Data Security Policy – NxtEdge Technologies

NxtEdge Technologies takes data security extremely seriously. We place the rights of the individual and regulatory adherence at the core of our operations. To uphold this commitment, all staff members must observe and adhere to the following data security policies.

Data Storage Policy

All information collected and processed is subject to the requirements outlined in this policy. This includes data collected electronically, on paper, via telephone, or any other means.

• Data must be securely stored in designated company-approved locations and retained according to legal and company policy.

• Employees must not store confidential or personal data on personal devices unless explicitly approved for temporary work purposes.

• Sensitive data must not be downloaded to local devices unless strictly necessary.

• Only company-approved software and systems should be used for work. Any exceptions require IT Manager approval.

• Use of mobile or portable devices must be pre-approved and secured against unauthorized access, including cloud storage platforms.

• Internet usage may be monitored per legal and internal policy, exclusively by the IT Manager or designated personnel.

• Public access devices may only be used with explicit approval.

• Tools provided by clients or partners must be used when accessing third-party systems.

• Data sharing with third parties is only permitted when essential and must follow all relevant security protocols.

• Regular audits will be conducted to ensure compliance with this policy and GDPR.

Data Retention Policy

NxtEdge Technologies retains personal data only as long as necessary for its intended purpose, in compliance with GDPR and internal guidelines.

• Retention periods are evaluated case-by-case.

• All retention and deletion must align with our established data retention and erasure policy.

International Data Transfer Policy

Employees are prohibited from transferring personal data outside of India without prior written approval from the Data Protection Officer.

Data Encryption and Anonymisation Policy

• Encryption is applied to protect data at rest and in transit.

• Anonymisation is used where appropriate to protect privacy.

• These practices support our overall risk management framework and reduce breach risks.

Prohibited Activities

The following activities are strictly prohibited and may result in disciplinary or legal action:

• Unauthorized copying or use of copyrighted materials.

• Unnecessary collection, retention, or processing of personal data.

• Violation of any intellectual property rights.

• Use of software or interfaces to interfere with others.

• Accessing systems or data not relevant to your job.

• Sending fraudulent messages or offers using company systems.

• Sharing or misusing login credentials.

• Exporting confidential or proprietary company data.

• Exporting regulated software or data without permission.

• Causing intentional disruptions to networks or data breaches.

• Accessing restricted systems or files without authorization.

Reporting Security Issues

All suspected or actual data security incidents must be reported to management immediately.

• Management is responsible for investigating incidents.

• If necessary, appropriate legal or regulatory actions (such as GDPR reporting) will be taken.

• Affected individuals will be notified as required.