Data Protection Policy
Introduction
Haier Appliances India Pvt. Ltd. (hereinafter referred as Haier) is a consumer electronics and home appliances company. It designs, develops, manufactures and sells consumer durables & electronic products like air conditioners, microwave ovens, washing machines, refrigerators, and televisions etc.
Haier is also a global brand with the headquarter in P. R. China (hereinafter referred to as the brand).
Haier is particularly committed to conduct its business in accordance with the prevailing laws regarding protection of individual privacy and personal data.
Our products and services are not targeted to persons under the age of 18 or any person who are not competent to contract as per prevailing laws. We do not knowingly collect or process personal data from persons under the age of 18 or of person who are not competent to contract. Please note that if you are under the age of 18, you have to provide us a written signed consent from your parent or guardian indicating that your parent or guardian has consented for us to enter with a valid contract and in furtherance to process your data and send us the consent through contact information provided from the section of “Whom should I contact?”
The purpose of this Data Protection Policy (the “Policy”) is to inform you (the user) about the commitments made by Haier to ensure that your personal data & information are processed in compliance with the applicable & relevant laws.
This Policy may evolve according to the legal and regulatory context and the doctrine of supervisory authorities.
Definitions
Data Controller (or “Data Fiduciary”): means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.
Data Subject: means the natural person of whom the personal data are processed by Haier.
Personal Data: means data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such features, or any combination of such features with any other information.
Sensitive Personal Data or Information of a Person means such personal information which consists of information relating to:
(i) password;
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise;
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
Processing: means an operation or set of operations performed on personal data, and may include operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, disclosure by transmission or dissemination or otherwise making available, restriction, erasure or destruction.
Data Processor: means any person, including the State, a company, any juristic entity or any individual who processes personal data on behalf of a data controller, but does not include an employee of the data controller.
Consent: means acknowledgment given by Data Subject to use or not to use his/her personal data.
Applicable law
The Policy is subject to the relevant laws applicable on Haier such as Information Technology Act 2000 and Right to Information Act 2005.
In case any of the terms/provisions herein are inconsistent or in contradiction with the applicable laws, the applicable laws shall prevail and the terms/provisions herein shall be interpreted and apply to the maximum extent permissible under the applicable laws.
Principles for processing Personal Data
Haier commits to ensure that Personal Data are:
· processed fairly and reasonably and lawfully manner;
· collected for specified, clear, legitimate purposes and limited to what is necessary;
· accurate and, where necessary, kept up to date;
· kept for no longer than is necessary for the purposes;
· processed in a manner that ensures appropriate security.
Responsibilities
Haier ensures that all its processing are performed in accordance with the applicable laws.
Management
Management is responsible for defining and structuring all processes where Personal Data can be collected, processed and/or used, that they comply with this Policy.
In particular, the following tasks are falling in the responsibility scope of the management:
· Ensuring that technical and organizational security measures are in place;
· Assuring that processes for the Personal Data collection, use and/or processing are compliant with the applicable laws;
· Monitoring on a regular basis the relevant applicable laws.
How do we process Personal Data?
In which context do we obtain Personal Data?
· By hiring people;
· By being contacted by customers, suppliers and/or other persons via our website, phone, email or any other mean;
· By prospecting new clients.
How do we respect the transparency principle?
Data Subjects are informed by the Haier legal entity which is collecting the Personal Data that his/her Personal Data are collected, used and/or processed and how his/her Personal Data are being handled by Haier.
In particular, Data Subjects are informed (i) of which types of Personal Data will be subject to Processing; (ii) for which specific purpose(s); (iii) to whom such Personal Data might be transmitted; (iv) how the Data Subject can exercise its rights; and (v) of when Personal data shall not be kept.
How do we use the Personal Data?
Personal Data are subject to data secrecy. Haier apply the following rules in order to prevent any unauthorized collection, processing or use of such data by its employees:
· Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question;
· Employees shall not disclose Personal Data to unauthorized people, either within the company or externally;
· Employees shall request help from their manager or the Data protection officer (if applicable) if they are unsure about any aspect of data protection.
How do we respect data accuracy?
Haier ensures that Personal Data are accurate and, where necessary, kept up to date, by applying the following rules:
· Employees shall take every opportunity to ensure Personal Data are updated and the management shall ensure that relevant databases and systems are checked on a regular basis;
· Personal Data shall be updated as inaccuracies are discovered.
How do we store Personal Data?
Haier is aware that the periods for which the Personal Data are stored must be limited to a strict minimum time limit to ensure safely storage, Haier applies the following rules:
· Personal Data shall be protected by strong passwords that are changed regularly and never shared between employees;
· Personal Data shall only be stored on designated drives and servers, and shall only be uploaded to an approved cloud computing services;
· Servers containing Personal Data shall be sited in a secure location, away from general office space;
· Personal Data shall be backed up frequently;
· All servers and computers containing Personal Data should be protected by approved security software and a firewall.
Transfer of Personal Data
As Haier is a multinational group, Personal Data may be transferred to countries located outside the India.
The transfer of Personal Data within Haier group is subject to standard contractual clauses or intra-group schemes.
The transfer of Personal Data outside Haier group are managed on a case-by-case basis but shall always be under contractual and/or legal obligation.
Security
Technical and organizational security measures
Haier has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of each processing.
These measures are detailed in the different security and IT policies of Haier.
Personal Data breach
In case of a data breach, Haier has implemented an internal process in order to prevent, detect and stop Personal Data breach as well to notify the relevant supervisory authority and, if applicable, the Data Subjects, in time.
Whom should I contact?
Any enquiries regarding the use of your data or details on how to access the data held about you should be sent to our Data Protection Officer (contact details below)
Contact details of the Data Protection Officer:
by post to
Haier Appliances India Pvt. Ltd.
Mr. Arun Sharma
[Building No.1, Okhla Industrial Estate Phase 3, New Delhi ,110020]
Or
by e-mail to [in.dp.officer@haierindia.com]
http://www.haier.com/in/index.shtml
Done in India, on November 26,2019