Reliance Retail Venture Limited

Data Privacy Policy

Use and Interpretation of this Document

This document is classified Reliance Retail Venture Limited Internal. Distribution is intended for Reliance Retail Venture Limited authorized recipients only. The content of this document is proprietary information, protection of which is required by Reliance Retail Venture Limited’s Code of Conduct. Its distribution and use by any person outside Reliance Retail Venture Limited are subject to the terms and conditions of any applicable agreement or contract, as the case may be, under which it was supplied or received.The content of this document may differ from or go beyond what is legally required. This document does not affect the obligation to comply with applicable legal and regulatory requirements. Reliance Retail Venture Limited’s Requirements, Reliance Retail Venture Limited Recommendations, and Reliance Retail Venture Limited Permissive Statements apply only if they do not conflict with applicable legal and regulatory requirements. If any apparent conflict with applicable legal and regulatory requirements is identified, a reader should seek advice from Reliance Retail Venture Limited Legal.The authoritative set of Reliance Retail Venture Limited Requirements. Readers are reminded to check that any paper or other version of this document is current. Reliance Retail Venture Limited Recommendations are made available to help readers within Reliance Retail Venture Limited to choose between potential options that may be available to them, for example, to convey a desirable (but not mandatory) higher standard going beyond a Reliance Retail Venture Limited Requirement. An alternative approach may be necessary or appropriate.This document does not seek to describe or establish an industry standard or practice, and its content may differ from or go beyond what a reader might consider to be good or best practice. The content of this document has been approved for Reliance Retail Venture Limited’s purposes only. No person outside Reliance Retail Venture Limited is entitled to rely on its content, and Reliance Retail Venture Limited accepts no liability or responsibility for any such usage. The English language version of this document is the original and has primacy over any translation into another language in the event of any conflict or inconsistency.

Applicability All Reliance Retail Venture Limited
Issue Date January 2018
Issuing Authority Group Compliance Committee
Content Owner Chief Information Officer
Unique Identifier Not Applicable
Legacy Identifier Not Applicable

Foreword

Reliance Retail Venture Limited (RRVL) is committed to safeguard the privacy of individuals and ensures that they continue to trust RRVL with their personal data or information. We believe that when our customers, employees, and other key stakeholders entrust us with their personal information, we owe it to them to safeguard it and to use it wisely and in a judicious manner. Ensuring and safeguarding data privacy is the right thing to do.

  1. RRVL has adopted a data privacy policy that identifies the organization’s objectives for privacy. This policy articulates the definition of personal information and underlines the importance of the data elements that fall under the definition.
  2. The data shall be collected by fair and lawful means, with the knowledge of the provider of information.
  3. Implicit or explicit consent has been and will continue to be obtained from the provider of information with respect to the collection, use, and disclosure of personal information received.
  4. We will provide notice about our privacy policies and procedures which identifies the purposes for which personal information is collected, used, retained, and disclosed.
  5. An inventory of elements has been created that are important from the privacy perspective, and which are subject to the requirement of this policy.
  6. We ensure that the provider of information is giving access to his/her information gathered and stored in our systems and is also enabled to modify the data provided by him/her.
  7. RRVL limits the use of personal information to the purposes for which the individual has provided consent. We will retain personal information for only as long as necessary to fulfil the stated purposes or as required by law and thereafter appropriately dispose of such information.
  8. RRVL may potentially disclose personal information to third parties only for the purposes for which the individual has provided consent.
  9. We shall maintain a comprehensive framework that is organized to achieve the end goals of data security and privacy. It includes security practices, standards, and policies with the objective of protecting personal information from unauthorized access and improper use, and ensures periodic review of the same.
  10. We will provide ongoing data privacy training to the target audience and ensure that adequate level of understanding exists about privacy requirements, applicable privacy principles, and their implications.

For further details, please refer to the detailed RRVL Data Privacy Policy provided hereinafter.

1. Table of Contents

Introduction

At Reliance Retail Venture Limited (RRVL) we respect the privacy of the individual and are committed to take reasonable precautions to protect information consisting of Personal information and `Sensitive Personal Data or Information’ (SPDI) (“Information”) of individuals and comply with all legal, regulatory and contractual obligations related to privacy. RRVL has adopted the “Privacy by Default” principles in its approach to data privacy i.e. privacy of data and information is upheld first by default.

This policy covers the processing, storage and access to such Information as required under lawful and contractual activities with RRVL or otherwise required in the normal course of business. It describes RRVL’s policies and procedures on the collection, usage and disclosure of such Information provided/received by natural persons and meets the requirements established under:

1. Scope

This policy applies to all RRVL employees, including employees of the companies listed in Annexure “A”. For the purposes of this policy, the employees of the companies listed in Annexure “A” shall hereafter read the name of their respective companies in place of RRVL.

2. Required References

2.1 Reliance Information Security Policy

2.2 Requirements of the Information Technology Act, 2000 Click Here

3. Terms and Definitions

3.1 Shall – designates a Reliance Retail Venture Limited Requirement, and is used in Reliance Retail Venture Limited Requirement Documents only when it is designating a Reliance Retail Venture Limited.

3.2 Should – designates a specific recommendation where conformance is not mandatory.

3.3 May – designates a permissive statement – an option that is neither mandatory nor specifically recommended.

4. Policy Framework

4.1. Information covered by this Policy

This Privacy Policy applies to Information collected and processed by the organization consisting of following:

4.1.1. Personal information is information related to an individual, or a combination of pieces of information that could reasonably allow an individual to be identified. Personal information may consist of full name, personal contact numbers, residential address, email address, gender or date of birth. While information such as date of birth in isolation may not be enough to uniquely identify an individual, a combination of full name and date of birth may be sufficient to do so.

4.1.2. Sensitive personal data or information (“SPDI”) is such personal information that is collected, received, stored, transmitted or processed by the organization, consisting of:

  1. Password;
  2. Financial information such as bank account or credit card or debit card or other payment instrument details;
  3. Physical, physiological and mental health condition;
  4. Sexual orientation;
  5. Medical records and history;
  6. Biometric information;
  7. Any detail relating to the above personal information categories as provided to the organization for providing service;
  8. Any of the information received under above personal information categories by the organization for processing, stored or processed under lawful contract or otherwise.

Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.

4.2. Collection of Information

4.2.1. The amount and type of data and details that RRL minimally needs to collect for the identified purpose shall be determined prior to collection.

4.2.2. Only minimum privacy data and details required to meet business purposes shall be collected from individuals.

4.2.3. Neither RRVL nor its representatives shall be responsible for the authenticity of such Information provided by the individual.

4.2.4. The purpose and intended usage for which Information is being collected shall be communicated at the point of collection. As normal business practice, RRVL may collect Information in order to enable the secure online authentication, interaction and transaction with natural persons. This may include the installation of cookies and the collection of other session data.

4.2.5. We collect user images during the registration process to verify identity and maintain the integrity of our services. These images are securely stored on our servers and are used exclusively for authentication purposes. We do not collect or process any other biometric information.

4.2.6. We do not share, sell, or disclose your facial data to any third parties, except as required by law or with your explicit consent. Access to this data is restricted to authorized personnel only.

4.2.7. Your facial data is retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon termination of your account or upon your request, we will securely delete your facial data from our systems.

4.3. Access, Correction of Information and withdrawal of consent

4.3.1. Any modifications / corrections required to the Information can be carried out on the website. In the event one is unable to do so due to lack of functionality in our website and / or one wants to withdraw his / her consent to provide SPDI, he / she may contact the Grievance officer, the details whereof are provided in clause 5 of this policy.

4.4. Retention, Processing and Storage of Information

4.4.1. RRVL shall retain Information for only as long as necessary to meet legal or regulatory requirements or for legitimate business purposes communicated at the point of collection.

4.4.2. RRVL has implemented required security practices and standards in line with the global standards and has a comprehensive documented information security program and policy in place, which contains managerial, technical, operational and physical security control measures that commensurate with the information assets being protected with our nature of business. It is being reviewed periodically to keep pace with business, technology and regulatory changes.

4.5. Disclosure of Information

4.5.1. RRVL shall not use or disclose Information for purposes other than those for which it was collected, except with the consent of individual providing such Information or as required by law. However, RRVL may be legally required to disclose the Information in the following cases:

4.5.1.1. Where the disclosure is necessary for compliance of a legal obligation;

4.5.1.2. Where mandated under the law by government agencies to disclose such Information.

4.5.2. Where necessary, RRVL may disclose Information to business partners or third parties during the normal course of business for the purposes for which it was collected. In such cases, RRL will only share Information related data when RRVL is assured that:

4.5.2.1. The Information is processed legitimately and appropriately by the business partner or third party in line with the established consent or in line with legal requirements.

4.5.2.2. The business partner or third party has adopted a reasonable and equivalent level of security practices and procedures to ensure security of the Information shared.

5. Feedback or Concern

For feedback or concern, if any, kindly contact Grievance Officer.
Name: Shri Jyotindra Thacker
Email Id: Data.Privacy@ril.com

Annexure “A”

List of Companies (applicable to RRVL Group and other Associate Companies)

  1. Reliance Jio Infocomm Ltd
  2. Rel Pro & Prop ManSer Ltd
  3. Reliance Retail Limited
  4. Rel Ret.Ins. Broking Ltd
  5. Reliance SMSL Limited (as and where applicable)
  6. Reliance Brands Limited
  7. Rel.Vision Express P.Ltd.
  8. Rel Paul & Shark Fash P L
  9. Diesel Fash Ind Rel. PL
  10. Zegna South Asia Pvt. Ltd
  11. Rel. Clothing India P.L.
  12. Brooks Brothers I Pvt Ltd
  13. Ryohin-Keikaku Rel. IPLtd
  14. Rel Retail Venture Ltd
  15. ReL Bally India Pvt Ltd.
  16. Rel Gas Lifestyle Ind Pvt
  17. Genesis Luxury Fashion Pr
  18. Genesis La Mode Private L
  19. GLF Lifestyl Brand Pvt.Lt
  20. GML India Fashion pvt.ltd
  21. Genesis Colors Limited
  22. Canali India Pvt. Ltd.
  23. V&B Lifestyle Ind Pvt Ltd
  24. Shri Kannan Dep Str Pvt L
  25. Reliance Corp IT Park Ltd