The Information Security Policy of EXL Consulting, has been established based on the corporate philosophy and management principles and corporate conduct principles, and outlines the approach to information security, the requirements of EXL Consulting, and the ISO 27001:2013 and ISO 27701:2019 standards.
The management team and employees recognise the importance of information security and the practice of effective information security governance, and integrate information security into the corporate culture to make the EXL Consulting Organisation a trusted organisation by all concerned parties.
The EXL Consulting Security Policy confirms the following:
All information handled by EXL Consulting’s operations is acknowledged as an important asset, and activities involving security information are treated and managed appropriately. This includes customer and personnel information, confidential information relating to services, suppliers and associates, and all types of information systems that store and handle such information.
The established information security policy identifies responsibilities and competencies in the protection and monitoring of information assets.
Risks related to information security are assessed and managed demonstrating continuous enhancement of the information security management system and concerned parties confidence in the operational consistency of the EXL Consulting organisation.
Ongoing employee training and upskilling has been embedded in the corporate resulting in a high level of expertise and staff competence.
Systematic legal monitoring ensures compliance with laws, agreements and regulations regarding the security of the information management system.
The Information Security Management System is reviewed, maintained and optimized on an ongoing basis by the management.
The purpose of this Policy is to inform you in detail how and for what purpose we use your personal data in relation to the computer, tablet or smartphone application software in which you are about to participate, and the relevant rights and options you are entitled to.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
EXL Consulting is the main administrator and processor of the personal data concerning you. In addition, for the purposes described below, we may disclose personal data to other related third parties to process personal data relating to you to the extent permitted both by law and by your consent. These third parties are EXL Consulting’s regulatory bodies (Ministry of Health, Ministry of Labour, etc.), bodies which cooperate with EXL Consulting ( Municipalities, Regional Government, Universities, etc.) as well as its sponsors. The company may also disclose personal data for the purposes described below to its subsidiaries and affiliates.
PERSONAL DATA
Unless otherwise agreed with you, we shall only collect personal data required for your registration in the application for the purposes set out in the paragraph below. This includes any information that you provide to us directly through the above application and any information derived from your use and navigation through it.
This includes the following categories of data:
Personal details such as full name, e-mail address, area of residence and IP address. The IP address (e.g. 123.45.678.9) is determined by the Internet Service Provider (ISP) of the connection through which the visitor’s/user’s computer accesses the Internet. The IP address is kept for technical reasons, as well as for issues related to the security of the Connect App server, data base, etc., while it is also used for the collection of statistical data. The IP address of the user, from which he/she communicated with the EXL
Consulting website may be handed over to the competent police or judicial authorities, if duly requested.
PURPOSE OF PROCESSING
We will process your personal data as required in relation to the purpose of the processing and in particular for the following purposes (hereinafter “Permitted Purposes”):
For the purposes of developing cooperation and insurance policies.
General human resources management, including for the purposes of assignment to volunteer projects, travel and time tracking, training and development, performance management, emergency contacts, grievance and disciplinary procedures.
We will not use personal data concerning you to make automated decisions affecting you or for profiling, other than as described above.
PROTECTION OF PERSONAL DATA
We employ physical, electronic and procedural safeguards of advanced technology in accordance with applicable technical and legal requirements to protect personal data from unauthorized access or intrusion. These security measures include the implementation of specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption as deemed necessary. We will always strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data