Provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act 2005 or any other law for the time being in force will not be regarded as SPDI.
We collect information through our website, social media platforms (including Facebook, Instagram, YouTube and Twitter), and from other available online and offline sources. To the extent the information we collect is of a personal nature, as described below, it will be collected on a voluntary basis i.e. you have a choice to provide or withhold such personal information. You are under no obligation to provide us with any personal information while browsing our website.
However, please note that information such as IP address, browser type, mobile device type, pages visited, Media Access Control (MAC) address, screen resolution, operating system name and version, device manufacturer and model, time of visit and/or the duration of the use may be recorded automatically. Collecting browser activities or IP addresses is common practice for purposes such as calculating usage levels and helping diagnose server problems.
Personal information we may collect from you includes:
Except for credit card and payment related information or unless so requested, we ask that you do not send us, and you do not disclose, any sensitive personal information (e.g., government identification numbers, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, or criminal background) on or through the website or otherwise to us.
You represent that all the information that you provide to us from time to time is and shall be correct, current and updated and that you have all the rights, permissions and consents to provide such information. Your providing the information and our consequent storage, collection, usage, transfer, access or processing of the same shall not be in violation of any third party agreement, laws, judgments, orders or decrees.
KCO Note*: Collection, use, storage, processing, transfer and disclosure of financial information (which is considered as SPDI) would require compliance with several obligations as provided under the SPDI Rules. In this regard, you may refer to our snapshot on the extant data protection laws of India, to understand the several compliance requirements.
Any information collected by us will be kept confidential. We do not, and will not, sell your information to third parties.
The information collected by us may be used for a number of purposes connected with our activities including:
If you choose to provide us with your payment or credit card information, we will use such information strictly for the purposes for which it was provided.**
KCO Note**: Please refer to KCO Note*
Beyond this, we will only share your information if we are required to do so by law. This may include disclosure under applicable law to comply with any legal process or to provide information to aid any investigation including where matters of public safety are involved or to respond to any judicial or quasi-judicial process and provide information to any statutory, legislative or governmental authorities, including laws outside your country of residence, or responding to requests from government authorities, including government authorities outside your country of residence. We fully cooperate with law enforcement agencies in identifying those who use our website for illegal activities and may, in our sole discretion, disclose information to satisfy any applicable laws, regulations, or government requests. Additionally, we reserve the right to voluntarily release any information about users who we believe are engaged in illegal activities, without any court order or summons, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our website or to protect our rights and/or property, or that of our directors, employees, partners, agents.
We will retain your personal information only for the period necessary to fulfil the purposes for which it has been provided, unless a longer retention period is required by law.
We will not share your information with another entity within or outside India unless such other entity provides the same level of security as is required under law and such information transfer is necessary for the provision of services to the provider of the data. In any event, we will not transfer your information to an entity in another country unless such country is considered ‘adequate’ under the provisions of the GDPR. Even if these conditions are met, we will only share your information with your consent, unless we are required to disclose it by law.***
KCO Note***: Please note that under the SPDI Rules, it has been specified that a body corporate or any person on its behalf may transfer SPDI to any other body corporate or a person in India, or located anywhere across the globe, provided that the transferee ensures the same level of data protection that is adhered to by the body corporate as per the SPDI Rules.
In relation to any personal information you provide to us, you have the following legal rights:
You have the right to withdraw your consent (which you provided to process your personal information) at any time. You may withdraw your consent or exercise any of your rights in relation to your personal information by contacting our grievance officer, whose details are listed below. However, this will not affect the validity of any lawful processing of your information until the time when you withdraw your consent. Some of the rights listed above may only be exercised in certain circumstances, and where lawfully permitted, thus we reserve the right to not comply with such a request from you.
We have implemented technology and policies, with the objective of protecting your information from unauthorised access and improper use, and periodically review the same.
KCO Note****: Section 43-A of the IT Act mandates following of “reasonable security practices and procedures” in relation to SPDI. It shall be considered that a body corporate has implemented such reasonable security practices and procedures, if they implement security practices and standards and have a comprehensive documented information security programme and policies that contain managerial, technical, operational and physical security control measures that are proportionate to the information assets that the body corporate is seeking to protect. The International Standard IS/ISO/IEC 27001 relating to ‘Information Technology-Security Techniques-Information Security Management System–Requirements’ is one of the standards (“Stipulated Standard”) specified under the Rules that may be implemented by the body corporate while handling SPDI. If the body corporate follows any standard apart from the Stipulated Standard for data protection, they are required to get their codes (“Codes”) approved and notified by the Government of India. Any such standard, i.e. Stipulated Standard or Codes, implemented by the body corporate needs to be certified or audited by an independent auditor approved by the Central Government. Further, an audit has to be carried out by such an auditor at least once a year or as and when there is a significant upgradation of processes and computer resources.
We do not envisage that any decisions will be taken about you based solely on automated means. We will notify you in writing if this changes.
Should you wish to change, update, modify or correct your information in any way, you may write to us. We endeavour to ensure protection of your information at all times and may require you to furnish additional proof of identity such as a government issued identity card in order to make any changes.
St. Jude India ChildCare Centres,
Cotton Green Campus,
Ground Floor, Mumbai Port Trust Colony,
ABC Colony (Rajas Nagar),
Zakaria Bunder Road,
Sewri, Mumbai 400015.
Any discrepancies and grievances with respect to processing of your personal information shall be informed to the designated grievance officer as mentioned below:
Name: [Malvika Sah]
Designation: [Communications Manager]
Email ID: [email@example.com]
Last updated: [11 September, 2020]
KCO Note*****: The SPDI Rules provide that a body corporate must address grievances of the information provider within a specified time. For this, the body corporate is required appoint a Grievance Officer to address such grievance within a period of 1 (one) month from receipt of the grievance.