top of page

Privacy Policy _

 

Information We Collect:

 

Surelia Infosystems collects personal data necessary to fulfil its business operations, legal obligations, and service provisions. Data is collected from customers, employees, vendors, and website users, ensuring that only relevant and essential information is gathered. 

  • Personal information collected may include name, contact details, job title, financial information, and identification numbers, among others. 

  • Information is collected directly from the data subject, through online interactions, contracts, service requests, surveys, and third-party service providers. 

  • We may collect sensitive data such as payment details, biometric data, or health-related information with the explicit consent of the data subject, where necessary. 

  • Any data that is not essential to Surelia Infosystems operations or legal obligations will not be collected unless explicitly required for specific purposes.

 

Purpose of Data Collection:

 

The data collected by Surelia Infosystems will only be used for specific, lawful purposes in alignment with business needs, regulatory requirements, and contractual obligations. 

  • Personal data may be used for purposes such as customer support, contract execution, marketing communications, and compliance with legal requirements. 

  • Employee data is collected for the administration of employment contracts, payroll processing, performance evaluations, and benefits management. 

  • We collect data to facilitate smooth business operations, including client onboarding, transaction processing, and customer relationship management. 

  • Data will only be used in ways that are compatible with the original purpose for which it was collected, ensuring compliance with data protection regulations. 

 

Data Usage & Retention:

 

Surelia Infosystems is committed to ensuring that personal data is not retained for longer than necessary to fulfil its purpose and complies with legal retention requirements. 

  • Personal data will only be retained for as long as required to meet legal, contractual, or business obligations. 

  • Any data not required for business purposes or legal compliance will be securely deleted or anonymized after the retention period expires. 

  • Data that is retained will be securely stored, with limited access granted only to authorized personnel on a need-to-know basis. 

  • We maintain a secure backup and archival system to ensure data can be recovered if required for legal or business purposes. 

 

Data Sharing & Disclosure:

 

Surelia Infosystems ensures that personal data is shared only with third parties when necessary and with appropriate safeguards in place to protect the data. 

  • Data may be shared with third-party vendors or service providers when required to facilitate business operations, such as cloud hosting, payment processing, or analytics. 

  • We will not share personal data with third parties without consent, except when required by law, for legal obligations, or when responding to government requests. 

  • Third-party service providers must comply with the same data protection standards and confidentiality agreements as Surelia Infosystems and will only process personal data based on instructions from Surelia Infosystems. 

  • Personal data may be disclosed if necessary to protect Surelia Infosystems’ rights, defend against legal claims, or ensure compliance with regulatory or contractual requirements. 

 

Privacy Rights & Data Subject Requests:

 

Individuals have specific rights concerning their personal data under privacy laws such as GDPR, and Surelia Infosystems is committed to ensuring that these rights are respected and upheld. 

  • Data subjects may request access to their personal data, correction of inaccuracies, or deletion of their data under the provisions of applicable data protection laws. 

  • Requests for data access, rectification, or deletion must be processed within a reasonable timeframe, typically within 30 days. 

  • Surelia Infosystems will provide individuals with clear instructions on how to exercise their rights, including how to submit requests and verify their identity. 

  • Requests for data portability or objections to data processing will also be handled in compliance with legal requirements. 

 

Third-Party Data Transfers:

 

Surelia Infosystems may transfer personal data to third-party service providers, affiliates, or business partners for legitimate business purposes, provided that appropriate safeguards are in place. 

  • Transfers of personal data outside of Surelia Infosystems must be conducted in compliance with applicable data protection laws, including GDPR and the IT Act 2000. 

  • Adequate safeguards, such as data transfer agreements, contractual clauses, and secure transfer mechanisms, will be implemented when transferring data across borders. 

  • All third-party data processors must adhere to strict data protection standards and confidentiality obligations. 

  • Data transfers to third parties for processing must be based on written agreements outlining the purpose, scope, and duration of data processing. 

 

Privacy Training & Awareness:

 

Employees must be trained on privacy policies, data protection laws, and how to handle personal data securely. 

  • Privacy training will be provided at onboarding and regularly updated to reflect new regulatory requirements, data protection practices, and security controls. 

  • Staff must understand their role in protecting personal data, recognizing potential privacy risks, and reporting incidents. 

  • Ongoing monitoring and auditing will ensure that employees remain compliant with privacy obligations and practices.

bottom of page