Privacy Policy

1. Policy Statement

Cameo regards and respects all ‘personal’ data of all entities and individuals associated of personal data (eg: Website users, mobile applications, subscribers, Data privacy) with it and are committed to protect it from wrongful exposure or usage for unintended purpose and shall ensure compliance to all applicable legal, contractual, statutory and regulatory requirements. Cameo shall collect only such data as is necessary for providing the service as requested by the individuals.

2. Objective

The objective of this policy is to ensure provision and sustenance of appropriate protection of “private data” relating to entities and individuals directly or indirectly associated with Cameo and the necessary compliance to all applicable legal and regulatory, contractual requirements.

3. Definitions

Personal Data means any data or information that relates to a natural person, which either directly or indirectly in combination with other information available or likely to be available, is capable of identifying such person.

Sensitive Personal Data or Information of a person means such personal information which consists of information relating to:

  • Password

  • Financial information such as Bank account or credit card or debit card or other payment instrument details

  • Physical, physiological and mental health condition;

  • Sexual orientation

  • Medical records and history

  • Biometric information

  • Any detail relating to the above clauses as provided to Cameo for providing service; and

  • Any of the information received under above clauses by Cameo for processing, stored or processed under lawful contract or otherwise

For the purpose of this document, private data will mean personal data.

4. Scope

Cameo obtains private data in two different contexts:

  • As a service provider

  • In the course of its own operations such as relating to its management members, employees, service providers and partners.

As a service provider, Cameo handles customer data of telecom clients, hospitals, corporate, banks etc

This policy covers handling and management of “personal” data of all associates including but not limited to shareholders, customers, suppliers, employees and clients. The scope of data will cover all data limited to “personal” type of data residing on computing resources under its control and/or management within Cameo’s premises.

5. Risks

The following are some of the risks that the organization could face on account of failure to protect private data:

  • Lawsuit / legal issues, penalties and prosecution of Cameo, its management personnel and employees

  • Loss of reputation and brand equity

  • Monetary loss and damages

  • Contractual penalties and loss of customer contract

  • Loss of business and market share

6. Requirements

Cameo shall establish processes to assess risks to private data and ensure compliance with data protection and privacy requirements and stipulations as mandated in relevant applicable legislations, regulations and contractual stipulations

6.1 Classification of Sensitive Data

The “private data” shall be assigned a sensitivity level of “High”, “Medium” or “Low” based on the following:

  • mpact level in the unforeseen event of compromise and or breach of “privacy protection”

  • Legal / Business / customer / situational requirements

For each “private data” the purpose of requirement as identified at the time of collection has to be recorded and also the duration of data retention as decided has to be recorded and informed to the concerned stakeholder in writing at the time of such collection.

Where Cameo has been provided the private data in the role of a service provider, the onus of informing and obtaining the owner’s consent shall lie with Cameo’s clients.

6.2 Sensitivity classification of customer data

The sensitivity level of customers’ “private” data shall be classified as below and followed as per operations procedures

Line of business Type of data Sensitivity
Registry and Securities Transfer Services Shareholder/Investor’s personal data including bank details High
Telecom Services Customer’s demographic data and bank details High
Banking Services Customer Account numbers High
Transcription Data and Conversion Services Customer’s health information High
Pre-press and e-Publishing Services None
Cameo’s operations Employee’s personal data, partners and supplier’s bank details, High

6.3 Establish procedures for handling private data

Cameo shall establish procedures for handling of private data covering the following requirements:

Collection of “Private Data”

Cameo shall establish a process for collection of private data, adequate information to the owner/subject of the data on the purpose for which the data is collected, retention period, process for verification of the data by the subject, process for request by the subject for effecting correction to the data.

The owner/subject of the data must be provided with an ability to modify the details provided after such collection. Maintenance of the accuracy such private data shall be the responsibility of the owner and has to be ensured by the owner. Such fact shall also be informed in writing to the owner/subject at the time of such collection.

Where Cameo has been provided the private data in the role of a service provider, its responsibility shall cease after handing over the data to the client.

Data storage and access

Approach and techniques for storage of ‘private data’ shall be chosen that is commensurate with the “sensitivity” level of the data. Similarly, logical access management to such private data shall also be governed by the level of data sensitivity. All personnel involved in processing and handling such data shall be made aware of the sensitivity and impact associated with “private data”

Option of encryption of sensitive “private” data during transmission as well as in storage should be considered based on requirement and accordingly implemented and maintained. Any backup or archive of such data has to be managed with due care as applicable to primary storage of the data without compromising the underlying control principles as established based on the level of sensitivity of such data.

Processing of “private” data

Processing of “private” data shall be in line with the purpose declared at the time of time of collection and no additional or further processing should be allowed for any other purpose identified later unless written permission thereof is obtained from the owner/subject

Where Cameo has been provided the private data in the role of a service provider, such and only such processing shall be performed as is required to comply with the contractual obligations and regulatory requirements. No other use of such data shall be made.

Handling private data in test environments

As a policy, Cameo shall not use private data as such for any testing purposes. Private data, if considered unavoidable for testing purposes shall be used only after such data is scrambled or by removal of key identification data information. However, as a matter of abundant caution, protection similar to that as applicable to production “private” data shall be accorded to “private” data in test environments

Disposal of “private” data

At the end of the retention period or cessation of the purpose of collection the “private” data shall be disposed in such a manner so that retrieval of the data shall not be possible from the disposal/media system or otherwise. For example, soft copy data may be destroyed using secure techniques such as degaussing.

Alternately, suitable “de-identification” of the data may be carried out such that identity related part of the data that would link the data to the specific individual is destroyed permanently.

Where Cameo has been provided the private data in the role of a service provider, such data shall only be retained for periods as defined in the respective contracts.

7. Roles & Responsibilities

Activity Responsibility
Identification of data privacy requirements ISMS Officer with support from respective departments
Implementation approach ISMS Steering Committee and IT department
Collection process of “private” data Respective departments in consultation with ISMS Officer
“Private access data” storage and ISMS Steering Committee and IT department
Processing of “private” data Respective departments
Disposal of “private” data ISMS Steering Committee and IT department
Managing requests from external and public authorities for “private” data sharing Department Heads in consultation with IT Department/ ISMS Steering Committee
“Privacy” related incident management ISMS Steering Committee and IT Department
Providing security awareness and training related to “private” data handling Respective Department Heads in coordination with ISMS Steering Committee and HR
Policy audit Security audit team

8. Compliance

Violations of the provisions of the policy:

  • Shall be subject to Cameo’s Code of Conduct and Disciplinary process and can invite disciplinary action including dismissal of the user or termination of contract and can extend to legal action.

  • the subject alleged with the violation and the events triggered by them can be subject to investigation

9. Associated Documents

  • Information Security Policy

  • Acceptable Use Policy

  • Help Desk and Incident Management Policy

  • Code of Conduct and Disciplinary Process

Contact Us

Cameo Corporate Services Limited
Subramanian Building,
No.1 Club House Road,
Chennai 600002
India
Email : investor@cameoindia.com
Web : https://cameoindia.com/
Phone : +91-44-28460390
+91-44-40020710
SEBI Registration Number: INR000003753

Company links

Terms and Conditions

Privacy Policy

Refund Policy

Contact Details

About Us Link

Copyright © 2026 Cameo Corporate Services Limited