Privacy Policy

We VALUE YOUR PRIVACY

In general, you can visit our websites without telling us who you are and without revealing any information about yourself. However, at times, we may need some relevant information about you. Our Web servers collect domain names of visitors to measure the number of visits, average time spent on the site, pages viewed, etc. We do not save their e-mail addresses. We believe it is important you know how we treat the information we receive from you, on the Internet.

FPS does not share personal information about you with non-affiliated companies except:

• a. A. To provide products or services requested by you;
• b. B. When we have your permission or
• c. C. Under the following circumstances:

• i) We provide the information to trusted entities who work on behalf of or with us under strict confidentiality agreements. These entities may use your personal information to help us communicate with you about offers from FPS and our marketing partners. However, these companies do not have any independent right to further share or disseminate this information;
• ii) We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
• iii) We believe it is necessary to share the information in order to investigate, prevent, or take action against any illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
• iv) We believe it is necessary to share the information in order to protect or enforce FPS’s rights, usage terms, intellectual or physical property or for safety of FPS or associated parties.
• v) We may share information about you if FPS is acquired by or merged with another company.

When information is needed, we will try (but are not obligated) to let you know at the time of collection, how we will use the personal information. Usually, the personal information we collect is used only by us to respond to your inquiry, process an order or allow you to access specific account information.

Facility Plus Services will not be liable to any unsolicited information provided by you. Your consent to FPS using such information shall be as per our Privacy policy. We will make a sincere effort to respond in a timely manner to your requests to correct inaccuracies in your personal information. For this, please send message containing inaccuracies to us. our websites are not directed at or targeted at children. No one who has not reached the age of thirteen may use the websites unless supervised by an adult.

Cookies and other technologies

We sometimes collect anonymous information from visits to our sites to help us provide better customer service. For example, we keep track of the domains from which people visit and we also measure visitor activity on our web sites, but we do so in ways that keep the information of the

visitor anonymous. Facility Plus services or its affiliates or vendors may use this data to analyse trends and statistics and to help us provide better customer service. We maintain the highest levels of confidentiality for this information. Our affiliates and vendors follow the same high levels of confidentiality. This anonymous information is used and analyse only at an aggregate level to help us understand trends and patterns. None of this information is reviewed at an individual level. If you do not want your transaction details used in this manner, you can either disable your cookies or opt-out at the download or request page. Alternatively, you can set your browser to intimate upon receiving a cookie. You may accordingly decide to opt out.

Mailers

Facility Plus Services may, if you so choose, send direct mailers to you at the address given by you.

Anti-Spam policy

Facility Plus Services recognizes the receipt, transmission or distribution of spam emails (i.e. unsolicited bulk emails) as a major concern and has taken reasonable measures to minimize the transmission and effect of spam emails in our computing environment. All emails received by us are subject to spam check. Any email identified as spam will be rejected with sufficient information to the sender for taking necessary action. With this measure, along with other technical spam reduction measures, Facility Plus Services hopes to minimize the effect of spam emails. Facility Plus Services reserves the right to reject and/or report any suspicious spam emails, to the authorities concerned, for necessary action.

Links to Non-Facility Plus Services websites

FPS may provide links to third-party websites for your convenience and information. If you access those links through the FPS website, you will leave the FPS website. FPS does not control those sites or their privacy practices, which may differ from FPS’s practices. We do not endorse or make any representations about third-party websites. The personal data you choose to provide to or that is collected by these third parties, including any social media websites featured on our website, is not covered by the FPS’s Privacy Policy. We encourage you to review the privacy policy of any website before submitting your personal information.

FPS’s website may contain links to other sites such as that of its partners and affiliates. While we try to link only to sites that share our high standards and respect privacy, we are NOT responsible for the content or the privacy practices employed by such other sites. We may also provide social media features on our website that enable you to share FPS information with your social networks and to interact with FPS on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending

on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that could be shared by those sites.

At times we conduct online surveys to better understand the needs and profiles of our visitors. When we conduct a survey, we will try (but are not obligated) to let you know how we will use the information at the time we collect information from you on the Internet. You recognize and understand that there is no compulsion on you to provide us with your personal information and any and all personal information provided by you to us is with your full consent, own volition and desire to provide such personal information.

Privacy Policy for Recruitment and Contractor Engagement Services

Effective Date: 1st April 2015

At FACILITY PLUS SERVICES, we are committed to safeguarding the privacy and personal information of all individuals who interact with us. This Privacy Policy outlines how we collect, use, disclose, and protect personal information when providing recruitment services and managing relationships with independent contractors on behalf of our clients.

1. Scope

This Privacy Policy applies to personal information that we collect or process in the course of providing:

• Recruitment services, where we act as a third-party recruiter for our clients.


• Engagement and management of independent contractors, who work on projects for our clients.

This policy explains how we handle the personal data of:

• Job candidates (applicants for employment or contract roles).


• Independent contractors (who provide services directly to our clients).


• Our clients and partners.

2. Information We Collect

We collect personal information that is necessary to fulfill our contractual obligations with our clients, including but not limited to:

2.1 Candidates and Independent Contractors

• Personal Identifiable Information (PII): Full name, address, email, phone number, date of birth, government-issued identification numbers (such as Aadhar Card Number), PAN number.


• Employment Information: Work history, qualifications, certifications, educational background, references, performance data, and other job-related information.


• Financial Information: Bank details, tax information (PAN), and payment details for processing compensation.


• Background Checks: Information related to criminal records, credit checks, and other verification checks as required.

2.2 Clients

• Client Contact Information: Full name, position, contact details (email, phone number), and any other relevant business information.

3. How We Use Personal Information

We use personal information for the following purposes:

3.1 Recruitment Services

• To identify, assess, and communicate with candidates regarding potential employment or contract opportunities.


• To facilitate the recruitment process on behalf of our clients, including conducting background checks and verifying qualifications.


• To respond to inquiries and provide status updates throughout the recruitment process.

3.2 Independent Contractor Engagement

• To manage contractor relationships, including contract administration, project allocation, and payment processing.


• To ensure compliance with legal obligations, such as tax and reporting requirements.


• To verify the identity of independent contractors and ensure suitability for the projects they are assigned to.

3.3 Communication

• To maintain effective communication with both candidates, independent contractors, and clients about job opportunities, project status, or contractual obligations.

4. Sharing Personal Information

We may share personal information with third parties under the following conditions:

4.1 Clients

• We share relevant personal information about candidates and contractors with our clients for purposes of recruitment or project engagement.

4.2 Service Providers

• We may share data with trusted third-party service providers who assist with background checks.

Legal Compliance

• We may disclose personal information when required by law, regulation, or legal process (e.g., in response to a court order or government investigation).

5. Data Retention

We retain personal information for as long as is necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

• Candidates' data is retained for a reasonable period following the closure of a recruitment process, to facilitate future opportunities unless the candidate requests deletion.


• Contractor data is retained for the duration of their engagement and for as long as required by law (e.g., for tax and payment records).

6. Data Security

We implement appropriate technical and organizational measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security checks.

However, please note that no data transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining a high level of security.

7. Your Rights

You have the right to:

• Access your personal data and request copies.


• Correct inaccurate information.


• Delete your data, subject to any legal obligations.


• Withdraw Consent where data processing is based on your consent.


• Restrict the processing of your data in certain circumstances.


• Object to the processing of your personal data.

To exercise these rights, please contact us at hrsupport@facilityplus.co.in

8. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of those third parties.

We may update this Privacy Policy from time to time. Any changes will be posted on our website with the updated effective date. We encourage you to review this policy periodically to stay informed of how we are protecting your personal information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with the updated effective date. We encourage you to review this policy periodically to stay informed of how we are protecting your personal information.

10. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact us at:

Email: info@facilityplus.co.in

---

By using our services or submitting personal information, you agree to the terms outlined in this Privacy Policy.

Privacy Breach Policy

Effective Date: 01 st April 2015

At FACILITY PLUS SERVICES, safeguarding the personal information of individuals is a top priority. This Privacy Breach Policy outlines the procedures to follow in the event of a privacy breach, in compliance with applicable Indian data protection laws, including the Information Technology Act, 2000, and any other relevant legal frameworks.

1. Purpose

This policy aims to:

• Provide a clear framework for responding to privacy breaches.


• Protect affected individuals from harm, such as identity theft or financial loss.


• Comply with Indian legal and regulatory requirements.


• Ensure swift action to mitigate the impact of any breach.

2. Scope

This policy applies to all employees, independent contractors, and third-party service providers who handle personal information on behalf of FACILITY PLUS SERVICES. It covers all privacy breaches, including:

• Unauthorized access, disclosure, alteration, or destruction of personal information.


• Loss or theft of devices containing personal data.


• Accidental or intentional breaches resulting from internal or external activities.

3. Definition of a Privacy Breach

A privacy breach occurs when there is unauthorized access, collection, use, disclosure, or loss of personal information. This may include:

• A cyberattack that exposes sensitive data.


• A misplaced or stolen laptop containing personal information.


• Accidental transmission of personal data to an unintended recipient.

4. Privacy Breach Response Team (PBRT)

A designated Privacy Breach Response Team (PBRT) will manage all privacy breaches. This team will include:

• Chief Privacy Officer (CPO) or Data Protection Officer (DPO) – responsible for overseeing the response to the breach.
• IT/Security Lead – manages technical containment and investigation.


• Legal Counsel – ensures compliance with Indian data protection laws.


• Communications Lead – manages internal and external communications, including notifications to affected individuals and authorities.


• HR/Management Representative – ensures coordination among internal staff.

5. Steps for Responding to a Privacy Breach

5.1 Step 1: Identification and Containment

Immediate Reporting: Upon discovering a breach or potential breach, the individual must immediately report the incident to the Privacy Breach Response Team.

Containment Actions: The PBRT will take immediate steps to limit the impact of the breach, including:

• Disconnecting compromised systems from the network.


• Disabling affected user accounts.


• Shutting down breached systems or servers.


• Recovering lost or stolen devices.

5.2 Step 2: Assessment and Investigation

The PBRT will:

• Assess the Scope: Determine the extent of the breach, including the type and volume of personal data affected and who is impacted.


• Evaluate the Risk: Analyze the potential harm to affected individuals (e.g., identity theft, fraud, reputational damage).


• Identify the Cause: Determine the root cause of the breach, whether through a malicious attack, internal error, or technical failure.

5.3 Step 3: Notification to Affected Individuals

If the breach poses a risk of significant harm to individuals, prompt notification will be issued. Notifications must include:

• A description of the breach: How the breach occurred and what was affected.


• Details of compromised information: Types of personal data impacted.


• Steps being taken: Actions we are taking to mitigate harm.


• Recommended actions for individuals: Suggestions on how affected individuals can protect themselves (e.g., changing passwords, monitoring financial accounts).


• Contact information: Details for further inquiries or assistance.

The preferred communication method (e.g., email, phone call, or postal mail) will be chosen based on the nature of the breach.

5.4 Step 4: Notification to Regulators and Authorities

In compliance with Indian law, where necessary, the breach will be reported to:

• CERT-In (Indian Computer Emergency Response Team): As required under Section 43A of the Information Technology Act, 2000, and relevant guidelines.


• Data Protection Authorities: If the breach involves sensitive personal data or information (SPDI), such as financial details or health data, as outlined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

5.5 Step 5: Notification to Third Parties

Where necessary, third parties (such as service providers or partners) will be notified, particularly if the breach affects systems or data under their control.

6. Mitigation and Remediation

• Corrective Measures: Based on the investigation, steps will be taken to rectify vulnerabilities in systems or processes. This could involve upgrading security protocols, improving access controls, or introducing multi-factor authentication.


• Data Recovery and Monitoring: Compromised systems will be restored, and enhanced monitoring will be initiated to prevent further incidents.


• Support to Affected Individuals: Depending on the severity, we may offer assistance, such as credit monitoring or identity theft protection, to affected individuals.

7. Documentation and Reporting

A comprehensive record of the privacy breach will be maintained, including:

• Date and time of the breach.


• Nature of the breach and the data involved.


• Actions taken to contain and remediate the breach.


• Notifications made to individuals and authorities.


• Improvements implemented to prevent recurrence.

This documentation will be retained as per Indian legal requirements and will be reviewed periodically.

8. Training and Awareness

Employees, contractors, and third-party service providers will receive regular training on data privacy, information security, and breach response protocols. This will include:

• How to recognize and report a potential breach.


• Procedures for protecting sensitive personal data.


• Responsibilities under Indian data protection laws.

9. Review and Amendments

This Privacy Breach Policy will be reviewed and updated regularly to remain compliant with changes in Indian laws and industry standards. Any changes will be communicated to employees and stakeholders.

10. Legal and Regulatory Framework

This policy has been developed in compliance with relevant Indian laws, including:

• The Information Technology Act, 2000


• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011


• Any relevant state-level data protection regulations


• CERT-In guidelines for incident reporting and response.

11. Contact Information

For any questions regarding this Privacy Breach Policy or to report a breach, please contact:

Email: info@facilityplus.co.in