HERO MOTOCORP LTD RULES AND REGULATIONS FOR ACCEPTABLE USE OF COMPUTER RESOURCES
1. INTRODUCTION
The purposes of these rules and regulations are to outline the acceptable use of computers, computer systems, computer networks, computer resources and communication devices of Hero MotoCorp Ltd (hereinafter referred to as Hero MotoCorp Ltd or company) and provide users of the company with basic knowledge and general guidance for proper, fair, efficient, and effective use of these computer resources.
The company recognizes the importance for employees/users, to be able to access its computers, computer systems, computer networks, computer resources and communication devices and telecommunications network. The company demands respect for working on its administrative resources, while using these resources. Computer resources are made available to users to engage in activities relating to the company's business only.
As per these rule and regulations regarding the use of company's computers, computer systems, computer networks, computer resources, communication devices and its telecommunications network, the company, as owner and manager of its computer resources and telecommunications network, is compelled to ensure that their use conforms to the law. These rules and regulations of the company are in accordance with the amended Information Technology Act, 2000 as well as rules and regulations made thereunder including the Information Technology Rules, 2011 and the Information Technology (Intermediary Guidelines) Rules, 2011. The company expects all users to conform to usual rules of courtesy and etiquette as well as to the laws and regulations for the time being in force.
2. SCOPE
This document elaborates various rules and regulations that are in place and adopted by the Hero MotoCorp Ltd for the use of its computer resources and computer systems, in accordance with principles established under the Information Technology Act, 2000 and also rules and regulations made thereunder.
The present rules and regulations state the conditions for utilization of computer resources of the company by employees/users and are intended to:
1. promote responsible use of computer resources;
2. safeguard the company's reputation as a responsible organization;
3. deter users from abusive or illegal use of computer resources;
4. ensure protection of private information;
5. define the boundaries regarding the private lives of users related to their utilization of computer resources;
6. minimize risk of destruction or modification of systems or data.
3. APPLICABILITY
These Rules and Regulations of Hero MotoCorp Ltd are applicable to all visitors of the website of Hero MotoCorp Ltd, all employees (both old and existing), as also all legal entities with whom Hero MotoCorp Ltd has got business relationship which include suppliers, vendors, sub-vendors, distributors, sub-distributors, agents, dealers and sub-dealers etc.
4. GENERAL CONCERNS
i. Privilege: Access to computer resources constitutes a privilege and not a right. Only duly authorized users may access and use computer resources of the company and only within the parameters granted to the user by the company. The user may not allow an unauthorized third party to use these resources. Computer resources must be used in a reasonable manner and utilization must not unduly restrict access for other users.
ii. Priorities: Computer resources are made available to users for the purpose of engaging in activities related to the fulfillment of company's business.
iii. Utilization for computer resources: Users may use the company's computer resources, subject to certain conditions, which are as under:
1. The user respects the terms of the present rules and regulations;
2. Company's computer resources shall not be used for personal matters;
3. Users must accept that the company is obliged to preserve access to any message or transaction performed through its computer resources and consequently, no use for any matters whatsoever cannot be considered private.
5. CODE OF ETHICS FOR USERS
The users of computer resources agree to show:
1. respect towards persons, their private lives, personal or confidential information about them, whether by text, messages or images;
2. respect as regards company objectives;
3. respect for copyright and intellectual property;
4. respect for security measures implemented by the company.
6. PROHIBITED ACTIVITIES
Any or all use of the company's computers, computer systems, computer networks, computer resources and communication devices for unauthorized or illegal matters is strictly forbidden. On the company's computer resources, it is specifically prohibited to host, display, upload, modify, publish, transmit, update or share any information that:
1. belongs to another person and to which the user does not have any right to;
2. is grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
3. harm minors in any way;
4. infringes any patent, trademark, copyright or other proprietary rights;
5. violates any law for the time being in force;
6. deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
7. impersonate another person;
8. contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;
9. threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or is insulting any other nation;
10. tantamount to transmitting advertising, spam or which promotes or conducts transactions for personal business purposes;
11. refers to the company in personal comments within discussion groups or chat rooms, or to use any other mode of expressing an opinion in such a way as to imply that the opinions expressed are approved by the company, except when the statement is made by a person authorized to do so in the performance of his/her duties.
7. MODIFICATION OR DESTRUCTION
Any modification or destruction of computer resources is prohibited without the authorization of an authorized person of the company.
8. ACTIONS CAUSING DAMAGE
It is strictly forbidden to act in such a way as to damage the computer resources of the company, specifically, to engage in hacking or spread computer viruses, or the unauthorized destruction or modification of data or software, or diminishing of value or utility of electronic information residing in a computer resource or affecting it injuriously by any means or unauthorized use of the access code or password of another user, or by any action intended to deactivate, challenge or bypass any company information technology security system.
9. UNAUTHORIZED ACCESS
It is strictly prohibited to access or attempt access to files, data, databases, systems, internal or external networks or computer resources restricted to a specific category of users, unless prior approval of the concerned authorized person of the company has been duly taken in writing.
10. REASONABLE USE
In a situation of shared resources, the user may not monopolize or abuse computers, computer systems, networks, computer resources and communication devices. It is strictly prohibited, such as, to store an excessive amount of data or to use the Internet and its logical record to listen to the radio or a television programme or any other telephony, unless the context otherwise requires it for the purpose of business activity of the company.
11. INTELLECTUAL PROPERTY RIGHTS
Users must, at all times, respect copyright and other intellectual property rights of others. The following are examples of documents likely to be protected by copyright or other intellectual property rights: contents of an e-mail message; textual, graphic and sound contents of a Web site; music and radio and television programmes transmitted through a Web site; music, photos, or graphics available on the Web; applications downloaded from an FTP site; compilation available on a Web site; use of a logo and trademark. In certain cases, the following actions may contravene copyright or intellectual property rights of the relevant rights owners:
1. downloading a file;
2. digitizing a printed document;
3. retouching a photo or other person's text;
4. posting music on the Web;
5. Posting another person's art work when the work is protected by copyright.
The Users are strictly prohibited from:
1. using any illegally copied software or electronic file;
2. participating, directly or indirectly, in the reproduction of a programme or electronic file;
3. modifying or destroying a software programme, data bank or electronic file or to access it without the express authorization of its owner;
4. reproducing documentation relating to a programme, without authorization from the owner of the copyright;
5. using computer resources to commit or attempt to commit an infraction to copyright and intellectual property;
6. Reproducing software, software packages, and courseware, which is duly authorized only for purposes of securing back-up copies, or according to the software license terms in force.
12. ELECTRONIC MESSAGING
i. The user must identify himself as the author of any electronic message sent on the company network and, as the case may be, specify his title or position.
ii. The user must, where applicable, respect the confidentiality of messages sent on the network and refrain from intercepting, reading or modifying any message not intended for him/her.
iii. Users are strictly prohibited from:-
1. Using one or more gimmicks or any other means of transmitting an electronic message anonymously or in the name of another person;
2. Subscribing to mailing lists not related to the user's job description;
3. To send, without authorization, to all staff or to selected groups of employees or other users, messages of a general nature, news of any kind, chain letters and any information not related to company business activities.
13. CONFIDENTIALITY AND PROTECTION OF PERSONAL INFORMATION
1. Information contained in computer resources is confidential whenever it is regarded as personal information or information protected by the company under the IT Act and rules made thereunder, respecting access to documents held by public bodies and the protection of personal information or information related to a person's private life.
2. Respect for security measures: The user is under obligation to respect regulations enacted by the law prevailing for the time being in force, respecting access to documents held by public bodies and the protection of personal information as regards storage, access, transmission and dissemination of personal information, specifically through computer resources.
3. Dissemination of personal information: The user may not, without authorization from the persons concerned, disseminate personal information whether by written information, photographs or any other visual documents showing these persons participating in an activity, and allowing them to be identified by name.
4. The company respects the private life of users. However, in view of the fact that computer resources are made available to users in order to assist the company in fulfilling its business activities, the user's right to privacy is limited. Thus, equipment, systems and files intended for work-related matters must be accessible at any time to members of administration, substitute employees/users or the network administrator.
5. The company shall not systematically oversee user communications. An investigation shall be conducted if there is reason to believe the systems are being used in inappropriate ways or if it is necessary to trace information otherwise unavailable.
6. The user loses his right to confidentiality for the files he/she created by using computer resources of the company, including all information in contravention of the present rules and regulations or of instructions enacted by the company intended to ensure its application, or to agreements or Local/State/Union laws.
7. The user is entitled to know that the company may be required, within the framework of a judicial enquiry, to provide as evidence the contents of any document saved on its own computer systems. In that case, the company has the exclusive right to and may enter any system without prior warning, and to inspect and examine all the data, database and information resident therein.
14. HERO MOTOCORP LTD'S RESPONSIBILITIES
1. The company is not responsible, directly or indirectly, for losses, damages or inconvenience caused to users as a result of their utilization of computer resources, or in the case where, for whatever reason, it must reduce or interrupt service, whatever the duration of these reductions or interruptions may be, or if the services cease.
2. The company shall inform the users that in case of non-compliance with the present rules and regulations for access or usage of company's computer resources, the Company has the right to immediately terminate the access or usage rights of the users to its computer resources and remove non-compliant information.
3. Hero MotoCorp Ltd shall provide sufficient physical and electronic security controls for its computer resources or computer systems or networks. These controls shall include (i) requiring verification of authorization for access to all secured locations and (ii) access doors equipped with card reader control or an equivalent authentication device, egress doors which initiate an audible alarm when opened and equipped with tamper resistant hardware.
4. Hero MotoCorp Ltd shall take all steps necessary to ensure that no user shall, without Hero MotoCorp Ltd 's prior written consent, use, duplicate or reveal to any person or entity any Login IDs, passwords, software, data, material, content or any other information related to or accessible on the computer resources , whether written, verbal or electronic. Hero MotoCorp Ltd shall treat all information as copyrighted and owned by Hero MotoCorp Ltd.
5. Hero MotoCorp Ltd shall cause each of its employees, agents and sub/contractors to safeguard the confidentiality of information pursuant to the present rules and regulations regarding the users' data or information.
6. Hero MotoCorp Ltd shall not transfer or disclose the information, directly or indirectly, to any third party (other than its employees who have a need to know such information and are authorized by Hero MotoCorp Ltd to have access to the Computer Systems to perform Hero MotoCorp Ltd's obligations under the present rules and regulations without Hero MotoCorp Ltd's prior written consent,); and
7. Hero MotoCorp Ltd shall not take any other action with respect to the Information inconsistent with its confidential and proprietary nature. Any user wishing to access the computer resources, computer Systems or network of the company must be authorized and approved by Hero MotoCorp Ltd. Notwithstanding such authorization and approval, Hero MotoCorp Ltd shall permit access to the computer resources, computer Systems or network solely by its employees agreeing in writing to abide by the rules and regulations contained herein.
8. Hero MotoCorp Ltd shall not knowingly host or publish any information or shall not initiate the transmission, select the receiver of transmission, and select or modify the information which is prohibited under the Information Technology Act and rules and regulations made thereunder. Removal of access to any offending information, data or communication link by Hero MotoCorp Ltd or its affiliates after such information, data or communication link comes to the actual knowledge of a person authorized by Hero MotoCorp Ltd or pursuant to any order or direction as per the provisions of the Act or expeditiously removing or disabling access to such content by Hero MotoCorp Ltd , shall not amount to hosting, publishing, editing or storing of any such information which is prohibited under Information Technology Act and rules and regulations made thereunder and also other law for the time being in force
9. Hero MotoCorp Ltd, on whose computer systems or computer resources, any contravening information is stored or hosted or published, upon obtaining knowledge by itself or having been brought to actual knowledge by an affected person in writing or through email signed with electronic signature, about any prohibited activities as mentioned in the rules and regulations above, shall act expeditiously and remove or disable access to such content and where applicable, work with user or owner of such information to disable such information that is in contravention of the present rules and regulations and the IT Act and Rules, without vitiating the evidence in any manner.
10. Further Hero MotoCorp Ltd shall preserve such information and associated records for at least ninety days for investigation purposes.
11. Hero MotoCorp Ltd shall strictly follow the provisions of the Information Technology Act, 2000 as amended as well as rules and regulations made thereunder including the Information Technology Rules, 2011 or any other laws for the time being in force.
12. Hero MotoCorp Ltd shall provide information or any such assistance to Government Agencies, as and when required by lawful orders, who are lawfully authorized for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution of cyber security incidents and punishment of offences under any law for the time being in force, on a request in writing stating clearly the purpose of seeking such information or any such assistance.
13. Hero MotoCorp Ltd shall take all reasonable measures to secure its computer resource and information contained therein following the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules, 2011.
14. Hero MotoCorp Ltd shall report cyber security incidents and also share cyber security incidents related information with the Indian Computer Emergency Response Team.
15. Hero MotoCorp Ltd shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force but Hero MotoCorp Ltd may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.
16. Hero MotoCorp Ltd shall address any discrepancies and grievances of any users or any victim, who suffers as a result of access or usage of computer resource by any person in violation of Rule 3. Such users and/or victims can notify their complaints against such access or usage of computer resources of Hero MotoCorp Ltd or other matters pertaining to the computer resources made available by Hero MotoCorp Ltd to a Grievance Officer. For this purpose, Hero MotoCorp Ltd shall designate a Grievance Office, whose details are as under:-
17. Mr. Grievance Officer
Contact Details:
C/o Hero MotoCorp Limited,
The Grand Plaza, Plot No.2,
Nelson Mandela Road,
Vasant Kunj - Phase -II,
New Delhi - 110070
Phone: 011-46044100
Time: 10AM – 5PM
Email: grievanceofficer@heromotocorp.com
18. The Grievance Officer shall redress the grievances of visitors/users of the Hero MotoCorp Ltd websites, if any, expeditiously but within one month from the date of receipt of grievance.
19. Hero MotoCorp is an ISO 27001:2013 certified compliant company. Hero MotoCorp Ltd has implemented the principles and salient features of IS/ISO/IEC standard 27001:2013and the codes of best practices for data protection for the purpose of compliance with reasonable security practices and procedures. Further Hero MotoCorp Ltd shall audit its security practices and procedures on a regular basis through an independent auditor, duly approved by the Central Government. The audit of reasonable security practices and procedures shall be carried out by an auditor once a year.
15. USERS RESPONSIBILITIES
1. The users are responsible for their own actions in the use of company computers, computer systems, computer networks, computer resources and communication devices of the company. Any user who commits an illegal act is subject to legal consequences, including both civil and criminal action. The company shall not be responsible for such an illegal act as the company is an intermediary. The company has exercised due diligence, while discharging its obligations under the Information Technology Act and has further complied with the provisions of the Information Technology Act and rules and regulations made thereunder.
2.The users shall strictly follow the present rules and regulations and also provisions of the Information Technology Act and Information Technology Rules and any other laws for the time being in force.
3. User shall indemnify Hero MotoCorp Ltd and its affiliates and their officers, agents, employees and service providers and hold them harmless in respect of all losses, costs, proceedings, damages, expenses (including reasonable legal costs and expenses) or liabilities howsoever incurred by any of them as a result of any claim by a third party resulting from a breach or non-observance of these rules and regulations and/or of other Hero MotoCorp Ltd policies by the User or breach of any prohibition, or restriction on User's activities contained in these rules and regulations.
16. EMERGENCY AND SECURITY MEASURES
1. The company reserves the right to keep a register of transactions performed by way of its computer resources and telecommunications network and the right to analyze information contained in this register in order to detect unauthorized, illicit or illegal activities on its network, whether through conventional technical means or by using emerging technologies like artificial intelligence.
2. The Network Administrator of the company may proceed to commence any investigation, without prior notice, when an emergency warrants it, such as, detection of the presence of a virus in the network or over utilization of network resources, and may save any or all copies of a document in order to ensure respect for the terms of this rules and regulations enacted by the company.
3. The company reserves the right to erase from its computer resources any illegal content or content in contravention of the regulations stated in the present rules and regulations.
4. The authorized person of technology team of the company may put forth instructions and regulations to ensure the security of computer resources and to periodically conduct security checks.
17. SANCTION
If users believe that a violation of these rules and regulations has occurred, contact the office of Hero MotoCorp Ltd in person or on email being grievanceofficer@heromotocorp.com immediately. Under no circumstances should the witnesses attempt to look through or access the suspect's machine in order to conduct their own personal investigation.
Any person found to have violated or violating these rules and regulations might be subject to disciplinary action, up to and including termination of employment. In addition, there may be cases in which a person may be subject to civil or criminal liability. In case of other users they could be liable for civil or criminal liability including exemplary damages, under the provisions of the law prevailing for the time being in force, including the amended Information Technology Act, 2000 as well as rules and regulations made thereunder.