Data Policy

Read here about our Data Policy.

Data Governance and Management Policy

This policy establishes the principles and guidelines for the effective management, security, and use of data within our organization. Our goal is to ensure the integrity, availability, and confidentiality of all data assets while supporting business objectives and maintaining regulatory compliance.

1. Data Governance

We are committed to a structured approach to data governance. Data is a critical asset and must be managed responsibly throughout its lifecycle. This includes defining data ownership, establishing clear responsibilities for data management, and creating a framework for data-related decisions.

  • Data Ownership: Designated data owners are responsible for the quality, security, and appropriate use of specific datasets.
  • Roles and Responsibilities: All employees and contractors are responsible for adhering to this policy and protecting the data they handle in the course of their duties.

2. Data Security

Protecting data from unauthorized access, disclosure, alteration, and destruction is paramount. We implement a multi-layered security strategy to safeguard our data assets.

  • Access Control: Access to data is restricted on a "need-to-know" basis. User permissions are regularly reviewed and updated to ensure they align with job functions.
  • Encryption: Data will be encrypted in transit and at rest where appropriate to protect it from interception or unauthorized access.
  • Security Audits: We perform regular security audits and vulnerability assessments to identify and mitigate potential risks.

3. Data Collection and Use

Data will only be collected for legitimate business purposes and should be handled in a manner consistent with its intended use. We adhere to the principle of data minimization, which means we only collect the minimum amount of data necessary to achieve a specific purpose.

  • Legitimate Purpose: All data collection must be tied to a clear business need.
  • Data Integrity: We are responsible for maintaining the accuracy and reliability of our data. Data owners will ensure data is kept up-to-date and free from errors.

4. Data Retention and Disposal

We retain data only for as long as necessary to fulfill the purpose for which it was collected or as required by law. Once the retention period has expired, data will be securely and permanently disposed of.

  • Retention Schedules: Retention periods are defined based on business, legal, and operational requirements.
  • Secure Disposal: Data disposal methods will be employed to ensure that data is not recoverable after its retention period ends.

5. Compliance and Auditing

This policy is designed to ensure compliance with relevant legal and regulatory requirements. We conduct periodic internal audits to verify adherence to these standards.

  • Regulatory Compliance: We will comply with all applicable laws and regulations concerning data management and security.
  • Policy Review: This policy will be reviewed and updated regularly to reflect changes in technology, business practices, and legal requirements.