Privacy Policy

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect personal data when you access and use our internal systems, including ERPNext and related internal applications.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to:

• Employees
• Contractors
• Internal operators
• Administrators
• Any authorised internal users of the system

3. Data We Collect

We may collect and process the following data:

• Full name
• Email address
• Username and user ID
• Login timestamps
• IP address
• Device/browser information
• System activity logs (audit trails)
• Records created or modified within ERPNext modules

4. Purpose of Data Processing

We process personal data to:

• Provide secure access to internal systems
• Enforce role-based access control
• Maintain audit trails for compliance and accountability
• Protect company data and infrastructure
• Investigate security incidents or misuse
• Improve system performance and reliability

5. Security Measures

We apply strict security controls, including but not limited to:

• HTTP Basic Authentication (long, non-guessable credentials)
• Individual user accounts and passwords
• Role-based permissions
• Access logging and monitoring
• Restricted internal-only access
• Encrypted connections (HTTPS)

All users are responsible for keeping their credentials confidential.

6. Internal User Responsibilities

By accessing the system, internal users agree that:

• Credentials must not be shared
• Access is strictly for authorised business purposes
• All actions are logged and auditable
• Misuse may result in disciplinary and legal action

7. Cookies & Tracking

We use cookies and local storage for:

• Session management
• Authentication
• Security
• User preferences

No advertising or third-party marketing cookies are used on internal systems.

8. Data Retention

• Logs and audit data are retained for operational and compliance purposes
• Data is retained only as long as necessary
• Data may be archived securely when no longer actively required

9. Data Sharing

Personal data is:

• Not sold
• Not shared with third parties, except where legally required or for essential system operation

10. Your Rights

Under UK GDPR, users have the right to:

• Access their personal data
• Request correction of inaccurate data
• Request deletion (subject to legal/operational constraints)
• Raise concerns about data handling

Requests should be directed to the system administrator or your organisation’s data protection contact. You may contact us at: info@shankarinternational.com

VPN Access & Confidentiality Policy (Internal Users)

Access to erp.shankarinternational.com and other internal systems is provided exclusively through a company-issued Virtual Private Network (VPN). This VPN access is strictly for authorised internal use only.

Each employee or authorised internal user is issued a unique VPN configuration file, which contains cryptographic credentials tied specifically to that individual.

By accessing the ERP system, you agree to the following:

• The VPN configuration file provided to you is confidential and must be treated as sensitive company information.
• You must never share, copy, forward, upload, or disclose your VPN configuration file or VPN credentials to any other person, under any circumstances.
• You must not attempt to modify, misuse, or bypass VPN access controls, including impersonating another user or device.
• You are solely responsible for all activity performed using your VPN access.
• Any unauthorised sharing or misuse of VPN access may result in immediate revocation of access, disciplinary action, and further action in accordance with company policy.

If you believe your VPN configuration file has been compromised, lost, or accessed by an unauthorised person, you must notify the IT administrator immediately.

11. Changes to This Policy

This policy may be updated periodically. Continued use of the system implies acceptance of the latest version.