1. Introduction

At Voylogic Enterprise Private Limited, we are committed to safeguarding the privacy of Personal Identifiable Information (PII) we process on behalf of our clients, employees, and third parties. This Privacy Policy outlines how we collect, store, process, transfer, and protect PII in accordance with applicable data protection laws and ISO/IEC 27701:2019 (Privacy Information Management System).
 

2. Purpose of Processing PII

We process PII only for the specific purposes outlined in our contractual agreements with Clients. These purposes may include, but are not limited to, providing services, processing transactions, ensuring data security, and complying with applicable laws and regulations. All processing activities are conducted in line with the documented instructions of the Client.
 

3. Data Transfers Between Jurisdictions

3.1 Cross-Border Data Transfers
We do not transfer PII to jurisdictions outside of the Client’s home country or to international organizations, unless necessary to fulfill contractual obligations. If such transfers occur, we will notify the Client and provide the basis for the transfer, giving them the opportunity to object or terminate the contract if desired.

3.2 Documentation of Transfer Locations
A documented list of countries and international organizations to which PII may be transferred will be maintained to ensure transparency and regulatory compliance if it happens.
 

4. Data Disclosures

4.1 Disclosure to Third Parties
We do not disclose PII to third parties specifying what data was processed, to whom, and when, in accordance with our legal and contractual obligations.

4.2 Legally Binding Requests for Disclosure
If we receive a legally binding request for PII disclosure (e.g., subpoena, court order), we will promptly inform the Client. We will only disclose PII when required by law and in compliance with our contract with the Client.

4.3 Non-Legally Binding Requests
We will reject any non-legally binding requests for PII disclosures and consult the Client before disclosing PII, ensuring all actions comply with the terms of the Client agreement.

4.4 Subcontractor Use
We do not engage subcontractors to process PII on Clients’ behalf. Subcontractors will only process PII according to the Client’s documented instructions and the terms set forth in the Client contract if it happens.
 

5. Processing Instructions and Compliance

5.1 Client Instructions
We ensure that PII is processed solely for the purposes outlined in the documented instructions of the Client. Any deviation from these instructions will require prior written consent from the Client.

5.2 Marketing and Advertising
We will not use PII for marketing or advertising purposes unless we have obtained prior, explicit consent from the appropriate data subject (PII principal). Furthermore, we will not make consent a condition for receiving services.

5.3 Legal and Regulatory Compliance
If we determine that any processing instruction conflicts with applicable laws or regulations, we will inform the Client immediately to enable corrective actions.

5.4 Support for Client Obligations
We will provide the Client with the necessary tools and information to assist them in fulfilling their legal obligations regarding PII, such as responding to data subject requests or ensuring the secure transfer of PII.
 

6. Data Security and Confidentiality

6.1 Secure Disposal of Temporary Files
We will securely erase or destroy temporary files containing PII that are created during processing, following documented procedures and within a specified period.

6.2 Secure Data Transmission
Any PII transmitted over a data-transmission network will be subject to appropriate security controls to ensure it reaches its intended destination securely, preventing unauthorized access or loss.

6.3 Record-Keeping for Compliance
We maintain and update necessary records to demonstrate our compliance with the contractual obligations regarding the processing of PII, in line with applicable data protection laws and the terms outlined in the Client contract.
 

7. Subcontractors and Third-Party Processors

7.1 Engagement of Subcontractors
We will only engage subcontractors to process PII on behalf of the Client in accordance with the terms of the Client contract. The Client will be notified before any subcontractor is engaged.

7.2 Subcontractor Changes
Where general written authorization has been provided, we will inform the Client of any changes in subcontractors or processors to give the Client the opportunity to object to the new or replacement subcontractor.
 

8. Client Rights and Assistance

8.1 Rights of Data Subjects
We assist the Client in fulfilling their obligations to data subjects, including providing access, correction, or deletion of PII, where appropriate. We also support the Client in responding to any data subject requests related to their rights under applicable data protection laws.

8.2 Compliance Support
We provide the Client with the appropriate information to demonstrate compliance with their data protection obligations. This includes facilitating audits and making records available as needed for legal or regulatory reviews.
 

9. Audits and Compliance Records

9.1 Audit Cooperation
We will cooperate with the Client in any audits or inspections to assess our compliance with this Privacy Policy, contractual obligations, and applicable data protection laws.

9.2 Demonstrating Compliance
We will maintain the necessary records, reports, and evidence to demonstrate compliance with the obligations set forth in the applicable contract regarding the processing of PII.
 

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services offered. Any updates will be communicated to the Client and will be posted on our website.