Data Security Policy is a set of guidelines a website follows to protect the sensitive information it collects, processes, and stores. It includes data collection and usage, storage, access controls, transmission, retention, security, incident response, compliance, training, and updates. A clear and comprehensive Data Security Policy is crucial for building trust with users and demonstrating a commitment to protecting their privacy and sensitive information.
This Policy explains how AttestDesign Ltd. handles personal information for customers, suppliers, employees, workers, and other third parties. It applies to all personal data we process, regardless of how it is stored or whether it comes from current or past employees, workers, customers, clients, supplier contacts, shareholders, website users, or any other Data Subject.
This Policy is for all Company Personnel, who must read and follow it when they handle personal data on our behalf. The Data Protection Manager (DPM) will provide training on this Policy, which sets out what we expect you to comply with the law. You must comply with this Policy; any breach may lead to disciplinary action.
In this Policy, the following terms have these meanings:
- Company Personnel include everyone who works for the company, including employees, contractors, agency workers, consultants, and directors.
- Consent: agreement that is freely given, specific, informed, and an unambiguous indication of the Data Subject's wishes.
- Data Controller: the person who decides when, why, and how to process personal data.
- Data Subject: a living, identified, or identifiable individual about whom we hold personal data.
- EEA: the 27 countries in the EU, the United Kingdom, Iceland, Liechtenstein, and Norway.
- Explicit Consent: consent that requires a clear and specific statement.
- GDPR: the General Data Protection Regulation ((EU) 2016/679).
- Personal Data: any information that identifies a data subject or information relating to a data subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access.
- Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity, or availability of personal data.
- Processing or Process: any activity involving personal data use.
- Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms.
- Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal data relating to criminal offenses and convictions.
To ensure compliance with GDPR, the following guidelines must be followed:
The Data Controller must implement technical and organizational measures to comply with data protection principles and must be able to demonstrate compliance. The company has put in place resources and controls to ensure GDPR compliance, including integrating data protection into internal documents, conducting regular training sessions for personnel, testing privacy measures, and conducting periodic reviews and audits.
Accurate records must be maintained to reflect our processing, including records of Data Subjects’ Consents and procedures for obtaining Consent.
Adequate training must be provided to Company Personnel to enable them to comply with data privacy laws. Systems and processes will be regularly tested to assess compliance.
Electronic direct marketing requires Prior Consent of a Data Subject. The right to object to direct marketing must be offered in an intelligible manner, and data must be suppressed as soon as possible if a customer opts out.
Personal Data can only be shared with third parties if certain safeguards and contractual arrangements are implemented. The transfer must comply with any applicable cross-border transfer restrictions, and GDPR-approved third-party clauses must be utilized.
This policy applies to everyone who works for the company and the personal data we manage. We know that handling personal data correctly and lawfully is essential for our business. We take our responsibility to protect the confidentiality and integrity of Personal Data seriously at all times.
All AttestDesign Ltd. employees must ensure that all Company Personnel comply with this Policy and take appropriate measures to protect Personal Data.
For questions or more information on our Data Security Policy, please contact us at info@attestdesign.com