Purpose

This privacy policy sets out how ANNIK Technology Services Private Limited and its subsidiaries (hereafter referred as “ANNIK/We”) uses and protects Personally Identifiable Information (PII) that an individual shares with it.

PII can be anything that can be used to identify an individual, not limited to but including; name, address, date of birth, marital status, contact information, ID issue and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services.

ANNIK is committed to the privacy and confidentiality of information provided to us. Annik uses any client or personal information only for the purpose as agreed upon the services provided by Annik to our clients.

ANNIK should ask an individual to provide certain information by which such individual can be identified then he/ she can be assured that it will only be used in accordance with this privacy statement.

Annik communicates its privacy guidelines with all its employees to make sure that personal information of client remains confidential and the same is binding for all its employees.

 

Applicability

This Privacy policy will help understand:

  • Purpose of collection of PII/ sensitive personal information;
  • The retention period as required by business for lawful purposes; Disclosure/ transfer of personal information;
  • Measures taken to ensure privacy and security of collected PII/ sensitive personal information;

 

EU-US Privacy Shield

Annik complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  Annik has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification pages, please visit https://www.privacyshield.gov/.

Refer the link to see Annik Inc listed under the privacy shield program at https://www.privacyshield.gov/list

 

Collection of information/Notice

Annik involves in maintaining client database of its customers and for that it uses PII data provided by client itself. In order to provide services we may require to collect PII/ sensitive personal information. We are committed to safeguard such information in line with the applicable laws.

Before collection of such information, consent in writing shall be obtained by ANNIK.

ANNIK also provides an option to withdraw consent, once given at any time. In case of withdrawal of consent, ANNIK reserves the right to discontinue the services for which the information has been collected.

 

Usage and Retention of information

While collecting PII, ANNIK provides information as to why we are collecting this information and how we will use it.

ANNIK retains the information collected for a period reasonably required for business purposes or for a period as required under any law.

 

Choice
To opt-out of (participation/sharing your information) at any time please notify us at CISO@ANNIK.com

 

Disclosure and onward transfer of personal information

ANNIK will not disclose your personal information to any third party unless you have consented to such disclosure except the cases where we are required to do so under any law or lawful request by public authorities, including to meet national security or law enforcement requirements. Should you breach our terms and conditions or terms of use or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, we may disclose your information to a relevant authority under intimation to you via email or any other fastest method possible (Depending on the scenario).

Any disclosure of personal information will be strictly controlled and made fully in accordance with the applicable local law.

However, sometimes ANNIK uses third parties to process your information. ANNIK contractually requires these third parties to comply strictly with its privacy instructions and not to further transfer your personal information.

ANNIK also requires that they do not use your personal information for their own business purposes, unless you have explicitly consented.

In some circumstances, ANNIK may maintain liability in cases of onward transfer to 3rd parties.

 

Access to your personal information

Depending on local law, you may access, update, or correct your Personal Information that we hold, including your profile and preferences. ANNIK permits, as and when requested in writing, to review the information provided. You can write to us at CISO@annik.com for any updates/rectification in the information provided.

 

Reasonable security practices and procedures

ANNIK has formulated and documented ANNIK Information Security Policy (hereinafter called as “the Policy”) based on international standard IS/ ISO/ICE 27001:2013.

ANNIK adopts strict security practices and procedures, in line with the Policy, which includes technical, operational, managerial and physical security control measures in order to protect your personal information from unauthorized access or disclosure while it is under ANNIK’s control.

The Policy limits access to personal information on business need basis. Our employees, to the extent they may have access to your personal information, are bound by Code of Business Ethics and Conduct and non-disclosure agreements which obligate them to protect the confidentiality of your personal information.

ANNIK shall undergo independent assessment / audit of its reasonable security practices and procedures, by an independent third party auditor, approved by the Government of India at least once a year.

 

Data integrity and Purpose Limitation

The personal information ANNIK processes is relevant for the purpose for which it is to be used and, to the extent necessary, ANNIK takes reasonable steps to ensure that data is reliable for intended use, accurate, complete, and current.

 

Recourse, Enforcement and Liability

In compliance with the EU-US Privacy Shield Principles, ANNIK commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact ANNIK at:

CISO@annik.com
ANNIK Inc.,
14335 NE 24th St. Bldg. B, Suite 210
Bellevue, WA 98007
425.333.8012 (phone)

 

ANNIK has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by ANNIK, Inc., please visit http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint.

 

Complaints against participants in the Insights Association Privacy Shield Program are handled by the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA) and the administrative procedures described at their website. Additionally, under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.  Also, note that Annik is under the enforcement authority of the Federal Trade Commission.

 

Cookies

ANNIK may receive passively-collected information through a variety of methods including Cookies.

ANNIK tracks content usage and traffic on this Site by using “cookies,” a feature of your browser. A cookie is a text file that is placed on your hard disk by a Web page server. ANNIK uses cookies to help it compile aggregate statistics about usage of this Site, such as how many users visit the Site, how long users spend viewing the Site, and what pages are viewed most often. This information is used to improve the content of the Site; it is not shared with any other party for any commercial purposes. You can set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether or not to accept it. If you disable cookies, however, you may not be able to take advantage of all the features of this Site.

 

Collection of information by third parties

Please note that at times the information may be collected by third party on behalf of ANNIK, under a lawful contract. These third parties’ websites have their own privacy policies and we recommend you to review them.

However, please note that we are not responsible for any use of your personal information you provide to third-party applications or websites that may be accessed via the Products or Websites. We strongly recommend that you review the privacy policy of any third-party applications or websites that you use.

 

Privacy Breach Management

Managing privacy breaches include:

  • Preliminary assessment and containment;
  • Full assessment;
  • Notification (to affected individuals and internal management where required);
  • Mitigation and prevention;
  • Sharing of lessons learned.

 

Privacy Breach Notification

ANNIK shall notify all affected individuals whose personal information has been or may have been compromised through theft, loss or unauthorized disclosure, especially if the breach:

  • Involves sensitive personal data such as financial, or personal identifiers:
  • Can result in identity theft or some other related fraud;
  • Can otherwise cause harm or embarrassment detrimental to the individual’s career, reputation, financial position, safety, health or well-being.
  • Notification must be provided without unreasonable delay and in no case later than 60 days following the discovery by a letter (first class recommended) or alternatively by email if the affected individual has agreed to receive such notices electronically, or by telephone or in person. The notification should include:
    • A general description of the incident, including date and time;
    • The source of the breach (an organization, a contracted party, or a party to a sharing agreement);
    • A list of the personal information that has been or may have been compromised;
  • A description of the measures taken or to be taken to retrieve the personal information, contain the breach and prevent reoccurrence;
    • Advice to the individual to mitigate risks of identity theft or to deal with compromised personal information;
    • The name and contact information of an official at Annik with whom individuals can discuss the matter further or obtain assistance;
    • ANNIK shall also inform affected individuals of developments as the matter is further investigated and outstanding issues are resolved.

 

Grievance Redressal

Any grievance or complaint in regards to this policy, in relation to processing of information, should be send to ANNIK in writing to the following contact email ID. Grievance shall be redressed as expeditiously as possible. Email: CISO@annik.com

 

Changes to this Policy

ANNIK reserves the right to amend or modify this Privacy policy at any time, as and when the need arises or as per the requirements of law.

 

Exception Handling

Any exception to this policy will be catered as per the exception process defined in the ISMS Manual (section 8.1).