/
Privacy Policy

Privacy Policy

Owned by Jan Tenenberg
02 Aug 2024
3 min read

Privacy Policy

1. Introduction

This Privacy Policy outlines our commitment to protecting the privacy and security of personal information in accordance with ISO 27001 standards. We recognize the importance of safeguarding the confidentiality, integrity, and availability of personal data and are committed to ensuring compliance with applicable data protection regulations.

2. Scope

This policy applies to all employees, contractors, and third parties who have access to personal information controlled or processed by our organization. It covers all data processing activities, including the collection, storage, use, transfer, and disposal of personal information.

3. Definitions

  • Personal Information: Any information relating to an identified or identifiable individual.

  • Data Subject: An individual whose personal information is processed by our organization.

  • Processing: Any operation performed on personal data, including collection, recording, organization, storage, modification, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

4. Data Collection

We collect personal information only for specified, explicit, and legitimate purposes. The types of personal information we may collect include, but are not limited to:

  • Contact details (e.g., name, address, phone number, email)

  • Identification numbers (e.g., national ID, social security number)

  • Financial information (e.g., bank account details, payment information)

  • Employment details (e.g., job title, employment history)

  • Other relevant information as required for business operations

5. Data Use

Personal information will be processed lawfully, fairly, and in a transparent manner. We will only use personal information for the purposes for which it was collected, unless we obtain the individual's consent or as otherwise required or permitted by law.

6. Data Retention

Personal information will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We will establish retention periods and procedures to ensure data is securely disposed of when no longer needed.

7. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Access controls to limit access to personal information to authorized personnel only

  • Encryption of personal information during transmission and storage

  • Regular security assessments and audits to identify and address vulnerabilities

  • Incident response procedures to manage and mitigate the impact of data breaches

8. Data Subject Rights

Data subjects have the following rights regarding their personal information:

  • Right to Access: Individuals can request access to their personal information held by us.

  • Right to Rectification: Individuals can request correction of inaccurate or incomplete personal information.

  • Right to Erasure: Individuals can request deletion of their personal information under certain conditions.

  • Right to Restriction of Processing: Individuals can request restriction of processing under certain circumstances.

  • Right to Data Portability: Individuals can request to receive their personal information in a structured, commonly used, and machine-readable format.

  • Right to Object: Individuals can object to the processing of their personal information under certain conditions.

9. Third-Party Disclosures

We may share personal information with third parties only when necessary for business operations or as required by law. We will ensure that third parties adhere to appropriate data protection standards and only process personal information in accordance with our instructions.

10. Data Breach Response

In the event of a data breach, we will promptly take steps to mitigate the impact, including:

  • Identifying and containing the breach

  • Assessing the risks associated with the breach

  • Notifying affected individuals and relevant authorities as required by law

  • Implementing measures to prevent future breaches

11. Compliance and Monitoring

We will regularly review and update this policy to ensure compliance with applicable data protection regulations and ISO 27001 standards. Internal audits and assessments will be conducted to monitor adherence to this policy and identify areas for improvement.

13. Changes to this Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be communicated through appropriate channels and will become effective immediately upon posting.

This Privacy Policy is designed to be comprehensive and compliant with ISO 27001 standards. It ensures that personal data is handled securely and transparently, respecting the rights of data subjects and maintaining the trust of all stakeholders.

Related content

Acceptable Use Policy
Acceptable Use Policy
Vertic Quality Management System (VQMS)
More like this
Access Control Policy
Access Control Policy
Vertic Quality Management System (VQMS)
More like this
Internet Acceptable Use Policy
Internet Acceptable Use Policy
Vertic Quality Management System (VQMS)
More like this
Information Security Policy
Information Security Policy
Vertic Quality Management System (VQMS)
More like this
Executive Support Letter
Executive Support Letter
Vertic Quality Management System (VQMS)
More like this
User Access Management Process
User Access Management Process
Vertic Quality Management System (VQMS)
More like this