Privacy Policy for LKR e-Business App

Effective Date: [01-Oct-2024]

LKR e-Business App ("the App") is an internal tool developed for exclusive use by employees of [Company Name] ("the Company"). The App facilitates various operations, including Human Resources (HR), Customer Relationship Management (CRM), and Sales Order Management. This Privacy Policy outlines how the Company collects, uses, discloses, and protects personal and corporate data within the App.

1. Data Collection

The App collects data necessary for HR, CRM, and Sales Order functionalities. This includes:

• Employee Information:
  • Personal Details: Name, employee ID, department, contact information.
  • Professional Data: Work history, performance reviews, training records.
  • Access Logs: Login times, activity within the App.
• Customer Information:
  • Contact Details: Name, address, phone number, email.
  • Company Data: Company name, industry, size.
  • Interaction History: Communication records, meeting notes, previous orders.
• Sales Order Data:
  • Order Details: Products/services ordered, quantities, pricing, discounts.
  • Transaction Data: Order dates, payment terms, invoicing information.
  • Delivery Information: Shipping addresses, delivery schedules.
• Usage Data:
  • Device Information: IP addresses, device types, operating systems.
  • App Interaction: Pages visited, features used, error reports.

2. Purpose of Data Collection

Data is collected and used for the following purposes:

• HR Management: Employee administration, payroll processing, performance evaluations, compliance with legal obligations.
• CRM Operations: Managing customer relationships, tracking interactions, improving customer service.
• Sales Order Management: Enabling salesmen to create and manage sales orders, track order statuses, and generate invoices.
• Operational Efficiency: Enhancing App functionality, troubleshooting issues, conducting data analysis for internal use.

3. No Free Account Usage

The App is strictly for internal use by authorized employees. It is not accessible to the public, and no free accounts are available. User accounts are created, managed, and deactivated solely by the Company's system administrators.

4. No Account Deletion Policy

User accounts cannot be deleted to maintain the integrity of operational records, including HR, CRM, and sales data. This ensures compliance with auditing requirements, legal obligations, and historical data preservation. Accounts of former employees will be deactivated but not removed from the system.

5. Data Security

We are committed to safeguarding the data within the App through:

• Encryption: All sensitive data is encrypted during transmission (SSL/TLS) and at rest.
• Access Control:
  • Role-Based Permissions: Employees have access only to data relevant to their roles.
  • Authentication: Secure login protocols, including strong password policies and multi-factor authentication.
• Monitoring and Audits: Regular security assessments and audits. Monitoring for unauthorized access or anomalies in data usage.

6. Data Sharing and Disclosure

Data collected within the App is used internally and is not shared with external parties, except:

• Legal Requirements: If disclosure is necessary to comply with legal obligations.
• Consent-Based Sharing: With explicit consent from the affected parties.

7. Data Retention

• Employee Data: Retained for the duration of employment and as required by law after termination.
• Customer Data: Maintained for as long as the customer relationship exists.
• Sales Orders: Order records are retained indefinitely for historical reference, financial reporting, and compliance purposes.

8. User Responsibilities

Employees using the App are responsible for:

• Data Accuracy: Ensuring that information entered into the system is accurate and up-to-date.
• Confidentiality: Maintaining the confidentiality of login credentials.
• Compliance: Adhering to the Company's policies and applicable data protection regulations.
• Reporting: Promptly reporting any security incidents to the IT department.

9. Rights of Employees

While accounts cannot be deleted, employees have the right to:

• Access Personal Data: Request access to their personal data held within the App.
• Rectification: Request corrections to inaccurate or incomplete personal data.
• Limit Processing: In certain circumstances, request the restriction of processing their personal data.

Requests can be made by contacting the HR or IT department.

10. Updates to the Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices. Significant changes will be communicated through internal channels.

11. Contact Information

For questions or concerns regarding this Privacy Policy or data practices:

• IT Department:
• HR Department:

Appendix: Specific Provisions for Salesmen Accessing CRM and Sales Orders

To clarify the roles and responsibilities concerning salesmen accessing the CRM for sales order processing:

A. Data Access by Salesmen

• Permitted Access:
  • Customer Profiles: Limited to customers assigned to the salesman.
  • Product Information: Access to product catalogs necessary for order creation.
  • Sales Orders: Ability to create, modify, and track their own sales orders.
• Restricted Access:
  • Sensitive Customer Data: Financial details or data not relevant to sales activities.
  • Other Employees' Data: Salesmen cannot access HR data or sales orders created by others unless authorized.

B. Data Handling in Sales Orders

• Customer Consent: Ensure that any customer data used complies with consent obtained during initial data collection.
• Data Minimization: Only collect and process data necessary for the sales order.

C. Security Measures for Sales Activities

• Authentication: Salesmen must use secure login credentials and adhere to authentication protocols.
• Session Management: Log out of the App when not in use to prevent unauthorized access.
• Data Transmission: Avoid sharing customer or sales order data through unsecured channels.

D. Monitoring and Compliance

• Audit Trails: All actions performed by salesmen within the CRM are logged for auditing purposes.
• Compliance Checks: Regular reviews to ensure sales activities comply with Company policies and legal regulations.