Nunhems India Private Limited

      DATA PRIVACY POLICY

What is the purpose of this policy?

Nunhems India Private Limited, (hereinafter referred to as “Nunhems”) is committed to protecting the privacy and security of your personal information and sensitive personal data and information (hereinafter referred to as “SPDI”).

This privacy policy describes how we collect, receive, possess, store, deal, handle or use your personal information and SPDI, in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules”). 

It applies to the personal information and SPDI of all natural persons (individuals) collected and processed by us, including our employees, customers or suppliers or contact persons of our customers or suppliers (hereinafter referred to as “data subjects”).

It is important that you as a provider of personal information and SPDI read this policy, together with any other privacy statement we may provide on specific occasions when we are collecting or processing personal information and SPDI about you, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with the IT Rules. The IT Rules say that the personal information and SPDI we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

 

The kind of information we hold about you

Personal data, or personal information, means any information about an individual which, either directly or indirectly, in combination with other information is capable of 2 identifying such person. It does not include data where the identity has been removed (anonymous data).

We may collect, store, and use the following personal information about you:

• Personal contact details such as name, title, addresses, telephone/mobile numbers and personal email addresses.

• Details of previous employers, Education Details, Information of dependents.

• Date and place of birth

• Gender

• Residence Status

• Nationality

• Marital status

• Caste

• Religion

• Family Related Information

• Details of previous employees

• Education Details

• Information on Dependents

• Next of kin and emergency contact information

• Personal ID’s such as PAN, UAN, PRAN, Aadhar, Passport, Driving License, etc.

• CCTV footage and other information obtained through electronic means such as door access records

• Information about your use of our information and communications systems

• Photographs

• Attendance & leave records, personal development data, performance management data, payroll & salary data

• Any other information as deemed relevant

 

We may also collect, store and use the following "special categories" of more sensitive personal data and information (“SPDI)”:

• Financial information such as Bank account or credit card or other payment instrument details.

• Medical records and history & Blood group.

• Biometric Information

Purposes for which we will collect and use your personal information & SPDI

Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract, we have entered into with you.

2. Where we need to comply with a legal obligation or in anticipation of a legal obligation.

3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

4. Where you have given us explicit consent to do so. 

5. For business management and planning, including accounting and auditing.

6. For making decisions about grievances.

7. For making arrangements for the termination of a contract.

8. For dealing with legal disputes and insurance claims.

9. For complying with enquiries or investigation by statutory authorities

10.For complying with health and safety obligations.

11.To prevent fraud.

12.To monitor your use of our information and communication systems to ensure compliance with our IT policy and laws of the land.

13.To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.

14.To conduct data analytics studies to review and better understand customer satisfaction and needs.

15.Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information & SPDI.

 

Purposes for which we will collect and use sensitive personal data and information (SPDI)

SPDI requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may collect or process SPDI in the following circumstances:

1. In limited circumstances, with your explicit written consent.

2. For a lawful purpose connected with our business, function or activity and the collection of SPDI is considered necessary for such purpose.

3. Where we need to carry out our legal obligations.

 

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Change of purpose

We will only use your personal information and SPDI for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We will notify you if we need to use your personal information or SPDI for an unrelated purpose.

If you fail to provide personal information & SPDI

If you fail to provide certain information and SPDI when requested, we may not be able to perform the contract we have entered into with you (such as providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety), which may have consequences.

Data sharing

We may have to share your personal information and SPDI with third parties, including third-party service providers and other entities in the BASF Group in India and abroad. In such an event, we will seek your prior consent in writing, unless you have agreed to such disclosure in a contract executed with us.

We require appointed third parties to respect the security of your personal information and SPDI to treat it in accordance with the law.

If we do, you can expect the same degree of protection in respect of your personal information that is adhered to by us. Which third-party service providers process my personal information or SPDI? "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within the BASF Group.

Why would you transfer my personal information and SPDI to third parties?

We will transfer your personal information and SPDI to third parties in India or abroad where required by law, or where it is necessary for the performance of a lawful contract between us, or when we have your explicit consent. We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information, without your prior consent, with government agencies mandated under the law to obtain personal information, including SPDI, for the purpose of verification of identity or for prevention, detection, investigation, including cyber incidents, prosecution and punishment of offences or to otherwise comply with the law or a legal obligation.

How secure is my information with third-party service providers and other entities in the BASF Group?

All our third-party service providers and other entities in the BASF Group are required to take appropriate security measures to protect your personal information and SPDI in line with our policies. We do not allow our third-party service providers to use your personal information and SPDI for their own purposes. We only permit them to process your personal information and SPDI for specified purposes and in accordance with our instructions. The third-party service providers cannot disclose your personal information and SPDI further.

Data security

We have put in place security practices and standards and have a comprehensive documented information security program and policies that contain managerial, technical, operational and physical security control measures to protect the security of your information.

Third parties will only process your personal information and SPDI on our instructions and where they have agreed to treat the information confidentially, legally and securely.

We have put in place appropriate security measures to prevent your personal information & SPDI from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information & SPDI to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information & SPDI on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

For how long will you retain my personal information & SPDI?

We will only retain your personal information and SPDI for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information & SPDI, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosureof your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In certain circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further reference to you.

Rights of access, correction and erasure

Your duty is to inform us of changes.

It is important that the personal information and SPDI we hold about you is accurate and current. Please keep us informed if your personal information and SPDI changes during your relationship with us.

Your rights in connection with personal information and SPDI

Under certain circumstances, by law you have the right to:

Request access to your personal information and SPDI (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information & SPDI we hold about you and to check that we are lawfully processing it.

Request correction of the personal information and SPDI that we hold about you. This enables you to correct any incomplete or inaccurate information we hold about you. 

Request erasure of your personal information and SPDI. This enables you to ask us to delete or remove personal information and SPDI where there is no good reason for us continuing to process it.

We shall not be responsible for the authenticity of the personal information or SPDI supplied by you.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information and SPDI for a specific purpose, you have the right to withdraw your consent in writing for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information and SPDI for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we shall have the option not to provide goods and services for which the information was sought.

Grievance Officer

We have designated a Grievance Officer to address any discrepancies and grievances of data subjects with respect to processing of information in a time bound manner. The Grievance Officer will redress the grievances expeditiously but within one month from date of receipt of the grievance. The details of the Grievance Officer are as follows:

Name: Akhilesh Kumar

Tel No: +91 80 46485506

E-mail ID:akhilesh.kumar@vegetableseeds.basf.com

Postal Address: No. 16, Sri Ramanjaneya Complex, Yelahanka New Town, 560064, Bengaluru, India.

 

Changes to this privacy statement

We reserve the right to update this policy at any time