrosonic to transfer Personal Data to a different jurisdiction than from where it was acquired. Any such transfers will be made in compliance with the applicable laws.

Adrosonic may process Personal Data of a Data Principal on any of the following basis.

(a) Consent: When the Data Principal has given clear unambiguous consent for their Personal Data to be processed for a specific purpose;

(b) Contract: When the processing of Personal Data is necessary for the performance of a contract with the Data Principal or to take steps to enter into a contract;

(c) Legal obligation: When the processing is necessary for compliance with a legal obligation;

(d) Vital interests: When the processing is necessary to protect the vital interests of a Data Principal or another individual;

(e) Public task: When the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Adrosonic (where it acts as the Data Fiduciary) or the concerned Data Fiduciary (where Adrosonic acts as a Data Processor);

(f) Legitimate interests: When the processing is necessary for the purposes of legitimate interests pursued by Adrosonic (where it acts as the Data Fiduciary) or the concerned Data Fiduciary (where Adrosonic acts as a Data Processor), or a third party, except where such interests are overridden by the interests, rights, or freedoms of the Data Principal.

Adrosonic may perform any the actions listed in this policy by itself or through a third party; in the latter case, Adrosonic will remain accountable for ensuring that these third parties comply with the provisions of this policy.

Adrosonic may process Personal Data for any of the following purposes.

(a) For the specified purpose for which the Data Principal has voluntarily provided their Personal Data to Adrosonic, and in respect of which the Data Principal has not indicated to Adrosonic that they do not consent to the use of their Personal Data;

(b) For the Government to provide or issue to the Data Principal such subsidy, benefit, service, certificate, licence or permit as may be prescribed;

(c) For the performance by the Government of any function under any law for the time being in force in India or in the interest of sovereignty and integrity of India or security of the State;

(d) For fulfilling any obligation under any law for the time being in force in India on any person to disclose any information to the Government, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force;

(e) For compliance with any judgment or decree or order issued under any law for the time being in force in India, or any judgment or order relating to claims of a contractual or civil nature under any law for the time being in force outside India;

(f) For responding to a medical emergency involving a threat to the life or immediate threat to the health of the Data Principal or any other individual;

(g) For taking measures to provide medical treatment or health services to any individual during an epidemic, outbreak of disease, or any other threat to public health;

(h) For taking measures to ensure safety of, or provide assistance or services to, any individual during any disaster, or any breakdown of public order.

As a part of the above activities, Adrosonic processes Personal Data in order to:

•  Provide IT consultancy services, including development, testing and related services;
•  Maintain its financial records and accounts;
•  Support and manage its employees; and
•  Process its payroll.

Adrosonic processes Personal Data of its customers and clients, advisers and other professional experts and employees. This data may include:

• Personal details
• Family, lifestyle, social circumstances
• Goods and services
• Financial details
• Education details
• Employment details

While quite unlikely to do so, Adrosonic may also process sensitive classes of data that may include:

• Physical or mental health details
• Religious or other beliefs
• Racial or ethnic origin
• Trade union membership

Adrosonic’s processing activities do not involve automated decision making or profiling.

Adrosonic may retain Personal Data:

(a) of clients, including data within accounts, taxation and payroll, for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After this, the records will be deleted/destroyed. Adrosonic may keep clients’ records for a longer period, where it believes it has a legitimate interest/reason to do so;

(b) of potential employees / candidates, which prove unsuccessful, for a period of six months, after which such data will be deleted/destroyed; and

(c) of employees for varying periods, depending upon the category of data and the contractual terms of employment of the concerned employee.

Adrosonic shall not retain Personal Data for a period of time that is longer than that required for the purpose of any legitimate objective.

The Data Principal shall have the right to obtain from Adrosonic:

(a) A summary of their Personal Data which is being processed by Adrosonic and the processing activities undertaken by Adrosonic with respect to such Personal Data; and

(b) The identities of all other Data Fiduciaries and Data Processors with whom the Personal Data has been shared by such Data Fiduciary, along with a description of the Personal Data so shared.

In addition, the Data Principal has the right to correction, completion, updating and erasure of their Personal Data for the processing of which they have previously given consent.

To exercise any of their rights, the Data Principal must write to the designated Data Protection Officer of Adrosonic (details of the Data Protection Officer are provided further in this policy). The Data Principal must provide the details of the request and submit one government-issued ID document (passport, driver’s license, etc.) that established the identity of the Data Principal. Adrosonic will respond to duly provided requests of Data Principal within thirty (30) days or such further period as is reasonably necessary for it to comply with such request.

A Data Principal may nominate another individual who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal. In such a case, the designated nominee of the Data Principal will be required to provide confirmation to demonstrate his or her authority to represent the Data Principal for the purpose of exercising the rights of the Data Principal as above.

A Personal Data breach is more than just losing Personal Data; it means any unauthorised processing of Personal Data or accidental disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to Personal Data, that compromises the confidentiality, integrity, or availability of Personal Data.

Adrosonic will take reasonable security safeguards to prevent Personal Data breach. In the unlikely event of a Personal Data breach, Adrosonic will provide the Data Principal an intimation of such Personal Data breach.

At present, the designated Data Protection Officer for Adrosonic is Ms. Sonal. She can be reached by email on sonal@adrosonic.com or over phone on +9l 22 68159902.

Adrosonic reserves the right to update this policy at any time; it will provide you access to a new policy when it makes any substantial updates. It may also notify you in other ways from time to time about the processing of your personal information. If you have any questions about this policy, please contact the designated Data Protection Officer.