Privacy Program Policy

‘Protecting Customer Information’ is of vital importance to the manner in which AllCode conducts business. AllCode mandates compliance to ‘Protecting Customer Information’ through periodical certification and company -wide awareness and testing of the code every year.

AllCode also has defined a privacy policy. This policy is published on the company’s website (URL: https://www.allcode.com/privacy-policy/). This policy communicates AllCode’s approach to protection of personal information collected electronically.

AllCode has established and implemented a Security Incident Management policy that covers procedures for reporting and handling policy violations & data breaches. Our policies are in compliance with globally accepted data protection principles.

To ensure effective implementation of privacy policy within AllCode, a comprehensive and mature framework of systems and processes have been evolved. Applicable statutory regulations are identified and documented with supporting compliance procedures and policies to manage the entire process of legal and regulatory compliances. For example, generally accepted Data Protection (DP) principles pertaining to fair and lawful purpose, adequacy, accuracy, retention of data, safeguards for processing and data transfers are adhered to.

Privacy risk assessments are undertaken with the objective of identifying potential areas of risks relating to privacy of employee data collected, processed and stored within AllCode’s hosted Information Systems within various geographies. Changes to applicable privacy laws, regulations, and policies across geographical regions are monitored and assessed for their impact on the enterprise from an Information Security/ Business Continuity perspective. Necessary inputs are sought from the Legal team to assess the impact for any legal risks involved while undertaking key enterprise level initiatives.

Automated monitoring tools and controls have been implemented for detecting leakages of confidential data from AllCode. The data breach notification procedure template, which is deployed specifically for each customer account/program/project is also provided. A security incident notification form is also designed for notifications of data breach incidents and published on the intranet portal accessible for all employees.

Data privacy specific training programs are designed and imparted to employees of customer accounts on all applicable privacy regulations. In addition, innovative methods are employed to spread information security and privacy awareness amongst all AllCode users such as e-mails, blogs, and Slack posts.

AllCode’s technology infrastructure in various locations of operation ensures adequate resilience in the basic IT infrastructure, which helps critical business operations run during disaster situations. Technology disaster recovery planning includes physical infrastructure, computing infrastructure and communication infrastructure. AllCode’s corporate (i.e. non-customer data) data assets residing in our enterprise information systems and applications are backed up on a regular basis and backup integrity tests are periodically performed as per AllCode’s Information Security Policy.