- To collect, store and process personal data in a lawful manner;
- Provide consistent treatment of Personal Data throughout Total Negotiation and its operations
- Transfer Personal Data outside the European Union only to countries that the European Commission has determined provide adequate protection of such data and/or to Total Negotiation entities and other enterprises that use and protect that Personal Data in a manner consistent with the Commissions adequacy determinations.
Total Negotiation shall ensure that Personal Data relating to natural persons including employees (current as well as former) suppliers, and customers, are obtained and processed fairly, in accordance with the data subjects’ rights under Data Protection Laws and Regulations. Total Negotiation respects the privacy and is committed to promoting the responsible use of personal information and protecting individual’s privacy rights.
This policy applies to all Total Negotiation operations and business units and supersedes any other policy relating to personal data protection. This means that all Employees, Contractors, Working Partners and businesses carried on by Total Negotiation and any other company or organization that is managed by Total Negotiation, must comply with it.
3. Policy Guidelines
a. Total Negotiation as a data controller or processor, shall establish the specific purposes for which Personal Data is being collected and that its processing is done in a manner consistent with those purposes;
b. Total Negotiation shall collect and process only such Personal Data as is adequate, relevant and limited in scope and for a length of time to what is necessary for the stated purposes of its use;
c. Total Negotiation shall utilize IT systems and applications that have the ability to comply with Data Protection Laws and Regulations including providing appropriate security for storage and transmission of Personal Data;
d. Where required by the GDPR Total Negotiation shall perform Data Protection Impact Assessments;
e. Total Negotiation shall report breaches promptly and in line with the personal data breach notification process;
f. Total Negotiation shall record, investigate, analyze and report data protection-related complaints; and g. Provide that data protection training is undertaken by all appropriate employees.
g. Total Negotiation shall provide that data protection training is undertaken by all appropriate employees.
4. Data Collection Transfer & Processing
Total Negotiation may collect, store, use and disclose information about individuals which may constitute personal data (including sensitive personal data) under various Government Laws (for e.g. GDPR, etc.), lawful, explicit and legitimate purposes and for further processing of personal data consistent with those purposes.
The personal data may be processed for purposes including, without limitation,
- a. Administering relationships services.
- b. Operational purposes.
- c. Conducting market or customer satisfaction research.
- d. Providing individuals with information concerning products and services which Total Negotiation believes to be of interest.
- e. Compliance with any requirement of law, regulation, associations, codes that Total Negotiation decides to adopt.
- f. For the detection, investigation, monitoring and prevention of fraud and other crimes or malpractice.
- g. For the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or for establishing, exercising or defending legal rights or Any other purpose connected to or incidental to the purposes as stated above.
- h. Privacy data collected at website - cookies may be used in website to track user behavior, etc., and/or user name, address, email, phone number is collected for marketing or research purposes.
Total Negotiation shall obtain consent from the data subject in a free manner prior to collecting, storing and processing of personal data.
Total Negotiation shall not utilize an individual's personal data beyond this scope without prior consent from the individual and shall take measures to ensure that this principle is observed. An individual's personal data shall not be provided or otherwise disclosed to third parties other than Total Negotiation affiliates, investigators, or law enforcement personnel when consent has been obtained from the individual in question or when disclosure is legally mandated.
To the extent permitted by applicable law, Total Negotiation may record and monitor electronic and voice communications to ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined above.
Any transfer of personal data to a third party shall take place only if, all provisions of Data protection are applied by the third party in order to ensure that the level of protection of personal data is guaranteed.
Data shall be encrypted and anonymized wherever necessary.
5. Confidentiality and Security Correction & Deletion
Total Negotiation takes prudent steps to safeguard the confidentiality and security of all personal data including taking procedural and organizational steps to protect personal data from accidental or unlawful destruction. These steps include entering into written agreements with all its vendors, subcontractors who process personal data.
In addition, Total Negotiation strives to protect personally identifiable information that it maintains or disseminate so it is not obtained by unauthorized individuals or used in unauthorized ways, including through the use of appropriate administrative, physical, and technical safeguards.
6. Data Subject Access, Correction & Deletion
Total Negotiation recognizes the right of data subjects at reasonable intervals to seek / request a copy of the personal data held in relation to them by Total Negotiation. If any personal data is found to be wrong, the individual concerned has the right to ask us to amend, update or delete it, as appropriate. In some circumstances individuals also have a right to object to the processing of their personal data as per the prevailing laws.
If Total Negotiation undertake transactions or other services that involve the disclosure of personal data on behalf of any of our client or counterparty, it shall be the responsibility of such client or counterparty to ensure that it has all necessary authority to permit us to process and disclose the personal data accordingly.
Privacy consent can be withdrawn easily and at any time by the data subject by informing to appropriate authority within Total Negotiation as mentioned in the Access revocation process.
The privacy data shall be deleted from the system based on evaluation of compliance with a legal obligation or business process and technologies available to erasure individual data.
7. Privacy by Design
Privacy controls shall be considered while designing and implementing new or existing systems or processes, based on the technologies available, cost of implementation, scope, context and purposes of collecting, storing and processing.
Total Negotiation shall implement appropriate data-protection principles, technical and organizational measures, such as pseudonymization, data minimization, data encryption, etc.
8. Data Protection Impact Assessment
Total Negotiation shall conduct Data Protection Impact Assessment that shall include:
a. A systematic description of the system or purpose.
b. Assessment of the risks to the rights and freedoms of data.
c. The measures to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate
9. Breach Notification
All personnel of Total Negotiation handling personal data have a responsibility to report any data privacy breach related incidents in case of violation of the data protection policy to [email protected]
Data Privacy Officer (DPO), HR & Legal departments are responsible for the administration of this policy and monitoring its compliance. All personnel of Total Negotiation handling personal data shall take reasonable measures for the protection of personal data.
Personal Data means any information relating to a living individual who can be identified directly or indirectly by an identifier such as:
- a name, identification number, image, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- employee personal details like birth date, address, personal phone number
- personal email address, race, nationality, ethnicity, origin, color, religious or political beliefs or associations, age, sex, sexual orientation, marital status, family status, identifying number, code, finger prints, blood type, inherited, characteristics, health care history including information on physical/mental
- disability, educational, financial, criminal, history. Photographs of employee and internal gatherings
Lawful processing means that the activity is conducted in accordance with applicable national or international laws.
Specified purpose means being clear from the outset about why we are collecting personal data and are transparent about our purposes with the individuals concerned. Accurate means that the data collected and stored are correct and their integrity is protected.
Adequate, relevant and not excessive means that data should be sufficient for the intended purpose and that we should not hold more data than necessary for that purpose.
Data Protection Laws and Regulations means, in the European Union, the Data Protection Directive 95/46/EC and the national statutory legislation passed in each Member State implementing this Directive, the General Data Protection Regulation(GDPR) 2016 / 679, as well as national law that exists outside the EU in each country.
European Union means the current EU Member State countries of:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.
Enforcement of this policy is mandatory & violations of this policy will be reported through the Breach Notification Policy and Security Incident Response Team (SIRT) procedure.
The action taken after a violation is encountered is as follows:
a. All violations will be reported to the Total Negotiation leadership team
b. The person in violation will be issued a warning or will face stricter action depending upon the nature of the incidence for a first time violation.
c. Any further violation on part of the same person would result in strict disciplinary action up to termination of employment.