Data Security and Privacy Policy

1. Overview

ValueLabs’ intention behind publishing this Data Security and Privacy Policy is to ensure that we are compliant to the privacy and data security requirements. Herein, ValueLabs would like to provide detailed information regarding the data we collect, process and the controls we have implemented to safeguard the information provided to us by Data Subjects.

2. Objective

The purpose of this policy is to outline the practices that we adhere to with respect to:

  • Data Security and Privacy Regulations defined in. European Union General Data Protection Regulation (EU GDPR), Malaysia Personal Data Protection Act and any other such data privacy regulations
  • Statutory and Regulatory requirements such as HIPAA(Health Insurance Portability and Accountability Act)
  • Data Security, Confidentiality and Privacy requirements specified as part of Master Services Agreement (MSA), Statement of work (SOW) etc. by customers
  • Intellectual Property Rights of Data Subjects and customers

2.1 Terms & Definitions

Terms Definition
MSA Master Service Agreements
SOW Statement of Work
HIPAA Health Insurance Portability and Accountability Act
Personally Identifiable Information (PII) Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
Protected Health Information (PHI) Any information about health status, provision of health care, or payment for health care that is created or collected and can be linked to a specific individual
Processing of PHI / PII Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
EU GDPR European Union General Data Protection regulation
Data Controller Any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Data Processor Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Data Subject Any natural or legal person providing its PII

3. Policy Description

Many countries have introduced legislations placing controls on collection, processing and transmission of PII.

We ensure to perform our services abiding to such laws and ensuring data security, privacy and confidentiality

4. What data / information we collect

4.1. Prospective Customers

i. Prospective customers may provide their information while contacting us through our website for business opportunities

a. We collect name, company details, email id (professional email id), and phone number

b. Access to such PII is provided only on need-to-know basis and is restricted to those individuals, affiliates or subcontractors who are subjected to ValueLabs’ strict confidentiality obligations and disciplinary policies

c. Adequate controls are implemented to safeguard the PII which includes physical, technical and administrative controls

ii. ValueLabs is a leading business technology and consulting services firm catering to over 180 customers through 25 offices globally. Our services span Digital Enablement and Product Development for leading organizations across sectors. We would like to connect to organizations such as yours to explore partnership opportunities.

a. We receive information including name, email id, phone number, role, organization associated with from professional service providers such as LinkedIn premium service, marketing databases, prospective customer websites, references from our existing clients

b. We assume that the data subjects have provided consent to such professional service providers to share the PII with ValueLabs

4.2. Customers Information

i. To provide effective services to our customers we collect PII which includes name, professional email id, phone number and company address

ii. We are provided with the information during the contract phase by the respective customer in order to perform services effectively (billing, invoicing, program management etc.)

iii. ValueLabs assumes that the customer organization has already obtained consent from the data subject and would exclude ValueLabs from any additional consent to be acquired

4.3. Prospective Employees

i. In the process of recruitment and talent management, ValueLabs’ HR may receive PII from job posting sites / portals, LinkedIn etc.

ii. ValueLabs receives name, email ID, mobile number, address and other information provided by data subject in the respective job portals

iii. ValueLabs assumes that the job posting portals has already obtained consent from the data subjects to share such information and would exclude ValueLabs from any of the obligations related to additional consent management

5. Data processing

5.1. Prospective Customers

i. In order to establish this connection, we would like to reach out to prospective customers with technological / digital propositions and solutions relevant to their business, invitations for our sales reach events, white papers, publications, industry newsletters and any relevant technology related content

5.2. Prospective employees

i. PII collected through the job portals for recruitment and talent acquisition will be processed to reach out to prospective employees for job openings and careers at ValueLabs

6. Data Storage

6.1. Prospective Customers

i. PII provided by the prospect in the website or gathered through marketing database would be stored on a well-established CRM tool

ii. Appropriate technical controls including but not limited to access control mechanism, encryption, data anonymization are in place to safe guard the confidentiality, integrity and availability of the information

6.2. Prospective employees

i. PII provided by the prospective employees in the website or job portals would be stored on a well-established HRIS Tool

ii. Appropriate technical controls including but not limited to access control mechanism, encryption, data anonymization are in place to safe guard the confidentiality, integrity and availability of the information

7. Data Disposal

i. PII / PHI data of data subjects will not be kept longer than necessary. Such requirements would be identified during data collection process based on regulatory or legal requirements prevailing in that period

ii. PII / PHI Data will be securely disposed once it is no longer in use.

8. Data Disclosure

i. ValueLabs ensures that PII / PHI data is not disclosed to the unauthorized users without proper consent

ii. Any such request for access to the data from third parties including law enforcement and government agencies would be notified to Data Subject where applicable

iii. Disciplinary actions would be initiated as per the disciplinary policy defined for any unauthorised disclosure of PII / PHI

9. Data Subject rights

9.1. Right of Access, Modify

9.1.1. Prospective Clients and Employees

i. Data subjects at all times can reach out to ValueLabs through “email id: EUGDPR@valuelabs.com ” for access to the personal data to review, modify and correct any inaccuracies

ii. For Customer provided information, we request Customer to inform ValueLabs in case the data subject has withdrawn the consent so ValueLabs can take actions on such PII as appropriate

9.2. Right to consent / opt out consent

9.2.1. Prospective Clients

i. In case of data obtained through Premium services, ValueLabs will reach out to all such prospective clients with an email to obtain their consent providing a link to this policy

ii. In case the data subject would like to opt out they can reply to the email or weblink option provided. In case, we do not receive the information within one week it would be deemed that consent is provided

iii. ValueLabs would maintain name, LinkedIn ID, or marketing database ID of opted out data subjects in do-not-contact(DNC) list to ensure that no future contacts are made by our sales team

9.2.2. Prospective Employees

i. ValueLabs will reach out to all such prospective employees with an email to obtain their consent providing a link to this policy

ii. In case the data subject would like to opt out they can reply to the email or weblink option provided. In case, we do not receive the information within one week it would be deemed that consent is provided

iii. ValueLabs would maintain name, LinkedIn ID, job portal ID of opted out data subjects in do-not-contact(DNC) list to ensure that no future contacts are made by our HR team

9.2.3. Right to Erase

i. Data subjects at all times can reach out to ValueLabs through “email id: EUGDPR@valuelabs.com ” to erase a part of data or complete data

ii. For Customer provided information, we request customer to inform ValueLabs in case the data subject has made such request

10. Breach Notification

i. ValueLabs would intimate the data subjects, customers on any instance of data breach which could potentially impact the privacy of data subject

ii. Such notifications where ever feasible would be within 72 hours or as per the contracts established

iii. ValueLabs would further take all reasonable steps to curb such instance from repeating and take all corrective measure to minimize the impact of such data breach

11. Data Controller and Contracting parties

i. In case the data subject resides in the countries that are part of the European Union (EU), European Economic Area (EEA) ValueLabs UK Limited would be the data controller

Reach Us