Baldor Technologies Private Limited (“BaldorTech”) through its online service IDfy.com conducts background verification checks for their clients, on individuals for the purpose of ascertaining their suitability for employment, verification of antecedents of persons for the purpose of matrimony, education, tenancy, award nomination hereinafter referred to as ‘Purpose”. Baldor undertakes such verification based on the request of interested employers, educational institutions, landlords, award nominating committees or individuals (i.e., prospective candidates) themselves.
BaldorTech is committed to protecting the privacy and personal information provided voluntarily by individuals (“Information”) to enable IDfy.com to complete the verification checks for its clients. This Policy sets out the nature/type of personal information collected, purpose of collection and usage, disclosure of such information, security protection and procedure.
This Policy has been drafted in accordance with the provisions of the Information Technology Act, 2000 and the Rules thereunder, including, without prejudice to the generality of the foregoing, the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011. Furthermore, the contents of this Policy are in compliance with the recommendations of the Report of the Group of Exports on Privacy, chaired by Justice A.P. Shah, dated October 16, 2012. The Report made certain recommendations and articulated nine ‘National Privacy Principles’, which are in line with the aforesaid the Information Technology Act, 2000 and the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011. A copy of the Report is available at http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf, and we would urge you to read the Report if you so wish. For the purposes of convenience, the nine National Privacy Principles are reproduced here; should you feel that this Policy does not meet any of the standards set out in the National Privacy Principles, please contact us at: contactus [at] idfy.com, and we will take the necessary steps to correct the mismatch between this Policy and the National Privacy Principles, if any.
The Nine National Privacy Principles:
Principle 1: Notice
Principle: A data controller shall give simple-to-understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:
a) During Collection
b) Other Notices
Principle 2: Choice and Consent
Principle: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorized agencies. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymized within a reasonable timeframe if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required.
Principle 3: Collection Limitation
Principle: A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.
Principle 4: Purpose Limitation
Principle: Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.
Principle 5: Access and Correction
Principle: Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.
Principle 6: Disclosure of Information
Principle: A data controller shall not disclose personal information to third parties, except after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.
Principle 7: Security
Principle: A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymization, unauthorized disclosure [either accidental or incidental] or other reasonably foreseeable risks.
Principle 8: Openness
Principle: A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.
Principle 9: Accountability
Principle: The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.
Please note that this Policy is only applicable to our online users and data gathered on our website IDfy.com and not to any other information or website.
PLEASE READ THE POLICY CAREFULLY TO FULLY UNDERSTAND THE NATURE AND PURPOSE OF GATHERING INFORMATION, USAGE, DISCLOSURE, SECURITY PROCEDURE AND SHARING OF SUCH INFORMATION.
1.Nature/Type of Information Gathered and Purpose
BaldorTech gathers/obtains Information about you like address, email, educational qualification, past employment, references etc., for doing a background verification check for Purposes, if you choose to provide the same voluntarily by reading, understanding and consenting to the terms of the Consent Form/Authorisation Form which is available on requesting a verification through our service. BaldorTech only collects Information that is necessary to provide the services requested by you. If any other additional Information is required other than what is stated in the consent form, then the same shall be obtained after the same is notified to you.
BaldorTech does not collect any Sensitive Personal Data or Information, without due notification to you and without your consent unless it is mandated by law. Sensitive Personal Data or Information (“SPI”) of a person means such personal information which consists of information relating to password, financial information such as bank account or credit card or debit card or other payment instrument details, physical, physiological and mental health condition, sexual orientation, medical records and history, biometric information. The background verification of your Information may be done by BaldorTech directly or through one or more of its associates. All the Information verified and reports shall be incorporated in a database by BaldorTech. By requesting and consenting to our service, you are also consenting to the sharing of your Information with third parties for the Purposes mentioned above. For the sake of clarity, any reference to the term “Information” in this Policy would include any SPI that is provided by you to BaldorTech.
Please use your discretion when providing SPI to BaldorTech, and under any circumstances, do not provide sensitive information to BaldorTech, unless you thereby consent to BaldorTech’s use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in BaldorTech databases. If you have any questions about whether the provision of SPI to BaldorTech is, or may be, necessary or appropriate for particular purposes, please contact BaldorTech at the address indicated below.
In some instances, BaldorTech may share SPI about you with authorised service providers or vendors working on our behalf to help fulfil your requests. BaldorTech may also store SPI in a jurisdiction other than where you are based. By providing SPI on BaldorTech’s Web Site, visitors are consenting to this transfer and/or storage of their data across borders.
BaldorTech may also disclose SPI in connection with the sale, assignment, or other transfer of the business of the Web Site, in order to respond to requests of government or law enforcement agencies or where this is required by applicable laws, court orders, or government regulations. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat. BaldorTech does not sell SPI to any third parties. Also, BaldorTech will not transfer the SPI you provide to any third parties for their own direct marketing use.
You have several choices regarding your use of our sites. In general, you are not required to submit any SPI when you visit the Web Site, but BaldorTech may require you to provide certain SPI in order for you to receive additional services and reports. The Web Site may also ask for your permission for certain uses of your SPI, and you can agree to or decline those uses. If you subscribe for particular services or communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.
You can also make a request to update or remove information about you by contacting contactus [at] idfy.com, and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
2.Disclosure/Sharing of Information
To enable BaldorTech to provide you with the service of background verification check, the Information provided by you may be shared by BaldorTech either with its own employees, other corporate entities and affiliates or unaffiliated third party service providers (both in India and outside India) working on our behalf to provide the service and all other agencies from which relevant information about your background is to be obtained (both in India and outside India), on a need to know basis for the purpose of verifying the authenticity of the Information/ for the purpose of undertaking the verification and submitting a report, which may used by you for your Purpose. All such Information gathered is also retained by BaldorTech in its database. BaldorTech will not disclose such Information to others or use such Information except in connection with the performance of the services agreed by you. By requesting and consenting to our service, you are also consenting to the sharing of your Information with our third party service providers and sharing of all such Information with any other client of BaldorTech as part of BaldorTech’s service to its other clients.
In case of an amalgamation, merger, acquisition or business transfer, BaldorTech will transfer all your Information to the acquirer.
3.Security Practices and Procedure
Baldor Tech has enabled appropriate security procedures to secure the Information obtained and stored by Baldor Tech during the course of its business.
BaldorTech has reasonable security policies and procedures in place to protect Information from unauthorised loss, misuse, alteration, or destruction. Despite BaldorTech’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your Information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such Information. We also make reasonable efforts to retain Information only for so long as the account is active or the consent is withdrawn.
To ensure that the Information you provide is complete, accurate and up to date BaldorTech allows you to change or correct your Information at any time. For any change/correction of Information you may simply log into your personal profile, via www.idfy.com and follow the instructions.
If you have not accessed your profile for some time we may also contact you to check your information is still correct. A request for access to the personal information we hold about you, or in relation to an inquiry about privacy, should be sent to contactus [at] idfy.com for the attention of our director. You can close your account at any time in which event we will remove all our copies of your profile and your account information from the Web Site, except for an archival copy which is not accessible on the internet.
We also allow other companies to display advertisements to you while you are visiting our Web Site. Because your web browser must request these advertisements from the other companies’ servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site. IDfy.com has no control over, and is not responsible for, the practices of those third party advertisers. IDfy.com encourages you to review the policies of such advertisers. Third parties, such as Google, and other advertiser platforms, may also use information that they gather from your activity on our Web Site to select which IDfy.com advertisement should be displayed to you on web sites other than our Web Site.
You can opt-out of customized advertising by third parties by setting your browser to decline third party cookies or some browsers allow you to block cookies from a particular third party whose customized advertising you do not wish to receive. You can also delete the advertiser’s cookie each time after it has been served. In addition, third party advertisers, including advertising networks, may offer an opt-out of their customized advertising. If you visit an advertiser’s own web site, you will be able to see their policies.
6.Links to Other Sites
7.Changes to this Policy
If you have any suggestions or questions you may email to us at contactus [at] idfy.com.