Data Security Policy

At MORSEL Research and Development Pvt Ltd (“we,” “our,” or “us”), the security of our clients’ and participants’ data is of paramount importance. We are committed to protecting all data we collect, store, and process from unauthorized access, disclosure, alteration, and destruction. This Data Security Policy outlines the measures we take to ensure the confidentiality, integrity, and availability of data.

1. Scope

This policy applies to all employees, contractors, and third-party service providers who handle data on behalf of MORSEL Research and Development Pvt Ltd. It covers all data collected, stored, processed, or transmitted by the company, whether in electronic or physical form.

2. Data Collection and Storage

  • Data Collection:We collect only the necessary data required for our research, analysis, and consultancy services. Data is collected through secure and ethical means, ensuring compliance with relevant legal and regulatory requirements.
  • Data Storage:All data is stored securely using encrypted databases, servers, and storage devices. Access to stored data is restricted to authorized personnel only, and we maintain strict access controls to prevent unauthorized access.

3. Access Control

  • User Access:Access to data is granted based on the principle of least privilege, ensuring that only those who need access to data for their roles are granted permissions. User accounts are regularly reviewed to ensure compliance with access control policies.
  • Authentication:We employ strong authentication methods, including multi-factor authentication (MFA), to verify the identity of users accessing sensitive data.
  • Audit Logs:We maintain detailed logs of access to data, including successful and unsuccessful access attempts, to monitor and review access patterns.

4. Data Transmission

  • Encryption:All data transmitted between our servers, clients, and external partners is encrypted using industry-standard encryption protocols (e.g., SSL/TLS) to protect it from interception and unauthorized access.
  • Secure Channels:Data is transmitted only through secure channels, such as VPNs or encrypted email services, ensuring that data remains confidential during transmission.

5. Data Integrity

  • Data Validation:We implement data validation checks to ensure that data entered into our systems is accurate and consistent. This includes input validation, error checking, and verification processes.
  • Backups:Regular backups of critical data are performed to ensure data can be restored in the event of loss, corruption, or other incidents. Backups are stored securely and are tested periodically to ensure their integrity.

6. Data Retention and Disposal

  • Retention Policy:Data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and contractual obligations. Once the retention period has expired, data is securely deleted or anonymized.
  • Disposal of Data:When data is no longer needed, it is securely disposed of using methods that render it unrecoverable. This includes physical destruction of paper records and secure wiping of electronic data.

7. Third-Party Service Providers

  • Vendor Assessment:We carefully select third-party service providers who meet our data security standards. All vendors are subject to due diligence assessments, including reviews of their security practices and compliance with applicable regulations.
  • Data Sharing Agreements:Data sharing with third-party providers is governed by data processing agreements (DPAs) that specify the security measures to be taken by the provider and ensure compliance with our data security policies.

8. Employee Training and Awareness

  • Security Training:All employees and contractors receive regular training on data security best practices, company policies, and their roles in protecting data. Training covers topics such as phishing, password security, and data handling procedures.
  • Confidentiality Agreements:All personnel with access to sensitive data are required to sign confidentiality agreements that outline their responsibilities for maintaining data security and confidentiality.

9. Incident Response

  • Incident Reporting:All data security incidents, including suspected breaches, must be reported immediately to the designated incident response team. We have a formal incident response plan in place to handle data breaches and security incidents.
  • Response and Mitigation:In the event of a data breach or security incident, we take immediate steps to contain the incident, mitigate any damage, and prevent future occurrences. Affected parties are notified in accordance with legal requirements and our incident response plan.

10. Compliance and Monitoring

  • Compliance:Our data security practices comply with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) and relevant local data protection laws.
  • Monitoring:We continuously monitor our systems for security threats and vulnerabilities. Regular security audits and assessments are conducted to identify and address potential risks.

11. Policy Review and Updates

  • Review:This Data Security Policy is reviewed regularly to ensure it remains up-to-date with industry standards and legal requirements. Any changes to the policy are communicated to all relevant stakeholders.
  • Updates:We reserve the right to update this policy at any time to reflect changes in our practices or legal obligations. The most current version of the policy will always be available on our website.
Scroll to Top