At Sudarshan Cars, we take the security and privacy of customer data seriously. Our Security and Privacy Policy outlines the measures and guidelines we follow to safeguard customer data and ensure its confidentiality, integrity, and availability.

1. Data Protection Principles:
○ Sudarshan Cars adheres to data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality, as outlined in applicable data protection laws and regulations.

2. Confidentiality and Access Control:
○ Access to customer data is restricted to authorised personnel on a need-to-know basis, and access controls are implemented to prevent unauthorised access, use, or disclosure of customer information.
○ Employees are required to sign confidentiality agreements and undergo regular training on data security and privacy best practices.

3. Data Encryption:
○ Sudarshan Cars encrypts customer data both in transit and at rest using industry-standard encryption protocols to protect it from unauthorised access or interception.

4. Network Security:
○ Sudarshan Cars employs robust network security measures, including firewalls, intrusion detection and prevention systems (IDPS), and regular security assessments, to protect customer data from external threats and cyber-attacks.

5. Physical Security:
○ Sudarshan Cars maintains physical security controls, such as access controls, surveillance cameras, and security guards, at its facilities to prevent unauthorised access, theft, or tampering with customer data.

6. Data Minimization and Retention:
○ Sudarshan Cars collects and retains only the customer data necessary for the purposes for which it was collected, and data retention periods are defined based on legal requirements and business
needs.
○ Customer data that is no longer needed is securely deleted or anonymized to prevent unauthorised
access or misuse.
7. Third-Party Security:
○ Sudarshan Cars evaluates the security and privacy practices of third-party vendors and service
providers that have access to customer data and ensures they adhere to stringent security standards
and contractual obligations.
○ Contracts with third parties include provisions for data protection, confidentiality, and security
requirements.

8. Incident Response and Notification:
○ Sudarshan Cars maintains an incident response plan to effectively respond to and mitigate security
incidents or data breaches involving customer data.
○ In the event of a data breach, Sudarshan Cars promptly notifies affected customers and regulatory
authorities in compliance with applicable data breach notification laws and regulations.

9. Privacy Transparency and Consent:
○ Sudarshan Cars provides clear and transparent privacy notices to customers regarding the collection,
use, and sharing of their personal data, including the purposes for which it will be used and the rights
they have regarding their data.
○ Customer consent is obtained where required for the processing of personal data, and customers
have the right to withdraw consent at any time.

10. Privacy by Design and Default:
○ Sudarshan Cars integrates privacy considerations into the design and development of its products
and services, implementing privacy-enhancing features and controls by default.
○ Data protection impact assessments (DPIAs) are conducted for high-risk processing activities to
identify and mitigate privacy risks.

11. Training and Awareness:
○ Sudarshan Cars provides regular training and awareness programs to employees on security and
privacy best practices, including handling customer data securely and responsibly.
○ Employees are educated on their responsibilities regarding data protection and privacy compliance.
12. Compliance and Accountability:
○ Sudarshan Cars complies with all applicable data protection laws and regulations, including the
General Data Protection Regulation (GDPR) and the Indian Data Protection Bill, and is committed to
upholding the highest standards of privacy and data protection.
○ Sudarshan Cars designates a Data Protection Officer (DPO) responsible for overseeing compliance
with data protection laws and regulations and responding to data protection inquiries and requests
from customers and regulatory authorities.

By adhering to this Security and Privacy Policy, Sudarshan Cars demonstrates its commitment to protecting
customer data and maintaining the trust and confidence of its customers.