Privacy Policy

Information Collection

The ESIS Directory collects and processes personal information for the purpose of creating and maintaining an employee directory for the Employee State Insurance Scheme. We collect the following types of information:

Personal Identification Information

We collect personal identification information from users when they register on the directory, including but not limited to:

• Full name
• Date of birth
• Gender
• Service details (joining date, designation, class, etc.)
• Contact information (email address, mobile number)
• Present and permanent addresses
• Profile photographs

Non-personal Identification Information

We may collect non-personal identification information about users whenever they interact with the directory. This may include:

• Browser name and type
• Technical information about users' connection to our website
• Operating system
• Internet service provider information
• Other similar information

How We Use Collected Information

The ESIS Directory collects and uses personal information for the following purposes:

Data Protection and Security

We implement appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information.

Security Measures

The ESIS Directory employs the following security measures to protect user data:

• Secure password hashing using modern cryptographic algorithms
• Data encryption for sensitive information
• Regular security audits and updates
• Access controls limiting data access to authorized personnel
• CSRF (Cross-Site Request Forgery) protection
• Input validation to prevent SQL injection and other attacks
• Session security measures

Data Retention

We will retain your personal information only for as long as necessary for the purposes set out in this privacy policy or as required by applicable laws. When an employee leaves the organization, their account may be deactivated, but basic information may be retained for historical and administrative purposes.

Information Sharing

The ESIS Directory is designed for internal use by ESIS employees. We do not sell, trade, or rent users' personal identification information to others. Information sharing is limited as follows:

Directory Access

Personal information provided to the directory will be visible to other authenticated ESIS employees through the directory interface, subject to the privacy settings selected by each user.

Privacy Controls

Users have control over certain aspects of their information visibility:

• Email address visibility can be limited (shown/hidden)
• Mobile number visibility can be limited (shown/hidden)
• Other information may be required to be visible for directory functionality

Third-Party Disclosure

We do not share personal information with third parties except in the following circumstances:

• When required by law
• To protect and defend the rights or property of the ESIS Directory
• To prevent or investigate possible wrongdoing in connection with the service
• To protect the personal safety of users or the public

User Rights

Users of the ESIS Directory have the following rights regarding their personal information:

Changes to This Privacy Policy

The ESIS Directory has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the top of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

By using the ESIS Directory, you acknowledge that you have read this Privacy Policy and consent to the practices described herein.