CYE Technology Pvt Ltd Privacy Policy

1.1. Introduction & Purpose

CYE Technology Pvt Ltd is dedicated to protecting employee personal data, using it responsibly for business operations and legal compliance. We adhere to Indian laws like the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and are prepared for the Digital Personal Data Protection Act (DPDP Act).

1.2. Scope

This policy applies to all employees (full-time, part-time, contract, consultants, interns) from recruitment to post-employment retention periods as required by law.

1.3. Definitions

• Personal Data: Information identifying an individual (e.g., name, address, contact details, date of birth, gender, nationality, government IDs like Aadhar, PAN).
• Sensitive Personal Data or Information (SPDI): Includes passwords, financial details, health, sexual orientation, medical records, biometric data, as per Indian IT Rules, 2011.
• Legal Purpose: Data usage required by law, court orders, or for legitimate business needs (employment, security, IP protection, client engagement).

1.4. Data Collected

We collect only essential data for employment and operations:

• Identity & Contact Details: Full name, addresses, phone numbers, emails, date of birth, gender, nationality, marital status, emergency contacts, government IDs (passport, Aadhar, PAN, voter ID).
• Professional & Employment Information: Job title, department, employee ID, resume, education, certifications, past employment, performance reviews, disciplinary actions, leave, attendance, training history.
• Work-Related & Activity Data: Project assignments, code contributions, Git activity logs, bug tracking, usage stats for development tools (IDEs, CI/CD, cloud consoles), work communications (emails, chats).
• Financial Data: Bank details, salary structure, PF/ESI, tax info (TDS), benefits enrollment, expense reports.
• Biometric/Security Data: Fingerprint/facial recognition for access/attendance, with explicit consent and withdrawal options (non-biometric alternatives available).
• Technical Data: IP addresses, device IDs, system logs, work-related browsing history on company networks, app usage, network activity (for security, performance, compliance).

1.5. Purpose of Data Collection

Data is used solely for legitimate purposes:

• HR & Employment Management: Contracts, payroll, benefits (PF, ESI, insurance), leave, performance, training, workforce planning.
• Legal Compliance: Adhering to Indian laws (Companies Act, Income Tax Act, PF Act, ESI Act, Shops & Establishments Acts), responding to legal requests.
• Business Operations: Client introductions, compliance proof, project staffing, collaboration (limited to professional info).
• Internal Operations: Reporting, analytics, process improvement, communication.
• Security & Risk Management: Protecting systems, data, IP from threats, fraud, policy violations.
• IP Protection: Tracking contributions, securing code repositories.
• Communication: Enabling work-related communication.

1.6. Data Sharing

Data is shared only when necessary, under strict controls:

• Internal Sharing: Limited to departments (HR, Finance, IT, Legal, Management) on a need-to-know basis.
• External Sharing:
  • Clients/Partners: Professional info (name, job title, work email) shared only when legally/contractually required, with consent where needed.
  • Third-Party Vendors: Shared with trusted providers (payroll, benefits, IT support, cloud) under strict confidentiality agreements.
  • International Transfers: Professional data may be transferred globally for projects, complying with Indian laws and international mechanisms.
  • Legal Obligations: Disclosed when required by law, court orders, or to protect company rights/safety.
  • Business Transfers: Data may be transferred in mergers/acquisitions, with confidentiality safeguards.
• No Sale of Data: We do not sell or lease employee data.

1.7. Data Security

We employ robust security measures:

• Encryption: Sensitive data encrypted at rest and in transit.
• Access Controls: Role-based access, least privilege enforcement.
• Secure Infrastructure: Secure servers, cloud environments, Endpoint Detection and Response (EDR).
• Audits & Testing: Regular security audits, vulnerability assessments, penetration testing.
• DevSecOps: Security integrated into development lifecycle.
• Incident Response: Plan for rapid detection, containment, notification, and remediation of breaches.

1.8. Employee Rights

You have the following rights, subject to Indian laws:

• Access: Confirm and access your processed data.
• Rectification: Correct inaccurate/incomplete data.
• Erasure: Request deletion when data is no longer needed (subject to legal retention).
• Restriction: Restrict processing in certain cases (e.g., contested accuracy).
• Objection: Object to processing for legitimate interests or marketing.
• Portability: Receive data in a machine-readable format (where feasible).
• Withdraw Consent: Withdraw consent for data like biometrics, with alternatives provided.
• Complaint: Lodge complaints with data protection authorities.

To exercise rights, email our Privacy Officer at cyetechnologypvtltd@gmail.com.

1.9. Data Retention

Data is retained only as needed for employment or legal requirements (e.g., 7-8 years post-termination for financial records). Non-essential data is deleted/anonymized promptly.

1.10. Data Breach Response

• Employees will be notified within 56 hours or as required by law (per CERT-In guidelines).
• We will investigate, contain, mitigate, and report breaches to authorities.
• Report suspected breaches to cyetechnologypvtltd@gmail.com.

1.11. Training & Compliance

Annual data privacy and security training is mandatory. Violations may lead to disciplinary action.

1.12. Policy Updates

Updates will be communicated via HR platform/email.

1.13. Cookies and Data Privacy Policy

CYE Technology Pvt Ltd uses cookies and similar technologies on our websites, HR portals, and applications to enhance user experience, ensure security, and comply with legal obligations. This section outlines how we use cookies, the types of cookies we employ, and your choices regarding their use.

1.13.1. What Are Cookies?

Cookies are small text files stored on your device when you visit our websites or use our applications. They help us recognize your device, remember preferences, and analyze usage patterns to improve functionality and security.

1.13.2. Types of Cookies We Use

• Essential Cookies: Required for core functionality, such as accessing secure areas (e.g., HR portals, payroll systems) and maintaining session integrity. These cannot be disabled.
• Performance Cookies: Collect anonymized data on how users interact with our systems (e.g., page load times, navigation paths) to optimize performance.
• Functional Cookies: Remember user preferences (e.g., language, theme settings) to provide a personalized experience.
• Security Cookies: Enhance security by detecting suspicious activities, preventing unauthorized access, and supporting multi-factor authentication (MFA).
• Analytics Cookies: Used to understand system usage trends (e.g., number of logins, feature usage) to improve services, with data anonymized where possible.

1.13.3. How We Use Cookies

Cookies are used for the following purposes:

• Authentication and Security: Verify user identity, maintain secure sessions, and protect against unauthorized access.
• Service Delivery: Enable access to employee-specific features (e.g., leave requests, payslips, attendance tracking).
• Performance Optimization: Monitor system performance to ensure fast and reliable access.
• User Experience: Save preferences to streamline interactions with our platforms.
• Compliance and Analytics: Track usage to meet legal requirements and improve internal processes, ensuring compliance with Indian IT Rules, 2011, and the DPDP Act.

1.13.4. Third-Party Cookies

We may use trusted third-party services (e.g., cloud providers, analytics tools) that set cookies under strict data processing agreements. These cookies are limited to professional purposes, such as monitoring system performance or ensuring security. We do not allow third-party cookies for advertising or marketing.

1.13.5. Cookie Consent and Management

Upon accessing our systems, you will be notified about cookie usage via a consent banner, except for essential cookies, which are always active. You can:

• Accept All Cookies: Allow all cookies for full functionality.
• Customize Preferences: Enable/disable non-essential cookies (performance, functional, analytics) via our cookie settings panel.
• Withdraw Consent: Update preferences at any time through the cookie settings link in the footer of our websites or HR portals.

Disabling non-essential cookies may limit some features, such as personalized settings or usage analytics.

1.13.6. Browser Settings

You can manage cookies via your browser settings to block or delete them. Note that blocking essential cookies may prevent access to secure areas of our systems. Refer to your browser’s help section for instructions.

1.13.7. Data Collected via Cookies

Cookies may collect:

• Technical Data: IP addresses, device IDs, browser type, operating system, timestamps.
• Usage Data: Pages visited, clicks, time spent, feature interactions.
• Preference Data: Language, theme, or layout choices.

This data is processed in accordance with Section 1.4 (Data Collected) and Section 1.5 (Purpose of Data Collection).

1.13.8. Data Security and Retention

Cookie data is protected using the security measures outlined in Section 1.7 (Data Security). Non-essential cookie data is retained for up to 12 months or as required by law, after which it is deleted or anonymized.

1.13.9. Your Rights

You have the rights outlined in Section 1.8 (Employee Rights) regarding cookie data, including access, rectification, erasure, and objection. To exercise these rights or for cookie-related inquiries, contact our Privacy Officer at cyetechnologypvtltd@gmail.com.

1.13.10. Policy Updates

Changes to this cookie policy will be communicated via HR platforms or email, as described in Section 1.12 (Policy Updates).

1.14. Contact Us

Contact our Privacy Officer at: CYE Technology Pvt Ltd, 3rd Floor, R3 Building, LB Nagar Metro Station Gate -C, Hyderabad, Telangana 500074. Email: cyetechnologypvtltd@gmail.com.

2.1. Introduction & Purpose

This policy outlines how employees access and manage personal employment data (e.g., HR portals, leave, payroll, attendance) using company systems, ensuring secure and responsible usage on personal or company devices.

2.2. Scope

Applies to all employees accessing systems for employment data, covering HR platforms, payroll/leave apps, and attendance systems, regardless of device type.

2.3. Definitions

• Company Systems: Digital resources for employment data access.
• Personal Device (BYOD): Employee-owned devices used for access.
• Company-Provided Device: Devices supplied by the company.
• Authorized Access: Granted rights for employment functions.
• Credentials: Authentication info (usernames, passwords, MFA).
• BYOD: Using personal devices for company systems.

2.4. Access Authorization

• Employment-Based: Access granted only for employment tasks.
• Least Privilege: Limited to necessary data/features.
• Approval: Additional access requires HR approval via cyetechnologypvtltd@gmail.com.
• Dynamic Access: Adjusted/revoked upon status changes.

2.5. Authentication Requirements

Strict security measures apply:

• Passwords: 14+ characters, complex, updated every 90 days.
• Confidentiality: Never share credentials; you’re responsible for actions under your account.
• MFA: Mandatory where available.
• Device Security (BYOD):
  • Strong password/PIN/biometric lock.
  • Updated OS with security patches.
  • Antivirus/anti-malware (laptops/desktops).
  • Disk encryption (BitLocker, FileVault).
  • Apps from trusted sources only.
• Physical Security: Secure devices and don’t leave unattended.

2.6. Acceptable Use & Accuracy

Follow these guidelines:

• Work-Related Use: For HR tasks, leave, payroll, profile updates only.
• Data Accuracy: Ensure truthful data entry; misrepresentation is a violation.
• No Unauthorized Access: Don’t access unauthorized data/systems.
• Logouts: Log out after use, especially on shared devices.
• No Unapproved Software: Avoid software that risks security.
• Resource Use: Don’t overuse bandwidth or violate licenses.

2.7. Monitoring & Logging

• Logging: All activities (IPs, timestamps, app usage, data access) are logged.
• Purpose: For security, compliance, performance, troubleshooting, IP protection.
• No Privacy Expectation: No privacy for work-related system use; data may be used in investigations.

2.8. Security Responsibilities & Reporting

Employees must:

• Report Issues: Notify HR of suspicious activity at cyetechnologypvtltd@gmail.com.
• App Issues: Report malfunctions in apps (e.g., attendance).
• Device Security: Follow security protocols.
• Network Usage: Avoid unsecured Wi-Fi; use approved VPNs.
• Training: Complete mandatory security training.

2.9. Advanced Security Measures

We implement:

• Threat Detection: Intrusion detection/prevention, SIEM systems.
• Anomaly Detection: Alerts for unrecognized devices/locations.
• Audits: Regular compliance audits.

2.10. Policy Updates

Updates communicated via HR platform/email.

2.11. Contact Us

For issues, contact HR at: CYE Technology Pvt Ltd. Email: cyetechnologypvtltd@gmail.com.

3.1. Introduction & Purpose

Our digital assets (websites, systems, apps, client data, IP) are critical. This policy ensures their protection by governing employee interactions, focusing on security in a BYOD model, preventing misuse, ensuring compliance, and safeguarding our reputation with strict consequences for violations.

3.2. Scope

Applies to all employees interacting with:

• Company Systems: Networks, cloud, servers, databases, email, ERP, security tools.
• Websites: Public/internal portals, dashboards, web apps.
• Apps: Proprietary/licensed software, IDEs, CI/CD tools.
• Projects: Work products, code, designs, IP.
• Data: All info created/stored on systems, including confidential info/IP.

Applies regardless of device or location.

3.3. Definitions

• Company Systems: All digital infrastructure.
• Websites: All company web portals/apps.
• Apps: Software used for projects.
• Projects: Work products, including IP.
• Data: All info on systems, including confidential/IP.
• Confidential Info: Non-public data (client info, strategies, vulnerabilities).
• IP: Creations during employment (code, designs), owned by the company.
• Credentials: Authentication info (passwords, MFA, API keys).
• BYOD: Employee devices used for work.

3.4. Prohibited Actions

These actions are prohibited and lead to severe consequences:

• Unauthorized Access: Probing vulnerabilities, bypassing controls.
• Credential Misuse: Sharing credentials, leaving sessions unsecured.
• Non-Work Use: Personal gain, illegal activities (hacking, mining, gambling).
• Data Disclosure: Sharing confidential/IP data without authorization.
• Data Damage: Modifying/deleting data, introducing malicious code.
• IP Misappropriation: Sharing proprietary code/designs with unauthorized parties.
• Sabotage: Disrupting services, introducing bugs.
• Security Bypass: Circumventing security measures.
• Third-Party Violations: Breaching third-party terms/licenses.
• Harmful Conduct: Harassment, bullying, defamation via company systems.
• Non-Reporting: Failing to report misuse, breaches, vulnerabilities.

3.5. Monitoring & Data Collection

We monitor extensively:

• Logging: All activities (network, app usage, project activity).
• Purpose: Security, compliance, performance, IP protection.
• No Privacy: No privacy for work-related activities; data may be used in investigations.
• DLP: Prevents unauthorized data exfiltration.
• Behavioral Analytics: Detects anomalies indicating threats.

3.6. Disciplinary Actions

Violations lead to:

• Warnings: Verbal to written warnings.
• Suspension: Without pay, pending investigation.
• Termination: For gross misconduct, per Indian laws.
• Fines: For misuse, covering costs/losses.
• Damages: Liable for financial/operational/reputational harm.
• Access Revocation: Immediate during investigations.

3.7. Investigation Process

• Investigation: Led by Compliance, IT, HR, Legal.
• Review: Logs, forensics, device examination, interviews.
• Cooperation: Employees must cooperate fully.
• Findings: Communicated within 10 business days where feasible.

3.8. Employee Responsibilities

You must:

• Report: Misuse, breaches, vulnerabilities to cyetechnologypvtltd@gmail.com within 24 hours.
• Cooperate: Fully assist in investigations.
• Training: Complete security training.
• BYOD Security:
  • Strong authentication.
  • Updated OS/software.
  • Antivirus/anti-malware.
  • Disk encryption.
  • Secure network usage (VPN if provided).
  • Data segregation.
  • Physical security.
• Project Data: Treat data on personal devices with confidentiality, back up to approved storage, delete securely.

3.9. Employee Acknowledgment

Acknowledge compliance upon hiring and annually via HR platform.

3.10. Advanced Consequences for Misuse

Additional penalties include:

• Project Penalties: Restrictions on assignments, training, bans.
• Reputational Harm: Legal action for defamation, brand damage.
• Client Impact: Restitution for client-related misuse.
• Post-Termination: Legal action for breaches of confidentiality/IP clauses.
• Audit Trails: Documented for legal/compliance purposes.

3.11. Policy Updates

Communicated via HR platform/email.

3.12. Contact Us

Contact our Compliance Officer at: CYE Technology Pvt Ltd. Email: cyetechnologypvtltd@gmail.com.

For inquiries, data rights, or to report violations, contact our Privacy Officer:

CYE Technology Pvt Ltd
3rd Floor, R3 Building, LB Nagar Metro Station Gate -C, Hyderabad, Telangana 500074
Email: cyetechnologypvtltd@gmail.com