Privacy Policy

WorkAttest is a product owned by AuthBridge Data Services Private Limited (“AuthBridge”) to facilitate Verification for Employment Purpose. AuthBridge respects the privacy of its online visitors and treats all submitted personal data in any format; electronic, paper or verbal as confidential.

AuthBridge takes responsibility to ensure the data provided will be protected and kept secure and compliant to current laws and policies of the state of India. AuthBridge also takes onus to share and use the information in a manner consistent with this Policy and applicable laws and use such information only for legitimate business purposes.

The purpose of this privacy policy is to explain how AuthBridge Data Services Private Limited will collect, process, store, use, maintain quality and protect the Personal Data on behalf of its client for providing Employment Verification Services to the verifying companies.

This policy applies to AuthBridge’s clients, entities and individuals who furnish Personal Data for Background verification services through WorkAttest and AuthBridge’s employees who process Personal Data collected for WorkAttest to deliver the required services.

The data that we collect and process on WorkAttest belongs to AuthBridge’s clients i.e. contributors and verifiers (Companies that request for verification) and individuals who furnish their Personal Data to AuthBridge’s clients which is processed by AuthBridge.

Contributors: any agency, company or organization who has shared data of their employees with AuthBridge for its WorkAttest Product.

Verifiers: Verification Agencies or other employers or agencies, who for the purpose of employment verification using the data hosted on WorkAttest have accepted the terms and conditions either by signing of a contract or by agreeing to pay for the services or both.

Personal Data: any data relating to identified or identifiable natural person.

AuthBridge collects/receives the following Personal Data on this application (WorkAttest) to provide its services:

Personal Data collected from contributors:

• Name
• Mobile number
• Address
• Email Id

Personal Data collected from verifiers:

• Name
• Mobile number
• Address
• Email Id
• IP address

Personal Data collected for ex-employees of contributors:

Contributors may have and might share lot of details with AuthBridge pertaining to his ex-employee’s employment with their organization. However, for the purpose of employment verification through WorkAttest, AuthBridge only asks for following mandatory details:

• First Name, Last Name
• Employee id
• Company Name
• Last department
• Date of Joining
• Date of Leaving
• Last position held

We do not collect or intend to collect sensitive Personal Data on WorkAttest.

AuthBridge collects/ receives the Personal Data by fair, lawful, and transparent means. AuthBridge obtains Personal Data in an authorized manner for legitimate business purposes and providing services to its clients.

AuthBridge gets Personal Data of the ex-employees of contributors to provide employment verification services on their behalf via signed written contract. The employer can submit the data via their login on WorkAttest or via online/offline mode.

AuthBridge receives Personal Data of prospect contributor employers (who wish to outsource their employee verification services when they request for WorkAttest services and reach out to us either online or offline.

AuthBridge receives Personal Data of prospect Verifier companies (who wish to obtain employment verification services) when they request for WorkAttest services and reach out to us.

Personal Data of Individuals whose verification request is submitted by verifier is obtained through verifier login on WorkAttest along with the consent of the individual.

The Personal Data obtained for WorkAttest is only used for providing employment verification services on employer’s behalf. The records of processing activities are maintained.

We do not transfer the Personal Data.

AuthBridge Employees

AuthBridge will share Personal Data internally within organization for processing Background Verification requests received on WorkAttest. This access is restricted to authorized users only.

Verifiers/Verification Companies

AuthBridge will share the data on WorkAttest with verifiers in order to process the employment verification request received from them, which will only be processed when the request is received from verifier along with the consent of the individual being verified.

Human Resource Professionals

AuthBridge will share the data on WorkAttest with company HR (where you have applied for Job) in order to process the employment verification request received from them, which will only be processed when the request is received from them along with your consent.

Law Enforcement Authorities

AuthBridge may have request for necessary disclosures such as written request from government and this would occur in accordance with applicable laws and may include-

• Where AuthBridge is under an obligation by law to disclose Personal Data;
• Or where AuthBridge believes that a disclosure is necessary to identify or bring legal action against individuals who may be endangering public safety or interfering with AuthBridge property or services, or with our Client’s or others' use of them.

Data Back-up Services

The data on WorkAttest is backed-up on CtrlS server, we have legal contract and confidentiality contract signed with them and expect the same level of security controls in order to protect the personal data hosted on their server. Also, the access on this server is limited to authorized personnel in AuthBridge only.

AuthBridge is committed to protecting your Personal Data. AuthBridge is certified to ISO/IEC 27001:2013 and has the following appropriate technical and organizational information security measures in line with the international standard-

Any Personal Data/ Sensitive data is classified as confidential as per AuthBridge information classification policy.

Risk Assessment - Risk assessment activity is conducted periodically and based on the impact assessment, required security controls are identified and implemented to protect Personal Data.

Personnel Security - All employees are background verified prior to sharing any Personal Data with them. Confidentiality agreement and Acceptable use policy are signed with all employees. Awareness training based on data privacy, data security and data privacy incident reporting procedure is conducted periodically.

IT Controls - Access provisioning and de-provisioning is performed in accordance with the defined access management procedure. Accesses are granted only to authorized personnel on need to know basis.
Servers and systems are hardened considering the blockage of USB/CD drives and transmission of data outside of the organization's data network is encrypted by use of appropriate encryption techniques. Data at rest in computer systems or servers owned by or located within organization-controlled spaces and networks are encrypted with strict access controls that authenticate the identity of those individuals who access to the specific system or data.
Antivirus and Patches are updated on the regular basis in accordance with the respective defined procedures. Personal Data is disposed in a secure manner so that it can be made unrecoverable.
WAPT/VAPT is performed for all critical applications, servers and networks.
AuthBridge has its business continuity policy and plan made to deal with any situation where the current business is interrupted. On-site backup is taken for AuthBridge business critical applications and servers real time. Off-site back is taken every 24 hours.

Physical Security Controls- AuthBridge's premises are protected 24/7 through security guards to restrict any unauthorized entry.
ID card & entry process is in place for the employees and visitors. No visitor is allowed on operations floor unless escorted and approved. Off-site asset movement procedure is implemented for maintaining all logs of assets moving in and out of premises.
Biometric device is in place to capture the entry of employees and registered is maintained for all visitors. Reconciliation is done quarterly.
There is 24/7 CCTV monitoring on floors. Restricted areas are labeled, and only authorized users can enter. Documents are kept in lock and key.
There is 24/7 Power back up to support smooth functioning of the facilities. Preventive maintenance is done for support equipment. Facility temperature is maintained with air conditioners. Fire Detection & Prevention system is implemented.
Emergency Response Team (ERT) members are assigned to each working floor to ensure the timely evacuation in case of emergency. Considering the data center security, we have water leakage alarm, rodent repellent system implemented in place, humidity & temperature monitoring mechanism, visitor register, and inventory movement register in place.

Incident Management Process - Though AuthBridge has the best possible controls to protect privacy of your Personal Data, there is an incident management policy and procedure implemented to address any security incidents/privacy breach. Incidents are reported, recorded, investigated and responded with the corrective action plan in a timely manner. There is a mechanism to notify the impacted clients (if applicable) who must further notify the respective individual/s.

We take appropriate steps to maintain the security of your data on WorkAttest.com. We are committed to maintain the privacy of your data and creating a valuable resource for you to use.

However, you are solely responsible for the confidentiality of any password you use to access the Website/ application. You agree to notify us immediately on any unauthorized use of your account, username, or password. You also agree that WorkAttest is not liable in any manner for any loss that may incur as a result of any third party using your password or due to misuse of your account or password.

To restrict processing/ update/ delete rectify your information on WorkAttest we encourage you to speak to your ex-employer who has contributed the data to WorkAttest , on receiving such requests from your ex-employer, AuthBridge will immediately act upon the same.

If you are an EU (European Union) subject, you have the following rights with respect to your Personal Data that we process, subject to conditions and restrictions set out in the applicable laws-

• to learn whether your Personal Data is processed by us and to request a copy of your Personal Data and information relating to the processing of your Personal Data
• to request the correction of any inaccurate or incomplete Personal Data
• to request the erasure of your Personal Data or the restriction of the processing of your Personal Data
• to object to our processing of your Personal Data
• to withdraw your consent, you have given
• to lodge a complaint with the applicable regulatory/ supervisory authority

If you want to avail your rights under GDPR, we request you to reach out to your employer, on receiving the communications from its clients about your request, AuthBridge will immediately act upon the same in accordance with the applicable law.

AuthBridge collects your Personal Data from Contributor’s to provide employment verification services and it is retained as per the retention period agreed with client by way of a written agreement. In case you have any query, please connect with your ex-employer.

If you are an employer (contributor) sharing your employee’s data with us, you represent that you have the right to disclose and provide AuthBridge with your employee’s/ ex-employees Personal Data and hereby agree to indemnify and hold AuthBridge harmless for any disclosure made by you of such employee’s/ ex-employee’s Personal Data. AuthBridge is not obligated to seek consent of any person whose Personal Data is provided to AuthBridge.

If you are a Verifier (Verifying details from WorkAttest as a third party using our service for employee verification, you warrant that you will not share the report provided by WorkAttest with any person other than the employer of the candidate, through any medium, to the detriment of the interest of AuthBridge or any person including the verified.

AuthBridge is not obligated to verify or check the authenticity of the consent of the person to be verified. It is the responsibility of the Verifier to ensure that the consent you are sharing on WorkAttest has been obtained from the person to be verified. Please ensure that such consent is available with you and submitted with the verification request. We may, at times, audit such consents.

AuthBridge may review and update this privacy policy from time to time. To let the concerned parties know, AuthBridge will amend the revision date on top of this page.

AuthBridge commits to handle the Personal Data in a way that provides comfort and confidence. However, if at any time there are any concerns over the handling of the Personal Data, the concerned persons are encouraged to contact their employer. AuthBridge will cooperate with any investigation to resolve any issues.

If you wish to contact AuthBridge for any privacy related query/concern, then please send email at privacy@authbridge.com Or mail to:

Privacy & Compliance Officer
AuthBridge Research Services Pvt Ltd
Plot No. 123, II Floor, Udyog Vihar,
Phase IV – Gurgaon – 122 015