Data Protection Policy

1. Introduction

• This Data Protection Policy outlines the principles and guidelines that our organization follows to ensure the protection, confidentiality, and lawful use of personal data. We are committed to complying with applicable data protection laws and regulations to safeguard the rights and privacy of individuals whose data we process.

2. Scope

• This policy applies to all employees, contractors, and third parties who process personal data on behalf of our organization.

3. Data Collection and Processing

• Lawfulness, Fairness, and Transparency

      – We will collect and process personal data only for lawful purposes and with the knowledge and consent of the data subjects.

      – We will provide transparent information about how their data will be used.

• Purpose Limitation

      – Personal data will be collected only for specified, explicit, and legitimate purposes.

      – Data will not be processed in ways incompatible with these purposes.

• Data Minimization

       We will ensure that the personal data collected is adequate, relevant, and limited to what is necessary for the intended purpose.

4. Rights of Data Subjects

• Access, Rectification, and Erasure

      – Data subjects have the right to access, correct, or request the erasure of their personal data held by us.

• Withdrawal of Consent

      – Data subjects have the right to withdraw their consent for processing their data at any time.

• Data Portability

      – Data subjects may request their data to be provided in a machine-readable format or transferred to another data controller.

5. Data Security

• Confidentiality and Integrity

       We will implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

• Security Incident Response

       In case of a data breach or security incident, we will promptly assess and notify the relevant authorities and affected individuals as required by law.

6. Data Sharing and Transfers

• Third Parties

       Before sharing personal data with third parties, we will ensure that proper safeguards are in place to protect the data.

• International Transfers

      – When transferring personal data across international borders, we will ensure that adequate safeguards are implemented to protect the data in                              accordance with relevant regulations.

7. Data Retention

• Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws.

8. Training and Awareness

• We will provide regular training and awareness programs for employees and contractors to ensure their understanding and compliance with data protection policies and procedures.

9. Compliance Monitoring

• We will conduct periodic reviews to ensure compliance with this policy and relevant data protection laws. Non-compliance will be addressed promptly.

10. Data Protection Officer

• Our organization has appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection efforts and acting as a point of contact for data subjects and regulatory authorities.

11. Policy Review

• This Data Protection Policy will be reviewed periodically to ensure its accuracy and relevance. Changes to the policy will be communicated to relevant stakeholders.

By adhering to this policy, we demonstrate our commitment to protecting personal data and upholding the rights and privacy of individuals.