Privacy Policy

  1. Purpose Of Policy
    The purpose of this policy presents CCS Global Tech commitment for privacy of user information and sensitive commercial/financial data.
  2. Scope of Policy
    This policy applies to all data that is either owned or managed by CCS Global Tech.
  3. Supporting Documents
    List of documents supporting this policy,
    a) Information Security Policy
  4. Responsibilities
    1. Chief Information Security Officer is responsible for development, implementation, maintenance and enforcement of the policy
    2. CCS Global Tech’s Internal Audit Team is responsible for conducting regular audits to ensure compliance to this policy
    3. Employees and non-employees of CCS Global Tech are responsible and/or accountable to ensure adherence to the terms of this policy in the course of their job duties
  5. Policy Statements
    The privacy policy displayed to the user must clearly communicate minimum of the following information:
    1. Purpose for collection of personal information
    2. Manner in which the information will be processed
    3. Controls for protection of personal information
    4. Usage of tools such as cookies to collect personal information online
    5. Details of information such as IP address, Domain information captured about the user
    6. Sharing of information with third parties
    7. User rights to access of personal information
    8. Details to contact CCS Global Tech for queries on processing personal information
    9. CCS Global Tech commitment to privacy and security
    10. Period for which the terms and conditions are valid
    11. CCS Global Tech information security standards and practices
    12. Policy on external links
      • CCS Global Tech will not use information about user activities on the Internet together with any information that would result in the user being identified without his consent.
      • CCS Global Tech will not associate the information collected by software utilities (cookies, single-pixel gif images) with username or email address, at the time of the user visiting the sites.
      • CCS Global Tech will implement policy guidelines to safeguard the privacy of the user identifiable information from unauthorised access or improper use, and will continue to enhance security procedures as new technology becomes available.
      • CCS Global Tech honour requests from users to review all personally identifiable information maintained in reasonably retrievable form, which currently consists of the users name, address, e-mail address, telephone number and will correct any such information which may be inaccurate. Users may verify that appropriate corrections have been made.
      • CCS Global Tech may use user identifiable information to investigate and help prevent potentially unlawful activity or activity that threatens the network or otherwise violates the user agreement for that service
      • All kinds of data such as personally identifiable information shared by users shall be:
        1. Processed fairly, lawfully and securely
        2. Processed in relation to the purpose for which it is collected
        3. Maintained up to date and accurate as necessary
        4. Retained for no longer than is necessary for the purpose for which it is collected
        5. Users shall be provided with at least the following information before collecting personally identifiable information
        6. Purposes of processing the information
        7. Any further information regarding the specific circumstances in which personal information is collected, such as:
          • The recipients of the information
          • Whether submission of information is obligatory or voluntary, as well as the impact of failure to submit such information
          • The existence of the right to access, update or remove personal information
          • Whether personal information will be used for marketing purpose
  6. Enforcement
    1. Policy Violations
      Violation of the policy will result in corrective action from the management. Disciplinary action will be consistent with the severity of the incident, as determined by the investigation, and may include, but not limited to
      • Loss of access privileges to information assets
      • Termination of employment or contract
      • Other actions deemed appropriate by management, HR division, Legal division and their relevant policies
      Violation or deviation of the policy shall be reported to the service desk and a security incident record has to be created for the further investigation of the incident.
  7. Policy Exceptions
    Any exceptions to this policy have to be formally approved by the Chief Information Security Officer. All the exceptions shall be formally documented in the standard IT exceptions request form.
Scroll to Top