Personal Data is any data relating to identified or identifiable natural person (Personal Data)

AuthBridge collects/receives your Personal Data on this application to provide its services i.e. background verification to its Clients.

The Personal Data collected will generally include-

• individual name, date & place of birth, gender;
• contact number (mobile, residence), E-mail ID;
• family details (parents’ name);
• address details (previous, current, permanent);
• Identity details (passport/driving license/PAN card/voter card/ration card no.);
• education details (degree/mark sheet/certificate);
• employment history (previous, current);
• professional reference (current, previous);
• personal reference (known; but not blood relative);
• criminal record check (police verification);

Sensitive Personal Data is a specific set of “special categories” that must be treated with extra security. AuthBridge collects the below mentioned sensitive Personal Data

• fingerprint/health records / credit and financial details

The extent of Personal Data collected from you would vary depending on the background verification checks agreed with your employer/ AuthBridge’s client you have engagement with.

AuthBridge collects/receives Personal Data by fair, lawful, and transparent means. AuthBridge obtains Personal Data in an authorized manner for legitimate business purposes including data collected on behalf of AuthBridge’s client(s) whether by telephone, e-mail, hard copy, via AuthBridge’s online application form, client’s online portal for providing services to its clients. The specific kind of user data collection will depend on the services used.

Consent for undertaking Background verification:

AuthBridge being a processor does not undertake collection of Personal Data for background verification unless it or the Client has obtained the prior consent of the individual. The consent by the individual is required to be provided in written as a hard copy or electronically before AuthBridge undertakes the services as may be required for the Client(s). Where AuthBridge directly collects the Personal Data from an individual on client’s behalf, prior to such collection AuthBridge provides the individual an option to deny the consent for processing its Personal Data.

While collecting the Personal Data, AuthBridge requires its clients to ensure that the Authorization Note is duly read & signed by the individual, stating the purpose of Personal Data disclosure to AuthBridge and its third party/ies service providers for the purpose of delivering the intended services to ensure adherence to applicable legal and regulatory laws.

Your data is used by AuthBridge only for the purpose of providing its services to the Clients. The records of processing activities are maintained.

Whenever we undertake trend analysis of Background verification results and discrepancies, the data used for analysis does not contain any Personal Data.

AuthBridge, with partnerships globally, may need to transfer individual’s Personal Data to third party service providers including overseas' to render certain elements of background verification services. However, any such information transferred shall be subject to appropriate data privacy obligations.

The Personal Data may be shared/transferred only if it is necessary for the performance of a lawful contract between AuthBridge and Client(s) or where the individuals have provided their consent to such share/transfer. AuthBridge always, binds its employees and third-party service providers to the high standard of protection of Personal Data and its processing only for the authorized purpose. The records of such transfers are maintained.

AuthBridge will share your Personal Data to its employees in order to undertake your Background Verification done.

As a rule, AuthBridge does not disclose Personal Data to any third party unless such disclosures would be necessary for AuthBridge provision of the service to the Client(s). Such necessary disclosures other than written request from government would occur in accordance with applicable laws and may include-

• Data shared with relevant sources to obtain verification;
• Instances where AuthBridge has contracted with third parties to assist in providing services to AuthBridge’s Client(s), including such elements as delivery, verification and system support;
• Where AuthBridge is under an obligation by law to disclose Personal Data;
• Or where AuthBridge believes that a disclosure is necessary to identify or bring legal action against individuals who may be endangering public safety or interfering with AuthBridge property or services, or with our Client’s or others' use of them.

AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard-

Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.

Risk Assessment - Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.

Personnel Security - All employees are background verified prior to sharing the Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically. For AuthBridge's third party service providers, background verification is also conducted along with signing the agreement including data privacy or data security terms, NDA and Code of conduct.

IT Controls - Access provisioning and de-provisioning is performed in accordance with the defined access management procedure. Accesses are granted only to authorized personnel on need to know basis.

Servers and systems are hardened considering the blockage of USB/CD drives and transmission of data outside of the organization's data network is encrypted by use of appropriate encryption techniques. Data at rest in computer systems or servers owned by or located within organization-controlled spaces and networks are encrypted with strict access controls that authenticate the identity of those individuals who access to the specific system or data.

Antivirus and Patches are updated on the regular basis in accordance with the respective defined procedures. Personal Data is disposed in a secure manner so that it can be made unrecoverable.

WAPT/VAPT is performed for all critical applications, servers and networks.

AuthBridge has its business continuity policy and plan made to deal with any situation where the current business is interrupted. On-site backup is taken for AuthBridge business critical applications and servers real time. Off-site back is taken every 24 hours.

Physical Security Controls - AuthBridge's premises are protected 24/7 through security guards to restrict any unauthorized entry.

ID card & entry process is in place for the employees and visitors. No visitor is allowed on operations floor unless escorted and approved. Off-site asset movement procedure is implemented for maintaining all logs of assets moving in and out of premises.

Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done quarterly.

There is 24/7 CCTV monitoring on floors. Restricted areas are labeled, and only authorized users can enter. Documents are kept in lock and key.

There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented.

Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, visitor register, and inventory movement register in place.

Incident Management Process - Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted clients (if applicable) who must further notify the respective individual/s.

To withdraw/ update/ delete your consent for AuthBridge to process your Personal Data or request to update/delete your Personal Data, we encourage you to speak to your employer/AuthBridge’s client you have engagement with. On his/her request, your request will be withdrawn, or Personal Data will be updated/deleted. On receiving such requests, AuthBridge will immediately act upon the same.

Rights for EU Data Subjects

If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws-

• to learn whether your Personal Data is processed by us and to request a copy of your Personal Data and information relating to the processing of your Personal Data
• to request the correction of any inaccurate or incomplete Personal Data
• to request the erasure of your Personal Data or the restriction of the processing of your Personal Data
• to object to our processing of your Personal Data
• to withdraw your consent, you have given
• to lodge a complaint with the applicable regulatory/ supervisory authority

If you are an AuthBridge client, please write to us on the email id/ address provided in Contact us section given below.

If your Personal Data is being processed by AuthBridge as a third party for your Background verification, and you wish to exercise any of your rights under the applicable law, we request you to reach out to your employer/AuthBridge's client you have engagement with. On receiving the communications from its clients about your request, AuthBridge will immediately act upon the same in accordance with the applicable law.

As AuthBridge collects your Personal Data only on behalf of its client, it is retained as per the retention period agreed with such client by way of a written agreement. In case you have any query, please connect with your employer/AuthBridge's client you have engagement with.

Change to this privacy policy

We may review and update this privacy statement from time to time. To let you know, we will amend the revision date on top of this page.

Contact us

We commit to handle your Personal Data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your Personal Data you are encouraged to contact your employer/AuthBridge's client you have engagement with. AuthBridge will cooperate with any investigation to resolve any issues.

If you wish to contact AuthBridge for any privacy related query/concern, then please send email at privacy@authbridge.com Or mail to:

Privacy & Compliance Officer
AuthBridge Research Services Pvt Ltd
Plot No. 123, II Floor, Udyog Vihar,
Phase IV – Gurgaon – 122 015
Haryana, India