This Personal Data Protection Policy (hereinafter referred to as the “Policy”) outlines our commitment to protecting your privacy by detailing how ASB Resources LLC and its associated entities (collectively known as “ASB”, “us”, or “our”) handle your Personal Data.
About ASB Resources
As a leader in IT business consulting, ASB Resources has a rich 18-year history of partnering with Fortune 500 companies and spearheading transformations in both private and government sectors. We specialize in talent acquisition, data analytics, business intelligence, cloud computing, regulatory and management reporting, and automation projects.
- To establish a clear and comprehensive set of privacy and Personal Data protection principles that guide ASB’s data collection, storage, and processing.
- To guarantee the uniform treatment of Personal Data across all ASB entities.
- To protect Personal Data from security threats.
- To ensure that Personal Data is handled and transferred in compliance with relevant data protection laws and regulations.
This policy encompasses all personal data processing activities, whether digital or otherwise, and is applicable to ASB and its business units. All ASB employees, contractors, partners, and businesses must adhere to this policy except where stated exemptions apply.
ASB will specify the purposes for collecting Personal Data and ensure its handling aligns with them. ASB will only gather and process Personal Data that is adequate, relevant, and limited to the necessary scope and duration for the stated purposes. Personal Data will be handled lawfully, fairly, and transparently, regardless of source.
ASB will use IT systems that are compliant with Data Protection Laws and Regulations and provide suitable security for Personal Data storage and transmission. ASB will conduct Data Protection Impact Assessments as per relevant data privacy requirements.
ASB will promptly report breaches according to the Data Breach Notification Policy. ASB will record, investigate, and report data protection-related complaints and ensure data protection training is undertaken by all concerned employees.
ASB may collect, store, use, and disclose Personal Data (including Sensitive Personal Data) under various applicable data protection laws for lawful, clear, and legitimate purposes. Such purposes include but are not limited to administering services, market research, compliance with legal requirements, and fraud prevention. Personal Data collected via our website may be used for tracking user behavior or for marketing and research purposes. ASB will always state the purpose and, if necessary, obtain consent from the data subject prior to any data collection, storage, or processing.
**All the above excludes text messaging originator opt-in data; this information will not be shared with any third parties.
Confidentiality and Security
ASB is committed to ensuring the confidentiality and security of all Personal Data, taking careful procedural and organizational measures to protect it from accidental or unlawful destruction and disclosure. ASB also endeavors to protect personally identifiable information from unauthorized access or misuse.
Data Subject Access, Correction, and Deletion
ASB respects the rights of data subjects to access, correct, or delete their Personal Data. They also have the right to object to or limit the processing of their Personal Data as per prevailing laws. Consent can be withdrawn at any time, and the personal data will be deleted when it has fulfilled its purpose, subject to a full review of compliance with legal obligations or business processes.
Data Protection Office
An internal data protection office will handle data subject concerns and uphold their rights related to information access, processing objections, data portability, data rectification, and data erasure.
ASB will foster data protection and privacy culture through training programs for all employees.
Design with Privacy in Mind
In the design and implementation of new or existing systems or processes, considerations of privacy controls will be paramount. This is contingent on the technologies accessible, the cost of execution, and the scope, context, and objectives of personal data collection, storage, and processing. ASB is committed to applying suitable data-protection principles and establishing technical and organizational measures to safeguard personal data.
Regular Data Protection Impact Assessment
ASB is committed to conducting regular Data Protection Impact Assessments, which will encompass the following:
- A systematic overview of the system or purpose.
- Evaluation of the potential risks to data subjects’ rights and freedoms.
- Measures are taken to mitigate these risks, including safeguards and security measures to protect and demonstrate personal data.
Breach Notification Protocol
All ASB personnel who handle personal data must promptly report any incidents of data privacy breaches or policy violations to email@example.com.
All ASB personnel who handle personal data must take reasonable actions to protect it. The Data Privacy Officer (DPO) oversees the policy’s administration and compliance monitoring.
Mandatory enforcement of this policy includes measures to be taken in case of any violations by ASB personnel and its affiliates:
• Immediate reporting of all violations via email to firstname.lastname@example.org.
• Strict actions will be taken against any ASB personnel found violating this policy, considering factors such as the nature of the violation and the extent of damage caused. This could result in termination or other legal action.
• ASB includes its affiliates and group entities.
• Affiliates refer to ASB Resources LLC, ASB Resources Inc., ASB Technology Solutions Pvt. Ltd., and entities or individuals that either control, are controlled by them, are under common control, or are managed, operated, or acquired by them through various substantial relationships. “Control” signifies the direct or indirect influence over more than fifty percent (50%) of the voting power to elect directors or the power to direct the management policies of such an entity.
• Data Protection Laws and Regulations apply in the European Union and beyond, including the General Data Protection Regulation (GDPR), Information Technology Act 2000 (IT Act), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (IT Rules), Data Protection Act 1998 (USA), California Consumer Protection Act (CCPA), The Personal Information Protection and Electronic Documents Act (PIPEDA) Canada, Personal Data Protection Act 2012 (PDPA) Singapore, Personal Data (Privacy) Ordinance (PDPO) Hong Kong, Act on Protection of Personal Information (APPI) Japan.
• European Union includes the present member countries.
• Personal Data is any information about an identifiable or identified natural person.
• Personal Information under IT Rules refers to any information that, directly or indirectly combined with other available information, can identify a person.
• Processing involves any operation or operations performed on personal data.
• Specified purpose signifies clarity and transparency about why we are collecting personal data from the start.
• Sensitive personal data or information under Privacy Rules includes specific personal information like passwords, financial details, health condition, sexual orientation, medical records and history, biometric information, and any details related to these provided to a corporate entity for providing service. However, any information that is freely available or accessible in the public domain or provided under the Right to Information Act, 2005, or any other law currently in force will not be considered sensitive personal data or information for the purposes of these rules.”