1.Purpose:
1.1 To establish a formal mechanism for external stakeholders (clients, vendors, visitors) to lodge and resolve grievances related to data protection, privacy practices, or service delivery, ensuring transparency, consistency, and compliance with ISO 27001:2022 and the Digital Personal Data Protection Act (DPDPA) 2023.
2. Scope:
2.1 This procedure applies to all grievances raised by external parties regarding IDA Automation’s products, services, website privacy notice, consent mechanisms, or data handling.
3. References:
3.1 ISO/IEC 27001:2022 – Information Security, Cyber security, and Privacy Protection- Information Security Management System- Requirements
4.Acronyms:
4.1 HR: Human Resource
5.Definitions:
5.1 Data Principal: The natural person to whom the personal data relates.
5.2 Data Fiduciary: Any person, including the State, who alone or in conjunction with others determines the purpose and means of processing personal data.
5.3 Data Processor: Any person who processes personal data on behalf of the Data Fiduciary.
5.4 Consent: Free, informed, specific, clear, and capable of being withdrawn agreement by the Data Principal for processing their personal data.
5.5 Grievance: Any expression of dissatisfaction by an external stakeholder regarding IDA Automation’s data handling, privacy practices, or service delivery.
6.Roles and Responsibilities:
External Stakeholder: Submit grievance with details and evidence
Committee Secretary: Acknowledge receipt, log grievance, coordinate investigations and communication
Chairperson: Lead committee meetings, ensure adherence to timelines
Committee Members: Investigate, deliberate, and decide on corrective actions
Appellate Authority: Review escalated grievances and issue final decision
7.Procedure Steps:
7.1 Lodging a Grievance – External stakeholders may submit their grievance by emailing idacompliance@idaautomation.com with:
7.2 Full name and contact details
7.1.1 Description of the issue, date, and affected process or data
7.1.2 Any supporting documents or evidence
7.2. Acknowledgement – Within 3 business days of receipt, the Committee member’s will send an acknowledgement email confirming receipt of the grievance and outlining the next steps.
7.3. Review & Investigation – The External Grievance Redressal Committee will convene to:
7.3.1 Classify the grievance by severity (High/Medium/Low)
7.3.2 Assign members to gather relevant information and conduct investigations
7.3.3 Consult with business units or third parties as needed
7.4 Decision & Communication – Within 30 calendar days of the acknowledgement, the Committee will:
7.4.1 Decide on appropriate corrective actions or responses
7.4.2 Communicate the decision and any remedial measures in writing to the complainant.
7.5 Appeal Process – If the complainant is dissatisfied with the outcome, they may request a review by the Appellate Authority (COO) by replying to the decision email within 15 calendar days. The final decision will be communicated within 15 calendar days of the appeal.
7.6 Closure – A grievance case will be closed once the complainant accepts the outcome or the Appellate Authority’s decision is final. All communications will be documented and filed.
8.Contact Us:
8.1 If you have any concerns or complaints related to our services, data processing practices, or any conduct pertaining to IDA Automation Pvt Ltd, you may contact our External Grievance Redressal Committee by emailing: external.grievance@idaautomation.com All submissions will be treated confidentially and addressed within 30 working days as per IDA’s grievance resolution guidelines.
9. Non-Compliance:
9.1 Failure to comply with the External Redressal procedure may result in disciplinary action as per IDA Policy.