Foreword

Mount Meru Group (MMG) is committed to safeguard the privacy of individuals and ensures that they continue to trust MMG with their personal data or information. We believe that when our customers, employees, and other key stakeholders entrust us with their personal information, we owe it to them to safeguard it and to use it wisely and in a judicious manner. Ensuring and safeguarding data privacy is the right thing to do.

1. MMG has adopted a data privacy policy that identifies the organization’s objectives for privacy. This policy articulates the definition of personal information and underlines the importance of the data elements that fall under the definition.
2. The data shall be collected by fair and lawful means, with the knowledge of the provider of information.
3. Implicit or explicit consent has been and shall continue to be obtained from the provider of information with respect to the collection, use, and disclosure of personal information received.
4. We shall provide notice about our privacy policies and procedures which identifies the purposes for which personal information is collected, used, retained, and disclosed.
5. An inventory of elements has been created that are important from the privacy perspective, and which are subject to the requirement of this policy.
6. We ensure that the provider of information is giving access to his/her information gathered and stored in our systems and is also enabled to modify the data provided by him/her.
7. MMG limits the use of personal information to the purposes for which the individual has provided consent. We shall retain personal information for only as long as necessary to fulfil the stated purposes or as required by law and thereafter appropriately dispose of such information.
8. MMG may potentially disclose personal information to third parties only for the purposes for which the individual has provided consent.
9. We shall maintain a comprehensive framework that is organized to achieve the end goals of data security and privacy. It includes security practices, standards, and policies with the objective of protecting personal information from unauthorized access and improper use and ensures periodic review of the same.
10. We shall provide ongoing data privacy training to the target audience and ensure that adequate level of understanding exists about privacy requirements, applicable privacy principles and their implications.

For further details, please refer to the detailed MMG Data Privacy Policy provided hereinafter

Introduction

At Mount Meru Group (MMG) we respect the privacy of individual and are committed to take reasonable precautions to protect information consisting of Personal information and `Sensitive Personal Data or Information’ (SPDI) (“Information”) of individuals and comply with all legal, regulatory and contractual obligations related to privacy. MMG has adopted the “Privacy by Default” principles in its approach to data privacy i.e. privacy of data and information is upheld first by default.

This policy covers the processing, storage and access to such Information as required under lawful and contractual activities with MMG or otherwise required in the normal course of business. It describes by natural persons and meets the requirements established under:

• The Information Technology Act, 2000 – Section 43A
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011

1. Scope and Exclusions:

This policy applies to all visitors of MMG websites.

2. Required References:

2.1 Mount Meru Group Security Policy

2.2 Requirements of the Information Technology Act, 2000 http://meity.gov.in/content/information-technology-act

3. MMG requirements

3.1 Information covered by this policy.

This Privacy Policy applies to Information collected and processed by the organization consisting of following:

3.1.1. Personal information is information related to an individual, or a combination of pieces of information that could reasonably allow an individual to be identified. Personal information may consist of full name, personal contact numbers, residential address, email address, gender, or date of birth. While information such as date of birth in isolation may not be enough to uniquely identify an individual, a combination of full name and date of birth may be sufficient to do so.

3.1.2. Sensitive personal data or information (“SPDI”) is such personal information that is collected, received, stored, transmitted, or processed by the organization, consisting of:

• Password
• Financial information such as bank account or credit card or debit card or other payment instrument details
• Physical, physiological, and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information
• Any detail relating to the above personal information categories as
• Any of the information received under above personal information categories by the organization for processing, stored or processed under lawful contract or otherwise.

Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.

3.2. Purpose

MMG shall collect and use Information for legitimate business purposes in order:

3.2.1 That a visitor may download product information, order products and take advantage of certain other features of MMG’s website.

3.2.2 To provide information or interactive services through this website, to the visitor’s e-mail address or, where the visitor wishes it to be sent by post, to the visitor’s postal address

3.2.3 To seek the visitor’s feedback or to contact the visitor in relation to the services offered on MMG’s website.

3.2.4 To process orders or applications submitted by the visitor

3.2.5 To administer or otherwise carry out MMG’s obligations in relation to any agreement that the visitor may have with MMG

3.2.6 To anticipate and resolve problems with any goods or services supplied to the visitor

3.2.7 To create products or services that may meet the visitor’s needs

3.2.8 To process and respond to requests, improve MMG’s operations, and communicate with visitor/s about MMG’s products, services and businesses

3.2.9 To allow the visitor to subscribe to MMG’s news alerts.

3.3 Collection of Information

3.3.1 The amount and type of data and details that MMG minimally needs to collect for the identified purpose shall be determined prior to collection.

3.3.2 Only minimum privacy data and details required to meet business purposes shall be collected from individuals.

3.3.3 Neither MMG nor its representatives shall be responsible for the authenticity of such Information provided by the individual.

3.3.4 The purpose and intended usage for which Information is being collected shall be communicated at the point of collection. As normal business practice, MMG may collect Information in order to enable the secure online authentication, interaction and transaction with natural persons. This may include the installation of cookies and the collection of other session data.

3.4 Access, Correction of Information, and withdrawal of consent

3.4.1 Any modifications / corrections required to the Information can be carried out on the website. In the event one is unable to do so due to lack of functionality in our website and / or one wants to withdraw his / her consent to provide SPDI, he / she may contact the Grievance officer, the details whereof are provided in clause 4.6 of this policy.

3.5 Retention, Processing and Storage of Information

3.5.1 MMG shall retain Information for only as long as necessary to meet legal or regulatory requirements or for legitimate business purposes communicated at the point of collection

3.5.2 MMG have implemented required security practices and standards in line with the global standards and have a comprehensive documented information security program and policy in place, which contains managerial, technical, operational and physical security control measures that commensurate with the information assets being protected with our nature of business. It is being reviewed periodically to keep pace with business, technology and regulatory changes.

3.6 Disclosure of Information

3.6.1 MMG shall not use or disclose Information for purposes other than those for which it was collected, except with the consent of individual providing such Information or as required by law. However, MMG may be legally required to disclose the Information in the following cases:

3.6.1.1 Where the disclosure is necessary for compliance of a legal obligation.

3.6.1.2 Where mandated under the law by government agencies to disclose such Information.

3.6.2 Where necessary, MMG may disclose Information to business partners or third parties during the normal course of business for the purposes for which it was collected. In such cases, MMG shall only share Information related data when MMG is assured that:

3.6.2.1 The Information is processed legitimately and appropriately by the business partner or third party in line with the established consent or in line with legal requirements.

3.6.2.2 The business partner or third party has adopted a reasonable and equivalent level of security practices and procedures to ensure security of the Information shared.

3.7 Feedback or Concern

For feedback or concern if any, kindly contact at

Email Id: info@mountmerugroup.com
Phone: 022-40141286