download-pdfDownload Report


Ethical Practices

Happiest Minds is committed to conducting its business in accordance with the applicable laws, rules, and regulations with highest standards of business ethics, integrity, environmental responsibility, and social responsibility.

To implement the Value Chain Sustainability Framework, Vendor’s Code of Conduct has been established and communicated to all the vendors. This Code is intended to define non-negotiable minimum standards of business conduct that Happiest Minds expect its Vendors to respect and adhere to. This includes compliance with the laws of land and adherence to well-established ESG principles and standards such as National Guidelines on Responsible Business Conduct (NGRBC), the UN's Universal Declaration of Human Rights and the conventions of the International Labor Organization (ILO) Declaration on Fundamental Principles and Rights at Work and ILO’s Basic Terms and Conditions of Employment.

While Vendors are expected to self-monitor and demonstrate their compliance with this Code, Happiest Minds reserve its right to audit Vendors or inspect Vendors’ facilities to confirm compliance. This Code is an integral part of Happiest Minds' contract or agreement with its Vendors.

The requirements under the Happiest Minds’ Vendor’s Code of Conduct focuses on Freedom of employment and association, The eradication of child labor, safe and hygienic working conditions, appropriate pay and working hours, humane and non-discriminatory treatment, anti-bribery and corruption, and environmental awareness.

Data Privacy and Freedom of Expression
  1. Happiest Minds has conducted detailed assessment of our internal processes to comply with Privacy regulation like GDPR. Data flow maps are developed and evaluated for each function/business process to identify the overall lifecycle of the collected data, privacy risk is assessed and mitigation measure and controls are deployed accordingly. Some of the key policies/practices implemented include:

1a. Awareness (Article 39):Annual information security awareness sessions

1b. Review and Update Privacy Notices (Article 19):The current privacy policy is updated as per the GDPR requirement. The same has been published in the Happiest Minds website.

1c. Appoint or Hire a Data Protection Officer (Article 37):In-house Full-time DPO has been appointed.

1d. Evaluate Data Retention Procedures (Article 12):Data retention policy is in place and timeline of data retention is mentioned by different process owners.

1e. Conduct a Privacy Impact Assessment (PIA) or DPIA (Article 35):DPIA was conducted when the GDPR was implemented identifying various PII data and its respective controls and owners. Annual audit is conducted to verify the DPIA.

1f. Establish Contracts with Third-Party Processors (Article 28, 46):Happiest Minds has modified the contracts to ensure that all third parties have adequate data protection measures and procedures in place. Annual privacy risk reviews are conducted for the identified critical vendors.

1g. Implement Procedures for Prompt Mandatory Notification (Article 33, 34):We have procedure in place to ensure that breaches are reported to regulators within 72 hours of the Company becoming aware of the breach. If notification occurs later than 72 hours after we become aware of a breach, eventual notice is accompanied by an explanation for the delay. DPO manages and oversees the activities.

Data Security and Privacy Policies

Information Security and Privacy Policies and Procedures: We have well-defined and implemented information security and data protection policies and procedures (as per ISO 27001 and ISO 27701 framework). Policies and practice related to Data Security includes:


Vendor Risk Management Policy


Information Security Policy


Access Control Policy


Clear Desk and Clear Screen Policy


Information Classification Policy


Policy on use of Encryption


Removal of Information Assets


Policy on Back-up and Restoration