Privacy Policy and GDPR

1. Introduction

As a globally integrated company, Retail Systems Forum’s business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the Retail Systems Forum group of companies, but also the worldwide processing, sharing, and use of multiple types of information, including information about an individual whose identity is apparent (either directly or indirectly), or can reasonably be ascertained from the information available or likely to be available (“Personal Information”).
This Policy sets forth the general principles which underlie Retail Systems Forum’s specific practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring, or otherwise processing Personal Information.

2. Applicability

This Policy applies to all Retail Systems Forum personnel, operating units, and wholly owned subsidiaries worldwide, and (as transferred and agreed) with suppliers and business partners who must act consistently with the principles contained in this Policy. Country- and industry-specific laws and regulations shall take precedence over this Policy, to the extent applicable.
The application of these principles is more particularly described in the applicable Retail Systems Forum Corporate Instructions (and any accompanying implementation guidelines) relating to the processing of Personal Information. Please read this Policy along with the company guidelines for the use and processing of Personal Information to understand how Retail Systems Forum plans to achieve these principles.

3. Privacy Policy Statement

Retail Systems Forum remains committed to protecting the privacy and confidentiality of Personal Information of its employees (including prospects and contractors), clients, client customers, business partners, and other identifiable individuals that it may receive, use, access, process, transfer, or store as part of its business.
Uniform practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring, or otherwise processing such information assist Retail Systems Forum in processing Personal Information fairly and appropriately.
Retail Systems Forum may collect Personal Information from various persons as part of the services it renders or in the course of its business. Based on the nature of information being collected and the services provided, Retail Systems Forum will apply suitable mechanisms to ensure a lawful basis for receiving, accessing, using, processing, transferring, storing, and/or disposing of such Personal Information.

4. General Privacy Principles

These general principles apply to the processing of Personal Information worldwide by Retail Systems Forum.

A. Accountability:

Retail Systems Forum understands its accountability and responsibility for any Personal Information it may receive, use, process, and store as part of its business. Accordingly, it will: I. Maintain appropriate corporate instructions, guidelines, and measures to demonstrate compliance with applicable laws and guidelines; II. Designate responsible individual(s) for organizational compliance with privacy principles; and III. Ensure the availability and periodic review (at least annually) of policies, procedures, and contacts for Personal Information management.

B. Fairness and Purpose:

Retail Systems Forum will collect adequate, relevant, and necessary Personal Information and process such information fairly and lawfully for specified purposes disclosed at or before collection or upon any change in purpose.

C. Accuracy:
Retail Systems Forum will keep Personal Information accurate, complete, and up to date as necessary for processing purposes and provide appropriate channels for updates.

D. Disclosure and Data Sharing:
Retail Systems Forum will make Personal Information available internally or externally only for legitimate business purposes or as authorized by law. This may involve transferring Personal Information to countries outside the Retail Systems Forum operational location.Retail Systems Forum will implement privacy principles for the processing, transfer, storage, and disposal of Personal Information as required under applicable laws.

E. Cross-Border Data Flows:

When required, Personal Information may be transferred to entities or third parties outside the Retail Systems Forum operational country through legally permissible mechanisms, including: i. Data transfer agreements; ii. Notice to and/or approval from relevant data protection authorities; or iii. Notice to and/or consent from the individual concerned.

F. Security:

Retail Systems Forum will implement reasonable technical and organizational measures to safeguard Personal Information and ensure that third parties processing data on its behalf adhere to equivalent security standards.

G. Access:

Upon request, Retail Systems Forum will provide individuals with access to their Personal Information within a reasonable timeframe and manner. Requests may be denied where permitted by law, with reasons provided. Retail Systems Forum will rectify, erase, or amend data upon justified request.

H. Retention and Disposal:

Retail Systems Forum will retain Personal Information only as long as necessary to fulfill its stated purpose and dispose of it securely thereafter.

I. Transparency:

Retail Systems Forum will maintain transparency and make information regarding Personal Information management readily available to individuals.

J. Custodianship:

Retail Systems Forum will adhere to agreed policies and practices for the safe handling of Personal Information processed on behalf of its clients.

5. Data Collection Transfer & Processing

Retail Systems Forum may collect, store, use, and disclose Personal Information (including sensitive Personal Information) in accordance with applicable laws such as the Indian IT Act, GDPR, and other data protection regulations, for lawful, explicit, and legitimate purposes.Personal data may be processed for purposes including, but not limited to:
  1. Administering relationship services
  2. Operational purposes
  3. Market or customer satisfaction research
  4. Providing information on products and services of interest
  5. Legal and regulatory compliance
  6. Fraud detection and prevention
  7. Legal proceedings and protection of legal rights
  8. Website data collection, including cookies and marketing or research-related submissions
Retail Systems Forum shall obtain free and informed consent from data subjects prior to collecting, storing, or processing Personal Information.Personal Information shall not be used beyond this scope without prior consent and shall not be disclosed to third parties except affiliates, investigators, or law enforcement authorities where legally required or consented.To the extent permitted by law, Retail Systems Forum may monitor electronic and voice communications for compliance and security purposes. Any transfer of Personal Information to third parties shall ensure equivalent levels of data protection. Data shall be encrypted and anonymized wherever necessary.

6. Enforcement and Redressal

Retail Systems Forum will establish robust mechanisms to ensure compliance with this Policy and provide appropriate grievance redressal and recourse for individuals affected by any non-compliance.

Subscribe Now