Introduction
This Privacy Policy outlines our commitment to data protection and compliance with data protection laws within India. It aims to provide transparency and assurance to our clients regarding the collection, storage, and use of their personal information. By becoming a client and using our services, you consent to the practices described in this policy.
Our Role
We are an organization that serves as the leading global organization dedicated to supplying brand concepts, graphics, products and solutions to all partners in the retail supply chain. R-Pac International Privacy Policy outlines how we collect, use, retain, secure, and disclose personal information in our role as a data processor.
Why We Collect PII
We collect personally identifiable information (PII) to ensure the efficient delivery of our services and to comply with the requirements of operating an organization. The specific reasons for collecting each category of PII are as follows:
Registered Company Name: To identify and verify business entities we engage with, ensuring legitimacy and maintaining accurate records for contractual and service-related activities.
Company Address: To tailor our services based on geographical location, and provide relevant regional support and offers. Also to facilitate accurate delivery of physical goods, correspondence, and official documentation, as well as to ensure compliance with billing and shipping requirements.
Name of Contact Person: To personalize our interactions and communications, ensuring we address the correct individual in professional correspondence.
Security of PII
We employ robust security measures to ensure the secure storage of collected PII:
Access Control: Authorized personnel with specific job responsibilities have limited access to stored PII, enforced through unique user credentials and role-based permissions.
Physical Security: Physical safeguards like access controls and surveillance systems protect against unauthorized physical access.
Disciplinary Policy: Strict policies and non-disclosure agreements prevent misuse of Personal Data by staff and vendors.
Vendor Policy: Strong agreements are in place with vendors processing personal data, including regular risk assessments.
Security Audits: Periodic security audits and assessments identify and address vulnerabilities to maintain robust security.
Please note that while we implement these measures, no method of data transmission or storage can be entirely guaranteed as 100% secure. However, we strive to adhere to industry best practices for data protection.
Obligations to Client
We offer a Clients Helpdesk for Modification, Deletion, and Consent Withdrawal of Personal Data. Our Data Protection Officer (DPO), (DPO@r-pac.com), acts as the main point of contact for queries related to PII processing.
Security Incidents
We take PII security seriously and have outlined guidelines for addressing security incidents:
Critical Security Incidents: A dedicated response team addresses critical incidents promptly, mitigating their impact, investigating causes, and implementing corrective actions.
Incidents Involving PII: Unauthorized access, disclosure, alteration, or destruction prompts immediate assessment and necessary actions. Affected individuals are informed with protective measures.
Security Protocols with Vendors
Our data sharing with trusted vendors is governed by robust security protocols:
Confidentiality Measures: Legally binding agreements enforce vendor confidentiality and restrict data use.
Data Encryption: Industry-standard encryption protocols protect data during transmission and storage.
Security Audits: Regular assessments of vendors' security practices ensure compliance.
Incident Response and Notification: An incident response plan addresses breaches or incidents involving vendors, ensuring timely notifications.
Any Vendor/ Consultant/ Service Provider under an active Agreement/ Contract is restricted to compromise any data/ information in any format within their custody. Upon the expiration or termination of any Agreement/ Contract vendor shall promptly return all data/ information, in any format, held within their custody & any residual copies must be explicitly destroyed, with confirmation provided to R-Pac. Detection of any unauthorized use or abuse is imperative & the liability solely stands with the Vendor/ Consultant/ Service Provider & not R-Pac.
No Misuse of PII
We want to assure our clients that the PII collected by us is never misused for any purpose other than those explicitly mentioned in this policy. We are committed to upholding the trust you place in us and ensuring that your data is treated with the utmost respect and integrity.