Purpose
RAH Infotech (along with its national as well as foreign branch offices, which together comprise “RAH Infotech”), is committed to meeting legal and regulatory requirements regarding data protection and privacy wherever it conducts business activities.
This Privacy Policy (“Policy”) defines the minimum standards with respect to RAH Infotech collecting, processing, or otherwise using personal data, including information that may be considered Sensitive Personal Data (“Personal Data”).
Scope
This Policy applies to all RAH Infotech (“Company”) employees, business contacts, customers, clients, or vendors (“Individuals”). Where RAH Infotech controls other company entities, such entities are required to abide by the principles set out in this Policy.
Policy Statement
The Company is committed to conducting its business in accordance with all applicable data protection laws and regulations and in line with the highest standards of ethical conduct. This Policy sets forth the expected behaviours of Company employees and third parties in relation to the collection, use, retention, transfer, disclosure, and destruction of any Personal Data belonging to a Company contact (the “Data Subject”).
Personal Data is any information (including opinions and intentions) that relates to an identified or identifiable natural person. Personal Data is subject to certain legal safeguards and other regulations that impose restrictions on how organizations may process Personal Data.
An organization that handles Personal Data and makes decisions about its use is known as a Data Controller. The Company, as a Data Controller, is responsible for ensuring compliance with the data protection requirements outlined in this Policy.
Definitions
Data Controller:
The entity that determines the purposes, conditions, and means of the processing of Personal Data.
Data Processor:
The entity that processes Personal Data on behalf of the Data Controller.
Data Protection Authority:
National authorities tasked with the protection of data and privacy, as well as monitoring and enforcement of data protection regulations within the applicable jurisdiction.
Data Protection Officer (DPO):
An expert on data privacy who works independently to ensure that an entity adheres to the policies and procedures set forth in applicable data protection regulations.
Data Subject:
A natural person whose Personal Data is processed by a controller or processor.
Personal Data:
Any information related to a natural person or “Data Subject” that can be used to directly or indirectly identify the person.
Processing:
Any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, storage, use, disclosure, or destruction.
Regulation:
A binding legislative act that must be applied in its entirety across the applicable jurisdiction.
Subject Access Right:
The right of a Data Subject to access and obtain information about the Personal Data that a controller holds about them.
PRIVACY PRINCIPLES
RAH Infotech will handle Personal Data in accordance with the following principles. RAH Infotech ensures that its business partners and vendors comply with the principles of this Policy and applicable legal and regulatory standards through appropriate contractual agreements.
Lawfulness of Processing
RAH Infotech will collect, store, process, use, share, transfer, analyze, or otherwise handle Personal Data in accordance with applicable legal requirements for legitimate business purposes, compliance obligations, individual consent, or any other lawful basis defined by applicable laws and regulations.
Limitation of Collection and Processing
RAH Infotech will limit the processing of Personal Data in scope, duration, and volume to what is necessary to achieve the intended purpose.
Transparency
In accordance with applicable legal requirements, RAH Infotech will provide individuals with clear information explaining the scope and purpose of processing and how to contact RAH Infotech for privacy-related inquiries.
Accuracy
RAH Infotech will take reasonable steps to ensure that Personal Data is accurate, complete, and up to date. Inaccurate Personal Data will be erased or rectified without undue delay where required by law.
Security and Confidentiality
RAH Infotech implements appropriate physical, technical, and organizational measures to protect Personal Data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access.
Privacy by Design
RAH Infotech incorporates Privacy by Design principles into all Personal Data processing activities, whether digital or manual.
Disclosure
RAH Infotech discloses Personal Data to third parties only for purposes identified in applicable privacy notices, with consent where required, or as mandated by law. Third parties may include public authorities, regulatory bodies, or law enforcement agencies.
Data Subject Rights
RAH Infotech enables individuals to exercise their data protection rights in accordance with applicable law, including rights to access, correction, objection, deletion, withdrawal of consent, and data portability, where applicable. All requests are validated, documented, and tracked to closure.
Cookies
When you visit our website, we may collect Personal Data automatically through cookies or similar technologies.
International Data Transfers
RAH Infotech operates globally and may transfer Personal Data across national borders. Where such transfers occur to countries without adequate data protection laws, RAH Infotech ensures appropriate safeguards are implemented.
Data Protection
RAH Infotech adopts physical, technical, and organizational measures to ensure the security of Personal Data, including:
Preventing unauthorized access to data processing systems
Restricting access based on business necessity
Maintaining access logs
Protecting data from accidental destruction, loss, or damage
Ensuring data collected for different purposes is processed separately
Assessment of Adequacy
When assessing international transfers, the Data Protection Officer will consider:
Nature of data transferred
Origin and destination countries
Purpose and duration of processing
Local laws and regulatory practices
Security measures in the destination location
Exemptions
Transfers of Personal Data to third countries or international organizations may take place only when permitted by law, including where:
The Data Subject has explicitly consented
The transfer is necessary for contractual obligations
Required for public interest or legal claims
Required to protect vital interests of individuals
Data Retention
RAH Infotech retains Personal Data only for as long as necessary to fulfill business or legal purposes. When no longer required, data is securely deleted or anonymized, unless law requires longer retention.
Jurisdiction-Specific Requirements and Implementation
National data protection laws may impose additional obligations. Where required, RAH Infotech will establish supplementary procedures and cooperate with relevant regulatory authorities.
Privacy Organization and Contact
RAH Infotech has established its IT Department under Mr. Inderjeet Singh to oversee privacy and data protection compliance.
For privacy-related questions, please contact:
📧 Inderjeet.singh@rahinfotech.com
Compliance Audit
The Data Protection Officer will conduct annual data protection audits covering:
Personal Data handling practices
Incident and complaint management
Employee awareness and training
Data accuracy
Vendor compliance
Breach management procedures
Audit findings will be reported to management, and corrective actions will be implemented within defined timelines.
Data Protection Training
All employees with access to Personal Data will receive data protection training at induction and at regular intervals.
Data Breach Reporting
All suspected or actual Personal Data incidents must be reported immediately. Each incident will be investigated, documented, and addressed according to Company policy and legal obligations.
ROLES AND RESPONSIBILITIES
RAH Infotech maintains internal arrangements to ensure compliance, protection of Personal Data, and handling of regulatory or individual concerns. Individuals may contact the Data Protection Officer for assistance.
Consequence of Non-Compliance
Non-compliance may expose RAH Infotech to regulatory action, fines, legal liability, and reputational damage. Violations of this Policy may result in disciplinary or contractual action.
Review
This Policy will be reviewed every three years or earlier if required due to regulatory changes.
Records Management
All records related to this Policy shall be maintained securely in the Company’s recordkeeping systems for a minimum of five years.
Indemnity
Users agree to indemnify RAH Infotech against claims arising from unauthorized disclosure or misuse of information through third-party platforms.
Changes to the Policy
RAH Infotech may update this Policy from time to time without prior notice. Any changes will be published on the website.
