Know more
Contact Us

Data Security Policy

Introduction

Externix Informatics Pvt. Ltd. is a trusted Business Process Outsourcing (BPO) provider specializing in high-volume, chat-based customer support services for leading e-commerce businesses.

Headquartered in India, we deliver seamless, real-time customer interactions that enhance user satisfaction while upholding the highest standards of data protection and confidentiality. As a company that manages sensitive customer information on a daily basis—including personal details, order histories, and support communications—we are deeply committed to maintaining strict data security, client confidentiality, and regulatory compliance.

We implement industry-leading security protocols, employee access controls, and regular audits to ensure secure handling, transmission, and storage of data. Our security framework aligns with global best practices and complies with applicable laws such as the Information Technology Act, 2000 (India), GDPR, and client-specific security requirements.

At Externix Informatics, data privacy is not just a policy—it is a core pillar of our service delivery model, client trust, and operational integrity.

While we take reasonable and commercially acceptable measures to protect personal information, no method of transmission over the internet or electronic storage is entirely secure. Therefore, absolute security cannot be guaranteed.

Objectives

The objectives of this Policy are to:

  • Protect client and customer data from unauthorized access, misuse, leakage, or loss

  • Implement strict technical and procedural security controls

  • Ensure full compliance with applicable data protection laws and client security expectations

Scope

This Policy applies to:

  • All employees, contractors, consultants, and vendors of Externix Informatics Pvt. Ltd.

  • All systems, devices, applications, and platforms used for client processes

  • All forms of customer and client data, including but not limited to:

    • Personally Identifiable Information (PII)

    • Payment-related information

    • Order history and transaction details

    • Customer chat logs and communication records

Core Security Measures

Access Control

  • Role-based access to systems and data (least-privilege principle)

  • Employees may access data strictly required for their job role

  • Multi-Factor Authentication (MFA) enabled for all system logins

Employee NDAs & Background Verification

  • Mandatory Non-Disclosure Agreement (NDA) for all employees

  • Background verification conducted prior to hiring

  • Periodic refresher training on data security and privacy laws

Device & Network Security

  • Use of company-provided systems only (BYOD strictly prohibited)

  • Automatic system lock after 5 minutes of inactivity

  • Encrypted VPN access for remote or hybrid employees

  • Restricted and monitored internet usage on support devices

Data Retention & Sanitization

  • Customer data retained strictly as per client-defined data retention policies

  • Secure deletion of data after retention period using industry-standard sanitization methods

Audit & Monitoring

  • Regular internal audits to ensure compliance

  • System activity logs maintained for all access and transactions

  • Real-time monitoring and alerts for suspicious or unauthorized activity

Employee Responsibilities

All employees must:

  • Lock their workstation when stepping away

  • Never write down, reuse, or share passwords

  • Immediately report any suspected or actual security incident

  • Follow all client-specific data handling instructions and SOPs

Failure to comply may result in disciplinary action, including termination.

Training & Awareness

Employees undergo quarterly mandatory training covering:

  • Phishing and social engineering threats

  • Data privacy laws including GDPR

  • Client-specific data handling protocols

  • Secure system usage practices

Certification or assessment completion is mandatory after each training cycle.

Incident Response

Externix Informatics maintains a Data Security Response Team (DSRT) or Internal Committee (IC) to manage security incidents.

Incident handling includes:

  • Reporting of incidents within 15 minutes of detection

  • Immediate containment and access suspension if required

  • Root cause analysis and corrective action

  • Client notification within 24 hours of confirmation

Compliance & Policy Review

This Policy ensures compliance with:

  • General Data Protection Regulation (GDPR), where applicable

  • PCI DSS, if payment information is processed

  • Information Technology Act, 2000 (India)

The Policy is reviewed every six (6) months or following any major incident, regulatory update, or client requirement.

Client Assurance

Externix Informatics commits to:

  • Full transparency in the event of any data security incident

  • Immediate suspension of system access upon breach suspicion

  • Periodic sharing of policy updates and compliance reports with clients

Contact

For any questions regarding this Data Security Policy or data protection practices, please contact:

Externix Informatics Pvt. Ltd.

(Official contact details to be updated by the Company)

This Data Security Policy reinforces Externix Informatics Pvt. Ltd.’s commitment to confidentiality, compliance, and secure service delivery.