Privacy Policy
Table of Contents
1. Privacy Policy
Partnerra Inc. (hereinafter referred to as “Partnerra”, “we”, “Our”) is firmly committed to maintaining the confidentiality, integrity, and lawful handling of personal data entrusted to it. This Privacy Policy defines the standards by which PARTNERRA collects, processes, stores, transfers, and safeguards personal information relating to customers, clients, candidates, contractors, employees, and other identified or identifiable individuals (“Data Subjects”).
This Policy reflects PARTNERRA’s adherence to all applicable privacy and data-protection laws in every jurisdiction in which it conducts business – including Partnerra Inc., USA, Partnerra Inc., Canada, Partnerra Engineering Pvt Ltd., India. It outlines the organization’s obligations and the responsibilities of all staff members in protecting the rights of individuals and ensuring transparent, fair, and secure processing of personal data.
2. Management
To ensure robust and consistent privacy governance, PARTNERRA has implemented a comprehensive privacy-management framework founded upon internationally recognized principles of fair-information practice.
The management of PARTNERRA is responsible for establishing and maintaining appropriate administrative, technical, organizational, and physical safeguards to protect personal data throughout its lifecycle—from collection to lawful disposal. Executive leadership shall ensure that privacy practices remain compliant with this Policy and with all applicable regulatory frameworks, including continuous monitoring, review, training, and improvement of privacy controls.
3. Notice
PARTNERRA shall provide clear, accurate, and timely notice to individuals about the collection, use, processing, storage, and potential disclosure of their personal information. Such notice shall be presented in concise and intelligible language before or at the time of collection, or prior to any material change in how data will be processed.
Each Privacy Notice shall include, at minimum:
- The categories of personal data collected and processed.
- The applicable purposes for which personal information is collected and used.
- The subsidiaries, affiliates, or third parties that may receive the information.
- Any lawful basis or legal requirement mandating the collection of data.
- Identification of any third parties to whom personal information may be transferred and the purposes of such transfers.
- The rights of individuals to access, correct, amend, or delete their personal information.
- The means for individuals to contact PARTNERRA regarding inquiries or complaints.
- The options available to individuals to limit the use and disclosure of their personal information.
- Notification that personal information may be disclosed in response to lawful requests by public authorities.
- Information about the independent dispute-resolution mechanism designated under the DPF Principles.
Whenever feasible, PARTNERRA shall issue the Notice prior to collecting personal data or before using it for a materially different purpose.
4. Choice and Consent
PARTNERRA shall obtain consent from individuals whenever required or appropriate under applicable law. All choices offered shall be genuine, informed, and easy to exercise.
Specifically, PARTNERRA shall:
- Request consent using the appropriate mechanism (opt-in or opt-out) required by law.
- Clearly explain available choices and the consequences of those choices.
- Ensure that processing activities align with the consent obtained.
- Obtain renewed consent if personal data is to be used for a new purpose.
- Promptly and effectively honor withdrawals of consent.
For sensitive personal information—including data concerning health, racial or ethnic origin, religious beliefs, political opinions, trade-union membership, or sexual orientation—PARTNERRA shall obtain explicit opt-in consent unless otherwise permitted by law.
When sensitive data is received from a third party and marked as sensitive, PARTNERRA shall treat it accordingly.
5. Collection
PARTNERRA shall collect personal data only in a lawful, fair, and transparent manner.
In particular, PARTNERRA shall:
- Collect no more personal information than is reasonably necessary for the stated purpose.
- Obtain personal information directly from the individual whenever feasible.
- Clearly distinguish between mandatory and optional data fields.
- Ensure that data obtained from third parties has been lawfully collected.
- Collect personal data in compliance with all local and international laws.
6. Use and Retention
PARTNERRA shall use and retain personal information only for legitimate business purposes or as otherwise authorized by the individual or required by law.
Personal data shall be used in accordance with:
- The purposes communicated at the time of collection.
- Any consent obtained from the individual.
- Applicable contractual, regulatory, and statutory obligations.
Personal information shall not be retained longer than necessary unless extended retention is required for lawful archiving, research, or legal obligations. Once the retention period expires, data shall be securely destroyed or anonymized in accordance with PARTNERRA’s retention policies.
7. Purposes of Use
I.Managing Personnel
PARTNERRA may process personal information for lawful employment-related purposes, including:
- Employment administration and personnel records
- Compensation, benefits, and payroll
- Performance management and professional development
- Health, safety, and emergency management
- Manage vacation, sick leave, and other leaves of absence
- Workforce planning, training, evaluating job performance and analytics
- Diversity, inclusion, and employee-relations programs
- Corporate communications and event management
II.Monitoring, Security, and Compliance
Personal data may be used for:
- Monitoring of company systems, resources, and other electronic resources
- Internal audits and investigations
- Ethics and whistleblower programs
- Physical and information-security safeguards
- Regulatory compliance and reporting
III.Conducting Our Business
PARTNERRA may process personal information to:
- Communicate with customers, candidates, and partners
- Manage project, contractual, and travel operations
- Perform marketing and business-development activities
- Operate administrative and IT systems
- Manage legal, regulatory, and financial obligations
- Support mergers, acquisitions, or corporate transactions
8. Access and Correction
PARTNERRA shall provide individuals with reasonable access to the personal data held about them and shall allow correction, amendment, or deletion where such information is inaccurate or incomplete.
Access requests shall be handled promptly and securely, following verification of the requester’s identity. PARTNERRA may deny access where legally permitted, for example, where disclosure would infringe the privacy of others, reveal confidential or proprietary information, interfere with investigations, or where requests are manifestly excessive. If access is denied, PARTNERRA shall provide an explanation and identify a contact for further inquiry.
9. Individual’s (PII Principal’s / Data Subject’s) Rights
Data Subjects may exercise the following rights under applicable law and PARTNERRA’s internal procedures:
- Right of Access — to request confirmation of whether their personal data is being processed and obtain a copy.
- Right to Rectification — to correct inaccurate or incomplete information.
- Right to Object — to object to processing for certain purposes, including marketing and profiling.
- Right to Erasure — to request deletion where no lawful basis for retention exists.
- Right to Restrict Processing — to request temporary suspension of processing.
- Right to Data Portability — to obtain personal data in a structured, commonly used, machine-readable format.
- Right to Withdraw Consent — to revoke prior consent at any time.
Requests may be submitted to privacy@PARTNERRA.com, and PARTNERRA shall respond within applicable statutory deadlines.
10. Disclosure & Onward Transfer
PARTNERRA may disclose personal information to third parties acting as controllers or processors only when necessary for legitimate business purposes and in compliance with the DPF Principles.
When transferring personal information, PARTNERRA shall:
- Limit disclosures to purposes identified in the applicable Privacy Notice.
- Ensure that processing aligns with individual consent and legal requirements.
- Contractually require third-party processors to provide adequate privacy and security safeguards.
- Take reasonable steps to remediate unauthorized processing by third parties.
- Provide summaries of relevant contractual privacy provisions upon lawful requests by authorities.
Designated PARTNERRA officers are responsible for oversight of third-party compliance.
11. Security
PARTNERRA shall implement appropriate administrative, technical, organizational, and physical measures to protect personal data against unauthorized access, misuse, loss, disclosure, alteration, or destruction.
- Security controls include, but are not limited to:
- Access control and authentication systems
- Encryption and secure server infrastructure
- Employee confidentiality obligations and training
- Regular audits and security risk assessments
- Monitoring of systems and environments
Security measures shall remain appropriate to the nature of the data and associated risks.
12. Data Integrity, Quality & Purpose Limitation
PARTNERRA shall ensure that personal data is accurate, complete, current, and relevant to its intended purpose. Personal information shall not be processed in ways incompatible with the original purpose or other purposes permitted by law or the DPF Principles.
PARTNERRA shall implement safeguards including:
- Procedures for periodic data review and updates
- Data classification based on sensitivity and risk
- Administrative and technical controls appropriate for each classification
- Restrictions ensuring only authorized personnel may access relevant data
13. Monitoring, Recourse, Enforcement & Liability
PARTNERRA is committed to enforcing this Privacy Policy and ensuring continued compliance with privacy laws.
PARTNERRA shall maintain:
- Independent Recourse Mechanisms — free, accessible processes for individuals to submit complaints, resolved in accordance with DPF Principles.
- Verification Processes — internal and external audits confirming compliance with published privacy statements and commitments.
- Corrective Mechanisms — appropriate sanctions and remedial actions for non-compliance.
- Cooperation with Authorities — prompt responses to lawful inquiries from U.S. agencies.
PARTNERRA remains liable under the DPF Principles for onward transfers to third-party agents unless it proves it was not responsible for the event causing harm.
If subject to an FTC or court-mandated order, PARTNERRA shall provide DPF-related compliance reports as required.
14. Data Security Incident Notification
Where required by law, PARTNERRA shall notify affected individuals and relevant supervisory authorities of unauthorized access, acquisition, or disclosure of personal information.
Notification shall occur without undue delay, considering:
- The nature of the breach
- The categories of data involved
- Potential risks to affected individuals
Employees must report suspected or actual incidents immediately to the Privacy Office at privacy@PARTNERRA.com PARTNERRA shall investigate, contain, mitigate, document, and, if required, report the incident to regulators or affected parties.
15. Data Breach Management
All personnel, contractors, and authorized third parties must immediately report any potential or actual violation of this Policy or any unauthorized access to personal information. PARTNERRA’s Privacy Team, together with designated functional leaders, shall:
- Categorize the incident based on severity, scope, and data sensitivity.
- Conduct a formal investigation to determine whether personal information was compromised.
- Identify the nature and extent of impacted systems, records, and individuals.
- Notify Data Subjects and regulatory authorities (where required) within applicable legal timelines, including within 72 hours under certain frameworks.
- Implement corrective and remedial actions to contain and resolve the incident.
- Document the root cause and preventive measures to reduce the likelihood of recurrence.
16. Consequence of Non-Compliance
All employees, contractors, agents, business units, and third-party service providers acting on behalf of PARTNERRA are required to comply fully with this Policy. Non-compliance may result in:
- Disciplinary action (for employees)
- Termination of contracts (for vendors or contractors)
- Suspension or removal of system access
- Legal action, damages, or regulatory penalties
- Reporting obligations to authorities under applicable law
- The severity of consequences shall correspond to the seriousness of the violation.
17. Exceptions
Under limited circumstances permitted by law, PARTNERRA may process personal data without prior notice or consent. Such circumstances include:
- Investigating suspected criminal activity or misconduct
- Ensuring safety and security of individuals or company assets
- Responding to legitimate law-enforcement requests
- Fulfilling legal, regulatory, or court-ordered obligations
- Compliance with employment, labor, and workplace laws
- Emergency situations involving vital interests, life, or physical safety
Access rights may also be restricted when:
- Disclosure would endanger another person’s privacy or rights
- Requests are disproportionate, repeated, or manifestly excessive
- Disclosure would compromise audits, compliance reviews, or investigations
- Restrictions are required by law or contractual obligations
All exceptions must be reviewed and approved by the Data Protection Officer.
18. Sensitive Data
PARTNERRA is not required to obtain explicit consent for processing sensitive data where processing is:
- Required to protect the vital interests of an individual
- Necessary for the establishment, exercise, or defense of legal claims
- Required for medical diagnosis, treatment, or assessment
- Conducted by a nonprofit organization under appropriate safeguards
- Required by employment, labor, social-insurance, or similar laws
- Based on data that the individual has clearly made public
Even when explicit consent is not required, PARTNERRA shall maintain strict controls and safeguards appropriate for sensitive information under the DPF Principles and applicable laws.
19. Performing Due Diligence and Conducting Audits
PARTNERRA is not required to obtain explicit consent for processing sensitive data where processing is:
- Required to protect the vital interests of an individual
- Necessary for the establishment, exercise, or defense of legal claims
- Required for medical diagnosis, treatment, or assessment
- Conducted by a nonprofit organization under appropriate safeguards
- Required by employment, labor, social-insurance, or similar laws
- Based on data that the individual has clearly made public
Even when explicit consent is not required, PARTNERRA shall maintain strict controls and safeguards appropriate for sensitive information under the DPF Principles and applicable laws.
20. Limitation to Access
PARTNERRA may impose reasonable limits on the frequency and extent of access requests made by an individual, considering:
- The nature, purpose, and context of processing
- The rate at which relevant data changes
- The burden or cost of fulfilling the request
- Risks to privacy, confidentiality, or intellectual property
Aggregated, anonymized, or statistical data that cannot identify an individual is not subject to access requests.
Any limitation on access must comply with law and be approved by the Data Protection Officer.
Learn more about how Partnerra can be your trusted partner for Staffing and end-to-end technology solutions.