This Data Security Policy outlines NDR SPORT Pvt. Ltd.’s commitment to protecting all data collected, stored, and processed through our e-commerce platform. This policy complements our Privacy Policy and ensures compliance with Indian data protection laws.
Data Classification
- Sensitive Personal Data
- Payment information
- Authentication credentials
- Government-issued IDs
- Financial information
- Health information
- Personal Information
- Name and contact details
- Shipping addresses
- Purchase history
- Communication records
- Account preferences
- Business Data
- Transaction records
- Analytics data
- Website usage data
- Inventory information
- Supplier data
Security Infrastructure
- Technical Controls
- Firewall protection
- Intrusion detection systems
- Anti-malware solutions
- Network monitoring
- Access control systems
- Encryption protocols
- Regular backups
- Disaster recovery systems
- Physical Security
- Secure data centers
- Access-controlled facilities
- Environmental controls
- Surveillance systems
- Hardware security
Data Access Controls
- User Authentication
- Multi-factor authentication
- Strong password requirements
- Regular password changes
- Session management
- Access logging
- Authorization Levels
- Role-based access control
- Principle of least privilege
- Access review process
- Temporary access protocols
- Emergency access procedures
Data Protection Measures
- Data in Transit
- SSL/TLS encryption
- Secure file transfer protocols
- End-to-end encryption
- VPN requirements
- Secure email protocols
- Data at Rest
- Database encryption
- File system encryption
- Secure storage solutions
- Data masking
- Secure backup storage
Incident Response Plan
- Detection and Reporting
- Security monitoring
- Incident detection
- Reporting procedures
- Initial assessment
- Documentation requirements
- Response Protocol
- Incident classification
- Containment measures
- Investigation process
- Recovery procedures
- Post-incident analysis
- Breach Notification
- Customer notification
- Authority reporting
- Timeline compliance
- Communication templates
- Follow-up procedures
Employee Security
- Security Training
- Initial security training
- Regular refresher courses
- Policy awareness
- Incident response training
- Best practices education
- Access Management
- Employee onboarding
- Access termination
- Role changes
- Contractor access
- Vendor management
Third-Party Security
- Vendor Assessment
- Security evaluation
- Compliance verification
- Contract requirements
- Regular audits
- Performance monitoring
- Data Sharing Controls
- Data sharing agreements
- Transfer protocols
- Access limitations
- Monitoring and logging
- Regular reviews
Compliance and Audit
- Regulatory Compliance
- IT Act compliance
- PDPB requirements
- Industry standards
- International regulations
- Regular assessments
- Security Audits
- Internal audits
- External audits
- Vulnerability assessments
- Penetration testing
- Compliance checking
Business Continuity
- Backup Procedures
- Regular backups
- Backup verification
- Secure storage
- Recovery testing
- Retention policies
- Disaster Recovery
- Recovery plans
- Alternative sites
- Data restoration
- Business continuity
- Testing schedules
Policy Enforcement
- Monitoring and Enforcement
- Compliance monitoring
- Policy violations
- Disciplinary actions
- Reporting procedures
- Investigation process
- Policy Updates
- Regular reviews
- Change management
- Version control
- d. Communication plan
- Training updates
Security Documentation
- Required Documentation
- Security procedures
- Incident reports
- Audit trails
- Access logs
- Change records
- Record Keeping
- Documentation storage
- Retention periods
- Access controls
- Regular reviews
- Disposal procedures
Contact Information
For data security concerns:
NDR SPORT Pvt. Ltd.
C-901, Viviaan Elementos, B/h Savya Skyz Zundal – 382421 Gujarat, India
Email: policy@ndrsport.in
Phone: +91 9228247428