MY PLAN IS TO SECURE
MY FAMILY’S FUTURE
WHAT’S YOUR PLAN?
Learn more about our Shareek-e-Safar Plan
This policy applies to all personal data that our company processes to provide our intended services, regardless of the format or medium in which it is stored or processed. This includes personal data that is collected from our employees, clients, suppliers, business partners, and any other individuals.
- Data Controller: A data controller is a person or organization that determines the purposes, conditions, and means of processing personal data.
- Data Processor: A data processor is a person or organization that processes personal data on behalf of the data controller.
- Data Subject: A data subject is an individual who is the subject of personal data that is processed by a data controller or data processor.
- Personal Data: Personal data is any information that relates to an identified or identifiable individual. This can include but not limit to a person’s name, date of birth, national identity card, address, email address, phone number, IP address, or hiring information, medical information, financial information, employee benefits, dependents, any other information that can be used to identify the Data subject.
- Process means any action performed on personal data. Such actions are included but limited to: Collecting, Recording, analyzing, organizing, modifying, gathering, handling, transferring, retaining, and deleting.
The Company will only process personal data with the purpose or a reasonably related purpose for which they were collected. The company will not process such personal information in a manner that is incompatible with such purposes unless the relevant data subject has provided consent upon such action. In addition, the company will perform at its best endeavor to ensure personal data being processed is accurate and up to-date. Purposes for processing personal data must be legal and reasonable, which includes and not limit to
- performance of legitimate business interests of the company
- performance of legitimate operational interests of the company
- compliance with the legal. Regulatory, and statutory requirements/ obligations.
The company will document records of processing and such documentation will be stored with security measures in database to ensure confidentiality, processing integrity, availability, security and privacy of such sensitive information. They will be reviewed and accessed on a need-to-know basis.
Collection and Use of Personal Data
The Company may collect and process personal data for the following purposes:
- To manage our employees’ contracts, salaries, benefits, and performance
- To comply with legal and regulatory requirements
- To provide services to our clients
- To conduct research and analysis
- To improve our products and services
We may collect and process personal data such as:
- Personal/ Contact information (name, date of birth, national identity card, address, email, phone number, Personal Identification Number)
- Employment information (job title, department, employment history, educational background, and professional qualifications)
- Financial information (bank account details, tax information)
- Information about your preferences and interests
The company will not collect or process any personal data that is not necessary for the purposes stated above.
The company will retain personal data for an adequate and relevant period of time for providing services to our clients and in compliance with legal, regulatory, and statutory requirements. Once, the data has completed its useful life, it will be disposed of in a manner that dissolves it ability to identify or re-identify data subject in compliance with data retention and disposal policy.
The individual has the right to:
- Access/ review personal data
- Correct or update personal data
- Request for data Erasure
- Object to the processing of personal data
- Request that we restrict the processing of personal data.
- Request that we transfer personal data to another data controller.
If any individual wishes to exercise any of these rights, his request will be entertained in compliance with local regulatory and statutory obligations and business requirements.
- By engaging with the Program, information linked to customer and their interactions with the Program (e.g. physical activity, reward earning events and redemption, and form submission) will be collected or created by Vitality. Customer can also choose to allow certain devices and mobile applications, such as Google Fit, to sync data to a Vitality Application they use.
- Device’s information such as type of device, operating system, data that customer has synced, which may include health and fitness related information and location information, upon customer’s consent may be collected by Vitality.
Purpose for collecting personal information may include but not limit to:
- To administer and manage customer’s account
- To resolve any complaints or inquiries customer may have
- For management of debt owed to Vitality, if applicable
- To prevent, detect, and investigate fraud or security incident
- For Vitality company and management information purposes and internal analysis of products and services
- Incentive administration
- Improve customer experience
- Fulfilment and compliance against legal obligations
- Creating De-identified or Aggregated Datasets
- Personal information of the customer is handled as strictly confidential and with adequate security.
- Information during transmission between customer’s web browser and vitality shall be protected with SSL.
- Personal information of customer shall be adequately protected using international and industry best practices.
- In case if sub-contractor, agents, service providers, third-party partners, affiliates, subsidiaries, is required to be shared with customer’s personal information to enable them to function or provide service on behalf of vitality. Organization shall only share customer’s personal information such as: PI collected from Google Fit, for consented business purposes.
Training and Awareness
The Company is committed to comply with all applicable data protection laws and regulations.