This is the Data Protection Policy for Oncrafttechnologies. Oncraft complies with the following privacy principles with respect to personal data. It shall apply to all the staff and third parties involved in business with the company.
The company has access to lawfully acquired personal data, and it processes that data in a transparent manner.
The policy provides protection to any kind of data it collects with the consent of the data holders, including names, phone numbers, postal addresses, email addresses, and more.
The company will process the data only if and to the extent that
It has gained the consent of the data holders
The processing is necessary for the relationship of the parties
The processing is necessary for compliance with any legal obligations
The processing it to further a legitimate business interest
It is necessary for the employee’s performance
The company collects information with the explicit consent of the data holders, and it uses it for the explicit, legitimate purposes set forth in this policy and for no other purpose.
The company only collects data that is adequate, relevant, and limited for the purpose for which it is being collected.
The company collects and processes personal data as accurately as possible.
The company takes every measure reasonable and necessary to maintain the integrity and confidentiality of the information being collected. It does not provide or allow unauthorized persons to access it.
Data that is necessary to run the business and from which the company generates revenues, and it is collected with free consent and for a legitimate purpose will remain the company property, and the company will have the ultimate power to use that data legitimately.
Personal data shall be retained by the company as long as necessary, and it shall be deleted immediately after the need is over.
Personal data may be disclosed to the company’s management, HR, or IT.
Personal data may be disclosed to third parties such as payroll and benefits vendors, background check companies, and more.
The data holder has the right to ask for any data from the company except which is adverse to the company’s interest.
In case of a breach of the data, the company will notify the individuals and the appropriate authority within 48 hours of such breach.