Privacy Policy

1. Introduction

S P S Construction India Private Limited (Formerly known as SP Singla Constructions Private Limited) (hereinafter referred to as (“the Company,” “we,” “us,” or “our”) is committed to maintaining the highest standards of integrity, accountability, and transparency in handling personal and sensitive information. This Privacy Policy delineates our approach to the collection, use, storage, disclosure, and safeguarding of such data across all business activities and operations.

We ensure that our privacy practices remain fully compliant with applicable legal frameworks, including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and other rules ,regulations ,globally accepted data protection standards.

2. Scope & Purpose

This Policy applies to:

  • All personal information collected via physical or electronic mediums, including websites, applications, emails, and paper-based forms.
    • All stakeholders, including permanent, contractual, and temporary employees, interns, vendors, service providers, contractors, clients, job applicants, banks, and visitors.
    • All technological infrastructure such as hardware, software, servers, cloud environments, networks, and data repositories used by or on behalf of the Company.

Purpose:

To embed a culture of responsible data privacy, appropriate IT usage, and confidentiality protection while ensuring adherence to statutory obligations and industry best practices.

3. Key Definitions

  • Personal information means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person
    • Sensitive personal data or information of a person means such personal information which consists of information relating to; —
  • password;
    • financial information such as Bank account or credit card or debit card or other payment instrument details;
    • physical, physiological and mental health condition;
    • sexual orientation;
    • medical records and history;
    • Biometric information;
    • any detail relating to the above clauses as provided to body corporate for providing service;
    • any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise, provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information. Sensitive Personal Data: Financial details, biometric information, passwords, health records, etc., as defined by law.
    • Confidential Information: Proprietary business data not intended for public dissemination.
    • Processing: Any operation involving data—collection, storage, transmission, or deletion.
    • IT Resources: All technological systems, including hardware and software, used by the Company.
    • Policy: This Privacy & Information Security Policy, subject to amendments.

Any term or expression not specifically defined in this Policy shall have the same meaning as assigned to it under the Information Technology Act, 2000, and the applicable rules framed thereunder.

4. Confidentiality Commitments

  • Employees shall sign a Non-Disclosure Agreement (NDA) or equivalent clause at onboarding.
    • Confidential data must only be accessed on a need-to-know basis.
    • Upon cessation of employment, access rights are revoked, and all confidential documents and devices must be promptly returned.
    • Prior to collecting sensitive personal data or information, the Company shall obtain the individual’s consent in writing, whether through letter, fax, or email, explicitly confirming their agreement to the collection and intended purpose of usage of such data.

5. Acceptable Use of IT Resources

  • Official use only: All IT infrastructure is to be used strictly for business activities.
    • Limited personal use may be allowed provided it does not hinder productivity or security.
    • No unauthorized installations of software or hardware without IT approval.
    • Official email accounts must be used for company communications.
    • Sharing confidential data on unencrypted or unauthorized platforms is strictly prohibited.
    • Offensive or discriminatory content in any digital medium is unacceptable.
    • Remote work must be facilitated through secure VPNs and approved protocols.

6. Data Privacy & Protection Framework

  • Personal data shall be collected only for legitimate and necessary purposes with full disclosure to the data subject.
    • Notice of Collection: Individuals shall be informed about the purpose of data collection and offered access to privacy policies.
    • Information will be stored securely in access-controlled environments using robust security controls.
    • Rights of Data Subjects: Individuals can request access, correction, or deletion of their data in line with legal requirements.

7. Compliance with Legal Provisions

In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Company ensures the following:

  • Publication of Privacy Policy on the website of the company
    • Notification to data subjects regarding the purpose of data collection and the intended recipients of such information.
    • Audit of security practices at regular intervals by independent third parties or internal audits.
    • Abstaining from transmitting offensive or prohibited content over digital platforms, as prescribed under the Information Technology Act, 2000.

8. Information Security Measures

  • Deployment of firewalls, encryption protocols, anti-malware tools, and multi-factor authentication.
    • Role-based access with least-privilege principles applied.
    • Conducting quarterly vulnerability assessments and periodic penetration testing.
    • Backup and disaster recovery plans are maintained and tested regularly.

9. Monitoring & Audit

  • Continuous monitoring and logging of IT systems to detect threats and ensure compliance.
    • Access to monitoring tools is limited strictly to authorized personnel.
    • Regular audits are conducted to validate compliance with legal obligations and internal standards.

10. Training & Awareness

  • Mandatory training programs on Information Security and Data Privacy at induction and periodic refreshers.
    • Workshops, newsletters, and campaigns are conducted to maintain awareness among employees and stakeholders.

11. Cookies and Website Use

  • Our website may use cookies to improve navigation, user experience, and site analytics. Users may configure their preferences through browser settings. By continuing to use the site, you consent to cookie usage.

12. Third-Party Links

  • While we may provide links to third-party websites, we disclaim responsibility for their privacy practices or content. Users are advised to review external policies before sharing personal data.

13. International Data Transfers

  • If personal data is transferred outside India, we ensure that appropriate legal protections, including Data Protection Agreements or explicit user consent, are in place.

14. Policy Review & Amendments

  • This Policy will be reviewed at least once every three years or as required by changes in legal, technological, or operational environments. All updates will be communicated via official channels and published on the Company’s website.

15. Contact Information

The Company has designated a Grievance Officer to address any discrepancies or grievances of individuals regarding the processing of their personal data. The Grievance Officer shall endeavor to resolve such grievances expeditiously and within one month from the date of receipt of the grievance.

For any queries, grievances, or requests related to this Policy or the processing of your personal data, you may contact:

Grievance Officer: Mr. Srishti Raj Designation: Head – Information Technology Email: systems@spsingla.com

By the order of the Board For SPS Construction India Private Limited

Sd/- Sat Paul Singla

Chairman and Managing Director

DIN:00838781 Date:28.04.2025

© 2019 SPS Constructions India Pvt Ltd.