This Privacy Policy (‘Policy’) supersedes all existing policies on the subject matter.

1. Purpose

The purpose of this policy is to maintain the privacy of data and protect the personal information of all employees and business partners (i.e. vendors, suppliers, agents, consultants, advisors, joint venture partners and other third-party intermediaries) of Planetcast Media Services Limited its subsidiaries, affiliates and group companies (“Planetcast /Company”) and ensure compliance with laws and regulations applicable to Planetcast.

2. Interpretation: For the purpose hereof:

“Employee” is an individual who works for the company either on full time or part time basis and is bounded by the contract of employment, terms of which are either expressed or implied. They include on-roll workers, trainees, articles, apprentices, seconded etc. whether remunerated or not for the services offered to Planetcast.

“Business Partner” is any individual, group of individual or entity which includes customers, consultants, lawyers, third parties, suppliers, vendors, agents, whether Government owned or managed, associated for business with Planetcast.

“Personal data or Personally Identifiable Information (‘PII’)”: PII is any information/data about an individual (the Data Subject) individual who is identifiable by or in relation to such information/data, which includes:

1. password, financial information such as Bank account or credit card or debit card etc..
2. sexual orientation, Biometric information, medical records and history.
3. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

Provided that, any personal information that is freely available or accessible in public domain or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of this Policy

“Third party”: All external parties – contractors, vendors, interns, associates, customers and Business Partners – who have access to Planetcast information assets or information systems.

“Data Subject’’:  Data Subject for the purpose of this policy means and includes an employee and Third Parties, to whom the personal data relates, and in case of child or a person with disability, includes the parent or lawful guardian.

3. Application/Scope of Policy

This Policy applies to:

• data that is: (i) collected online, or (ii) collected offline and is digitised, and is processed (including outside India if it is for offering goods or services in India).
• all employees and Third Parties who receive personal information from Planetcast , who have access to personal information collected or processed by Planetcast , or who provide information to Planetcast.

All employees of Planetcast shall comply with privacy policy and principles when they collect and/or handle personal information/data or are involved in the process of maintaining or disposing of personal information/data.

4. Data Privacy obligations:
   • This Policy is governed by the applicable laws (for the time being in force) for the collection, processing and transfer of personal information/Data. Accordingly, the collection, use, transfer and disposal of personal information, except as specifically provided by this Policy or as required by applicable laws, Planetcast shall:
5. define document, communicate, and assign accountability (to the Grievance Officer/Data Protection Officer) for its privacy policies and procedures.
6. provide notice regarding:

• obtaining the Data Subject consent for the data it collects, the purpose thereof, uses, retention thereof, details of third party with whom it is shared. It is clarified that the use of personal information/Data shall comply with the purpose of collection as detailed the privacy notice / SoW / agreements and in accordance with the consent (of Data Subject) and applicable law.
• The manner in which the Data Subject may withdraw his consent and file his/her complaint/grievance.
• Consent shall be obtained (in writing or electronically) from the Data Subjects before or at the time of collecting personal information or as soon as practical thereafter.
• Planetcast shall not retain personal information longer than is necessary to fulfil the purposes for which it was collected and to maintain reasonable business records.

1. dispose the personal information/data once it has served its intended purpose or as specified by the Data Subject or as the applicable laws may require the retention.
2. allow Data Subject to manage, review or withdraw the consent. It is clarified that the consequences of withdrawal of the consent shall be borne by the Data Subject.
3. share personal information/data with third parties / partner firms only for purposes identified in the privacy notice / SoW / agreements.
   • Notice shall be provided to Data Subjects before or at the time of collection of personal information, or otherwise the notice shall be provided as soon as practical thereafter.
   • Planetcast shall disclose personal information in a secure manner, with assurances of protection by those parties, according to the contracts, laws and other segments, and, where needed, with consent of the Data Subject.
   • Planetcast shall implement measures to protect personal information from unauthorized access, data leakage and misuse. It is clarified that at present Planetcast operates an ”information security system” which complies with the requirement of ISO/IEC/27001:2013.
4. Policy communication:
   • The Data Privacy Policy shall be made readily available to all the employees of Planetcast. The policy shall be uploaded on the employee portal for easy reference of employees.
   • The Data Protection Officer/Grievance officer appointed by Planetcast, from time to time, shall be responsible for developing, documenting, enforcing, monitoring, and updating privacy policy and privacy related controls; and
   • The Data Protection Officer/Grievance officer appointed by Planetcast, from time to time, in coordination with other functional owners shall carry out privacy risk assessment for all the function to identify any risk of leakage of personal information and its criticality.
   • The Data Subject shall have the right to nominate an individual, to act, in the event of death of the Data Subject.
5. Collection of Personal Information
   • Personal information may be collected online or offline. Regardless of the collection method, the same privacy protection shall apply to all personal information.
   • Personal information shall not be collected unless either of the following is fulfilled:
     • the Data Subject has provided a valid, informed and free consent:
     • processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract: or processing is necessary for compliance with the Company legal obligation: or processing is necessary in order to protect the vital interests of the Data Subject; or processing is necessary for the performance of a task carried out in the public interest.
   • Data Subjects shall not be required to provide more personal information than is necessary for the provision of the product or service that Data Subject has requested or authorized. If any data not needed for providing a service or product is requested, such fields shall be clearly labelled as optional. Personal information shall be de-identified when the purposes of data collection can be achieved without personally identifiable information, at reasonable cost.
   • When using vendors to collect personal information on the behalf of Planetcast, it shall ensure that the vendors comply with the privacy requirements of Planetcast as defined in this Policy and the applicable law.
6. Use, Retention and Disposal
   • Personal information may only be used for the purposes identified in the notice / SoW / contract agreements and only if the Data Subject has given consent. Personal information shall be retained for as long as necessary for business purposes identified in the notice / SoW / contract agreements at the time of collection or subsequently authorized by the Data Subjects. When the use of personal information is no longer necessary for business purposes, a method shall be in place to ensure that the information is destroyed in a manner sufficient to prevent unauthorized access to that information or is de-identified in a manner sufficient to make the data non-personally identifiable.
   • Planetcast may, if required, perform an internal audit on an annual basis to ensure that personal information collected is used, retained and disposed-off in compliance with the Company’s privacy policy.
7. Access and Correction
   • Planetcast shall establish a mechanism to enable and facilitate exercise of Data Subject’s rights of access, blockage, erasure, opposition, rectification, and, where appropriate or required by applicable law, a system for giving notice of inappropriate exposure of personal information.
   • Data Subjects shall be entitled to obtain the details about their own personal information upon a request made and set forth in writing. Planetcast shall provide its response to a request. The Data Subjects shall have the right to require Planetcast to correct or supplement erroneous, misleading, outdated, or incomplete personal information. In case for specific queries more time is required, the same shall be communicated to Data Subjects.
   • Requests for access to or rectification of personal information shall be directed at the Data Subject’s option, to the manager of the projects team or support function responsible for the personal information. The privacy coordinators shall record and document each access request as it is received, and the corresponding action taken. Planetcast shall provide personal information to the Data Subjects in a plain simple format which is understandable (not in any code format).
8. Security
   • Information security policy and procedures shall be documented and implemented to ensure reasonable security for personal information collected, stored, used, transferred and disposed by Planetcast.
   • Information asset labelling and handling guidelines shall include controls specific to the storage, retention and transfer of personal information.
   • Management shall establish procedures that maintain the logical and physical security of personal information. Planetcast operates the “INFORMATION SECURITY SYSTEM” which complies with the requirement of ISO/IEC/27001:2013.
   • Incident response protocols are established and maintained in order to deal with incidents concerning personal data or privacy practices.
9. Quality
   • Planetcast shall maintain data integrity and quality, as appropriate for the intended purpose of personal data collection and use and ensure data is reliable, accurate, complete and current.
   • For this purpose, Data Protection Officer/Grievance officer shall have systems and procedures in place to ensure that personal information collected is accurate and complete for the business purposes for which it is to be used.
   • Planetcast may, if required, perform an annual assessment on the personal information collected to check for accuracy, completeness and relevance of the personal information.
10. Grievance mechanism: If the employee raises an enquiry or complaint, the employee shall bring the issue to the attention of the Data Protection Officer/Grievance officer or the authority, if any, under the applicable laws.
11. Ongoing Monitoring
    • Employees and Third Parties shall inform Data Protection Officer/Grievance officer if they observe any privacy vulnerability or security breach. Whenever an employee’s roles and responsibilities change, his access to personal information shall be reviewed and appropriately modified within 72 hours of such change.
    • If an employee is leaving the Company, his access to personal information shall be immediately revoked.
12. Websites  
    • Planetcast ’s websites are not directed at/or targeted at Children. No child who has not reached the age of 18 (Eighteen) years shall use the website unless supervised by an adult.
    • Planetcast is cognizant about privacy issues on the Internet and values the confidence that Business Partners/Third Parties have placed in Planetcast. In general, the third party or its business partners may access the Company’s websites without disclosing any personal information about themselves to Planetcast. There are times, when Planetcast may require information from the third parties or its business partners. At the time of collection of such information, the Planetcast may try (without any obligation) to inform third parties about the collection of information.
    • Information is also collected by Planetcast to measure the number of visits, average time spent on the website, pages viewed, etc. are used to measure the use of Planetcast’s website and improve the content of the website.
    • A technology called cookies may be used by Planetcast to provide third parties/ business partners with tailored information. A cookie is a tiny element of data that a website can send to a browser, which may then be stored on the hard drive so Planetcast can recognize the third party when they may return, third party may set the browser to notify them when they receive a cookie. Registering with Planetcast ’s business unit online signifies the unconditional consent to receive such cookies.
13. General:
    • Non-conformance to this policy could result in disciplinary action including informal or formal warnings.
    • All partner firms and any third-party working with or for Planetcast, and who have or may have access to personal information, shall be expected to have read, understand and comply with this policy. No third party may access personal information held by the Company without having first entered into a confidentiality agreement.
    • The policy shall be reviewed on an annual basis to ensure that the policy is consistent with applicable laws, regulations and appropriate standards.