Privacy Policy


This Information Security Policy outlines the principles, guidelines, and procedures to ensure the confidentiality, integrity, and availability of VTC 3PL's information assets. It applies to all employees, contractors, consultants, and third parties who have access to company information. The Policy is in accordance with The Information Technology Act, 2000 (IT Act) and The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as applicable in India.

1.Data Collection- 

1.1. VTC 3PL collects only the necessary and relevant information required to fulfil its business objectives and legal obligations.

1.2. The collection of personal data is conducted in accordance with applicable data protection laws and regulations.

1.3. Prior consent will be obtained from individuals for the collection, use, and disclosure of their personal data, unless otherwise permitted by law.

2. Data Processing

2.1. All information processing activities will be carried out in a lawful and ethical manner.

2.2. Information processing will adhere to the principles of accuracy, relevance, and purpose limitation.

2.3. Appropriate technical and organizational measures will be implemented to protect the confidentiality, integrity, and availability of processed data.

2.4. Access to personal data will be limited to authorized personnel based on the principle of least privilege.

3. Data Storage and Retention

3.1. Data will be stored in secure environments, including physical, electronic, and cloud-based storage systems.

3.2. Access controls and encryption mechanisms will be implemented to protect data stored within company systems.

3.3. Data retention periods will be defined based on legal requirements and business needs.

3.4. Disposal of data will be conducted securely, ensuring the permanent and irreversible destruction of data.

4. Security Controls

4.1. VTC 3PL will establish and maintain appropriate technical and organizational controls to protect information assets from unauthorized access, use, disclosure, alteration, or destruction.

4.2. Regular risk assessments will be conducted to identify and mitigate information security risks.

4.3. Security controls, including but not limited to firewalls, encryption, intrusion detection and prevention systems, antivirus software, and access controls, will be implemented to safeguard information assets.

4.4. Employees will receive training on information security best practices and their responsibilities for maintaining the security of company information.

5. Incident Response

5.1. VTC 3PL will establish an incident response plan to effectively respond to and manage information security incidents.

5.2. Employees will be required to promptly report any suspected or detected security incidents to the designated incident response team or IT department at 

5.3. Appropriate measures will be taken to investigate, contain, mitigate, and recover from security incidents, and to prevent recurrence.

6. Compliance

6.1. VTC 3PL is committed to complying with all applicable laws, regulations, and contractual obligations regarding information security and data protection.

6.2. Regular internal audits and assessments will be conducted to ensure compliance with this policy and related security controls.

6.3. Any non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contractual relationship with the company.

7. Policy Review and Updates

7.1. This Information Security Policy will be reviewed periodically to ensure its continued relevance and effectiveness.

7.2. Any updates or amendments to this policy will be communicated to all relevant parties and posted on the company's website.

VTC 3PL hereby confirms that, despite not having obtained external certification, no cases of information security breaches have been reported within the company during the past two financial years, covering the period from April 2021 to March 2023.