Privacy Commitment - India

The following is a brief summary of how Netskope complies with applicable data privacy laws in India.

Digital Personal Data Protection Act, 2023 (DPDPA) Supervisory Authority Our Commitment to Data Protection Key Definitions Your Rights Under the DPDPA Our Responsibilities Our Compliance Measures

Digital Personal Data Protection Act, 2023 (DPDPA)

The DPDPA received Presidential assent on August 11, 2023, and will be implemented once notified by the Indian Government. Once effective, it will serve as the primary statute governing the protection and processing of digital personal data in India. The DPDPA will be the central legislation regulating the processing of digital personal data in India. Before its enactment, India’s data protection framework consisted of:

The Information Technology Act, 2000 (IT Act)
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
Various sectoral regulations under banking, telecom, insurance, and consumer protection laws

The DPDPA emphasizes accountability, consent, and data minimization, while addressing cross-border data transfers. You can review the full text of the DPDPA here.

By adhering to the DPDPA, we ensure the protection of personal data and comply with both legal and ethical standards, building trust with our stakeholders.

Supervisory Authority

India’s data protection authority will be the Data Protection Board of India (DPBI). The DPBI shall oversee compliance, investigate complaints, and enforce penalties for non-compliance. You can find more information at The Ministry of Electronics and Information Technology (MeitY’)s official website.

Our Commitment to Data Protection

At Netskope, safeguarding personal data and ensuring compliance with privacy laws are our top priorities. Below, we explain our approach to data protection as it relates to Indian privacy laws, your rights as an individual, and our responsibilities as a business.

Key Definitions

Personal Data: Any data about an individual who is identifiable by or in relation to such data.
Data Fiduciary: Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
Processing Activities: A wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.

Your Rights Under the DPDPA

Under the DPDPA, individuals have several rights regarding their personal data, including:

Right to Access: Obtain a copy of the personal data we hold about you.
Right to Correction: Request corrections to any inaccurate or incomplete information.
Right to Erasure: Request deletion of your personal data, subject to legal and business requirements.
Right to Withdraw Consent: Withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual obligations.

To exercise these rights, please visit our Exercise Your Rights Section.

Our Responsibilities

As a data processor, Netskope processes personal data on behalf of our customers and in accordance with their instructions. Our key responsibilities as a processor include:

We process personal data on behalf of our customers under clear contractual agreements, ensuring that all processing is conducted lawfully, fairly, and transparently.
We implement robust technical and organizational measures to safeguard personal data against unauthorized access, alteration, or loss.
We provide reasonable assistance to customers to help them meet their compliance needs. This may include working with customers to respond to third-party requests, providing information to demonstrate our security and privacy compliance measures, and helping customers complete risk assessments.

As a data fiduciary, Netskope manages the processing of personal data related to employees, marketing activities, training courses, website users, and more. In this capacity, we ensure that:

Data processing is done for legitimate and transparent purposes.
Transparency is maintained by informing individuals about data usage and ensuring their rights to access, correction, and erasure.
Appropriate measures protect personal data from unauthorized access or loss.
Staff receive ongoing training, and internal policies are reviewed to ensure compliance with privacy laws, including DPDPA, fostering a culture of data protection.
Procedures are in place to promptly report and address data breaches, including notifications to supervisory authority or affected data subjects when required.

Our Compliance Measures

We maintain strict data protection practices, including:

India-based data centers: Providing service selections to enable customers to restrict data location within the bounds of India.
Data Protection Policies: Establishing clear and comprehensive internal policies consistent with DPDPA.
Employee Training: Annual training for all employees on data protection responsibilities.
Data Audits: Netskope undergoes annual SSAE-18 SOC 2 Type II attestation through an independent, third-party auditor.
Security Measures: Technical and organizational measures such as utilizing encryption, securing storage, and having strict access controls are implemented to ensure an appropriate level of security, taking into account the nature, scope, context, purpose of the processing, and the risks for the rights and freedoms of natural persons.
Third-Party Assurance: All partners and vendors undergo security reviews involving a risk assessment and vetting procedure to ensure our partners and vendors meet our high standards.
Breach Management: Privacy and Security Incident Response Plan is well documented, implemented, and regularly reviewed and tested.

This page provides a high-level overview of our data protection practices under Indian data protection laws. We’re committed to protecting your data and ensuring transparency every step of the way.

If you have questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) at [email protected].

For more detailed information, please refer to our Privacy Policy or reach out to us directly.

India Privacy Commitment