top of page

Privacy Policy

PRIVACY POLICY


1. Introduction and Scope  
This Privacy Policy ("Policy") establishes the framework governing the collection, storage, processing, transmission, and protection of personal data and sensitive personal data or information ("SPDI") as defined under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules"), in relation to the use of [App Name] ("App"), an internal mobile application developed and operated by [Company Name] ("Company", "we", "us", or "our"). This Policy applies exclusively to current employees, contractual workers, consultants, and other authorized personnel ("Users") who have been granted legitimate access to the App for business purposes within the Republic of India.  



2. Definitions and Interpretation  
For the purposes of this Policy:  
- "Personal Data" shall mean any information relating to an identified or identifiable natural person, including but not limited to employee ID, name, contact details, job title, department, and device information.  
- "SPDI" shall have the meaning ascribed under Rule 3 of the IT Rules, encompassing passwords, financial information, biometric data, or any other sensitive personal data as may be applicable.  
- "Processing" shall include the collection, recording, organization, storage, adaptation, retrieval, use, disclosure by transmission, dissemination, or otherwise making available of Personal Data or SPDI.  



3. Data Collection and Categories of Processed Information  
The Company may collect, process, and store the following categories of User data:  




3.1 Identity and Employment Data  
- Full legal name, employee/contractor identification number  
- Official contact details (company email address, registered mobile number)  
- Job title, department, designation, and reporting hierarchy  
- Employment type (full-time, part-time, contractual) and tenure details  


3.2 Authentication and Access Data  
- Login credentials (username, password, OTP verification logs)  
- Multi-factor authentication records  
- IP addresses, device identifiers (IMEI, MAC address), and timestamps  


3.3 Operational and Usage Data  
- Feature-wise usage patterns and frequency  
- Session duration and active/inactive status logs  
- Error reports and crash analytics  


3.4 Location Data (Where Applicable)  
- Precise GPS coordinates (only with explicit prior consent)  
- Wi-Fi/Cellular network-based approximate location  
- Geofencing logs for attendance marking or facility access  



 

4. Lawful Basis and Purposes of Processing  
The Company processes User data under the following lawful bases as recognized under applicable Indian laws:  


 

4.1 Contractual Necessity  
- To authenticate User identity and authorize App access  
- To facilitate payroll processing, benefits administration, and HR operations  
- To enable task allocation, performance tracking, and workforce management  


4.2 Legitimate Business Interests  
- To maintain IT security and prevent unauthorized access  
- To analyze usage patterns for App optimization  
- To ensure business continuity during emergencies  


4.3 Legal Obligations  
- To comply with labor laws, tax regulations, and statutory reporting requirements  
- To respond to lawful government or judicial requests  


4.4 Explicit Consent (For SPDI and Location Data)  
- Prior written consent shall be obtained for processing SPDI beyond what is necessary for employment purposes  
- Separate opt-in consent shall be acquired for continuous location tracking  


 

5. Data Retention and Storage Protocols  




5.1 Retention Periods  
- Active employment data: Retained throughout service period plus 7 years post-separation  
- Authentication logs: 2 years from date of generation  
- Location history: 90 days unless required for specific investigations  


5.2 Storage Locations  
- Primary storage on AWS Asia Pacific (Mumbai) Region  
- Backup servers located within Indian territory  
- End-to-end encryption for data in transit and at rest  


 

6. Data Sharing and Third-Party Disclosures  



6.1 Internal Sharing  
- HR Department: For personnel management and benefits administration  
- IT Security Team: For access control and cybersecurity monitoring  
- Facility Management: For physical access permissions (where integrated)  



6.2 External Service Providers  
- Cloud infrastructure partners (subject to DPDPA-compliant agreements)  
- IT support vendors bound by confidentiality obligations  
- Statutory auditors and compliance consultants  



6.3 Regulatory Disclosures  
- To Income Tax authorities for Form 16/24Q compliance  
- To EPFO/ESI authorities as mandated by law  
- In response to court orders or lawful government requests  



7. User Rights and Grievance Redressal 

7.1 Access and Correction Rights  
Users may:  
- Request access to their processed Personal Data/SPDI  
- Seek rectification of inaccurate or incomplete data  
- Withdraw previously granted consents (where applicable)  



7.2 Erasure Requests  
Data deletion may be permitted unless:  
- Required to be retained by applicable laws  
- Necessary for pending investigations or legal proceedings



7.3 Grievance Mechanism  
All privacy-related concerns shall be addressed by the Designated Grievance Officer as required under Section 5(9) of the IT Rules:

Name: Manoj Balakrishnan


Email: contact@vrvsonline.com  


Postal Address: VRVS House  1-11-251/2, Begumpet,  Hyderabad 500 016  TS, India

 

8. Security Measures and Breach Protocols  



 

8.1 Technical Safeguards  
- AES-256 encryption for stored data  
- TLS 1.3 for all data transmissions  
- Annual penetration testing and vulnerability assessments  



8.2 Organizational Controls  
- Role-based access privileges with MFA enforcement  
- Mandatory privacy training for handling personnel  
- Third-party security audits every 6 months  



8.3 Breach Response  
- Notification to Indian Computer Emergency Response Team (CERT-In) within 72 hours of breach detection  
- Individual alerts to affected Users where risk assessment warrants  



 

9. Policy Updates and Version Control  
This Policy shall be reviewed annually or upon material changes in applicable laws. Users shall be notified of revisions through:  
- In-App banners for minor changes  
- Registered email communication for substantial modifications  
- Mandatory re-acceptance for critical updates  



 

10. Governing Law and Dispute Resolution  
This Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising shall be subject to the exclusive jurisdiction of courts in Hyderabad, India.  


Last Updated: 31-March-2025

 

ACKNOWLEDGEMENT  


By accessing and continuing to use the App, Users hereby:

1. Confirm having read and understood this Policy in its entirety  


2. Acknowledge that the Company may process their Personal Data/SPDI as described herein  


3. Agree to report any suspected policy violations immediately  


 

vrvs logo.png

Corporate Office: 

VRVS House

1-11-251/2, Begumpet,

Hyderabad 500 016

TS, India

+91-40 – 6690 9999

Home
Products
Services
Clients
People
Training
Gallery
 

Established in 1995, VRVS India is a leading MEP Engineering services/ Operations and Maintenance company that has grown from strength to strength over the years delivering excellence to its clients with annual maintenance contracts and turnkey projects. With a dedicated team of over 2000 people, we deliver service with a smile.

Locations - Bengaluru, Bhubaneshwar, Chennai, Hyderabad, Mumbai, Nagpur, NCR & Vizag 

ISO 9001, ISO 14001, OHSAS 18001 CERTIFIED
  • Instagram
  • Facebook

ALL RIGHTS RESERVED © 2025, VRVS

bottom of page