Policy purpose and scope
Our company Data Protection Policy describes our commitment to gather, store, and handle information at all times in a lawful and ethical manner, with appropriate care and confidentiality.
Employees, consultants, contractors, partners, and service providers of our company must follow this policy.
As part of our operations, we need to obtain and process non-public information for our own organization and for our customers. This information may include offline or online data that makes a person identifiable such as names, email addresses, usernames and passwords, digital footprints, postal addresses, photographs, social security numbers, financial data, etc. It may also include confidential customer information.
Data in our possession will be:
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against unauthorized access by internal or external parties
Data in our possession will not be:
- Communicated contrary to this policy
- Transferred to individuals, organizations, states, or countries that do not have adequate data protection policies
- Distributed to any party other than the ones agreed upon by the data’s owner, exempting legitimate requests from law enforcement authorities
The company also has direct obligations towards people to whom the data in our possession belongs. We must:
- Have provisions in cases of lost, corrupted, or compromised data
- Allow people to request that we modify, erase, reduce, or correct data we hold about them
- Rigorously respect all NDAs we have with our customers
To exercise data protection we are committed to:
- Carefully restrict and monitor access to sensitive data
- Secure computer systems and networks, using as appropriate encryption, network segmentation, automated backups, etc.
- Handle data appropriately in our physical facilities, using locked storage, document shredding, etc.
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses and communicate data is to be handled
- Train employees in online privacy and security measures
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
Last updated: 2021-02-11