1. Scope of Document:

   • This policy is agreed upon in agreement with the Privacy Policy of AudienceSutra.com

   • This policy is applicable to any natural user/client/visitor/person (here in after referred to as "subject", “user”), exchanging any kind of data electronically or physically, with AudienceSutra.com.

   • Data is limited to the scope of an identifiable subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, or shared opinion of that natural person.

2. Data Retention and Archiving Policy

   • Retention is defined as the maintenance of data in a production or live environment which can be accessed by an authorized user in the ordinary course of business. Data used in staging, development, and testing or draft versions of documents shall not be retained beyond their active use period not copied into production or live environments.

   • The data shall be retained for an indefinite period of time for active use, unless an exception has been obtained permitting a longer or shorter active use period by the business function responsible for creating, using, processing, disclosing storing and destroying the data, or in case the respective individual requests the same using an official pre-described process of communication.

   • After active use has expired and according to appropriate exceptions, data shall be archived in accordance with 2.4.

   • Archiving is defined as secured storage of data such that data is inaccessible by authorized users in the ordinary course of business, but which can be retrieved by an admin designated by the head of function for the data in question.

   • The archiving period of data shall be indefinite unless an exception has been obtained permitting a longer or shorter active use period by the head of function responsible for creating, using, processing, disclosing, storing, and destroying the data, or in case the respective individual requests the same using an official pre-described process of communication.

3. Data Collection

In application of the regulations applicable to personal data, Users have the following rights, which may be triggered by the head of function responsible for creating, using, processing, disclosing, storing, and destroying the data, or in case the respective individual requests the same using an official pre-described process of communication.

• Update, Access or Read: They can exercise their right of access to know the personal data concerning them. In this case, before Implementation of this right, AudienceSutra.com may request proof of the identity of the user to verify the accuracy of this data.

• Deleting subject account of Archiving subject data

  • AudienceSutra.com at all times will retain all data for historical or audit purposes for an indefinite period of time, until the data subject. The data subject at all times has the right to raise a request to archive respective data/information, in which case, AudienceSutra.com will ensure that the data is not accessed or used by any function for any financial, non-financial or any kind of business transactions.

• Data Portability: Regarding Data Portability request, the data subject (client) can get in touch with AudienceSutra.com as per clause 4.2. Once the request has been received by the AudienceSutra.com admin, it’d be forwarded to the relevant function for processing.

1. Communication Process:

   • The above requests can be triggered either from the subject’s AudienceSutra.com accounts, which may be an account related to any business or function of AudienceSutra.com

   • Alternatively, the data subject may send an email request to AudienceSutra.com at enquiries@AudienceSutra.com

   • Requestor's Identity: If we (AudienceSutra.com) have a good cause to doubt the requestor's identity, we can ask them to provide documentation to confirm it, such as - copy of passport, driving license, utility bill, as part of Subject Access Request Form.

   • 3rd Party Information: In fulfilling a request, we need to protect the rights of third parties that may be involved in revealing the data to an individual. For each document, the following needs to be considered:

• Does the request require the disclosure of information which identifies a 3rd party individual?

• Has the 3rd party individual consented?

• Would it be reasonable in all circumstances to disclose without consent?

  • Response from AudienceSutra.com: AudienceSutra.com shall ensure that the request is acknowledged, and response is shared within seven (7) working days of the acknowledgment of the request, provided the communication channel & format is followed as advised in the policy. Expect in the case of any data breach, the process detailed in clause 6 must be followed.

1. Evolution of Data Handling Policy, Scope & Version Control

   • AudienceSutra.com reserves the right to make any modification or update the policy to ensure compliance to various general data protection practices. In case of any update, AudienceSutra.com will update the version as per the version control policy. In case of any direct impact on our users, AudienceSutra.com will ensure relevant communications and actions are triggered as per the version control policy.

1. Data Breach Reporting Mechanism, Escalation Matrix

   • A privacy breach is an eligible data breach if it results in:

     • Unauthorized access to or disclosure of personal information; or

     • Information being lost in circumstances where unauthorised access to or disclosure of personal information is likely to occur, and this is reasonably likely to result in serious harm to an individual

2. ​Escalation Process in case of Data Breach:

• The Information that should be provided (if known) at this point includes:

• When the breach occurred (time and date)

• Description of the breach (type of personal information involved)

• Cause of the breach (if known) otherwise how it was discovered

• Which system(s) if any are affected?

• Whether corrective action has occurred to remedy or ameliorate the breach (or suspected breach)

  • This should be reported as soon as it is acknowledged or within 24 hours whichever is less.

  • This should be reported to: Anirban Malakar, Founder, Email: anirban@audiencesutra.com

In case of European Union Member States, AudienceSutra.com is complaint with the General Data Protection Regulation and hence will ensure that the breach is reported to all affected stakeholders as well as the relevant authority in the respective EU member state within 72 hours of acknowledgement of such an event.