India Version 1 – 31March2022
ACL shall maintain and implement the following technical and organizational measures in relation to the security of any Customer Configuration.
1.1 Screening - ACL will perform pre-employment background screening of its employees who have access to customers’ accounts, and is committed to employee supervision, training, and management.
1.2 ACL Access - ACL will restrict the use of administrative access codes for customer accounts to its employees and other agents who need the access codes for the purpose of providing the Services. ACL personnel who use access codes shall be required to log on using an assigned username and password.
1.3 Customer Access - As the primary application administrator, you are responsible for the management of your accounts, including creation, change management, and termination.
ACL will report to you as soon as reasonably practicable in writing and in accordance with applicable law and/or implemented security standard, of a material breach of the security of your Customer Configuration which results in unauthorized access to your Customer Data resulting in the destruction, loss, unauthorized disclosure or alteration of your data of which we become aware. Upon request, we will promptly provide to you all relevant information and documentation that we have available to us regarding your Customer Configuration in connection with any such event.
The Services enable you to retrieve, correct, or delete Customer Data. Depending on your Services, you may not have access to your Customer Configuration or Customer Data during a suspension of Services or following the termination of the Agreement. You are responsible for retrieving a copy of your Customer Data prior to the termination of the Agreement.
4.1 Roles - In respect to “Personal Data" processed under the Services, you may act as “controller" or “processor" and ACL may act as “processor" or “sub processor".
4.2 Instructions for Data Processing - ACL will process Personal Data only to the extent and in such a manner as is necessary to provide the Services under the Agreement or as otherwise instructed by Customer from time to time.
4.3 Notifications - ACL shall notify you as soon as reasonably practicable in writing: (a) of any communication received from an individual relating to (i) an individual’s rights to access, modify, correct, delete or block his or her Personal Data and (ii) any complaint about your Processing of Personal Data; and (b) to the extent not prohibited by law, of any complaint, notice or other communication that relates to Customer’s compliance with data protection and privacy law and the processing of Personal Data.
You agree to make any required notifications to and obtain required consents and rights from, individuals in relation to ACL’s provision of any work or Services to you. Where ACL receives the communication described in this section and notifies you of such communication, it is your responsibility to respond to and take all other appropriate action with regard to the communication required under the applicable law.