Data Protection Policy

KVQA Assessment Private Limited

  Purpose: This Data Protection Policy establishes the principles and guidelines for handling personal and confidential data within KVQA Assessment private limited to ensure compliance with applicable data protection laws, such as GDPR, ISO/IEC 27001, and other relevant regulations. The policy aims to safeguard sensitive information collected during certification processes and maintain trust with clients, employees, and stakeholders.

  Scope: This policy applies to all employees, auditors, contractors, and third parties who handle personal or sensitive data within KVQA Assessment private limited. It covers all types of data collected, processed, stored, and shared during certification activities.

  Data Protection Principles:

KVQA Assessment Private Limited is committed to processing personal data in accordance with the following principles:

• Lawfulness, Fairness, and Transparency: Data will be collected and processed lawfully, fairly, and transparently.
• Purpose Limitation: Data will only be collected for specified, legitimate purposes related to certification activities.
• Data Minimization: Only the minimum necessary data will be collected and processed.
• Accuracy: Data must be accurate and kept up to date.
• Storage Limitation: Data will be retained only for as long as necessary for certification and legal requirements.
• Integrity and Confidentiality: Appropriate security measures will be in place to prevent unauthorized access, loss, or disclosure.

  Data Collection and Processing:

KVQA Assessment Private Limited is committed to processing personal data in accordance with the following principles:

• Personal and business data may be collected from certification applicants, employees, auditors, and stakeholders.
• The data collected may include name, contact details, professional qualifications, audit reports, financial information, and other necessary details.
• Data will only be used for certification purposes, compliance verification, and regulatory reporting.

  Legal Basis:

• Contractual Obligation: When certification requires data collection.
• Legal Compliance: To meet accreditation, regulatory, and legal obligations.
• Legitimate Interest: To ensure the credibility and integrity of certification activities.
• Consent: When explicit consent is required for specific processing activities.

  Data Security Measures:

• Access Control: Only authorized personnel can access sensitive data.
• Encryption & Anonymization: Where necessary, data will be encrypted or anonymized.
• Secure Storage: Physical and digital data will be stored securely.
• Incident Management: A process is in place to handle data breaches and notify affected parties.

  Data Sharing and Third-Party Access:

• Personal data will only be shared with accreditation bodies, regulatory authorities, and auditors as required.
• Third-party service providers handling data on behalf of KVQA Assessment Private Limited must comply with this policy and sign a Data Processing Agreement (DPA).

  Rights of Data Subjects:

Individuals whose data is processed have the right to:

• Access their personal data.
• Request correction of inaccurate data.
• Request deletion of unnecessary data.
• Object to data processing under certain conditions.
• Withdraw consent where applicable.

  Data Retention and Disposal:

• Data will be retained only for the required period based on regulatory and accreditation requirements.
• After the retention period, data will be securely deleted, anonymized, or archived.

  Compliance and Enforcement:

• Regular audits will be conducted to ensure compliance with this policy.
• Non-compliance may result in disciplinary action.
• Any suspected data breaches must be reported immediately to the Data Protection Officer (DPO).

  Review and Updates:

This policy will be reviewed annually or as required to align with legal and regulatory changes.