Define the principles and practices to follow in protecting Personal Information (PI) including ensuring the accuracy, confidentiality, and availability of PI, and allowing our employees, clients, customers, and partners to request access to and enable correction of their PI.
Date: 19/12/2022
Version 1
CLASSIFICATION: Restricted
1. Purpose and Scope
PURPOSE – The purpose of this policy is to define the principles and practices to follow in protecting all PI. Our commitment includes ensuring the accuracy, confidentiality, and availability of PI and allowing our employees’, clients’, customers’, and partners to request access to enable correction of their PI.
SCOPE – This policy is applicable to all systems, information processing facilities and personnel, as well as all third-party personnel within the scope of Ducis Services Ltd’s Information Security Management System.
2. Data Privacy Policy
2.1 Introduction
Ducis Services Ltd is committed to providing its employees, clients, customers, and partners with exceptional service. We collect, use and disclose Personal Information (PI) about our employees, clients, customers, and partners which makes protecting their PI a key priority.
In the course of its business, it is necessary for Ducis Services Ltd to record, store, process, transmit, and otherwise handle Confidential and or PI (generally referred to as ‘Processed’).
Ducis Services Ltd takes these activities seriously and provides fair and secure systems for the appropriate handling of Information. All such activities at Ducis Services Ltd are intended to be consistent with both generally accepted privacy ethics, standard business practices, and the relevant legal and regulatory requirements i.e., General Data Protection Regulation (GDPR).
2.2 Privacy by Design and by Default
The Principles of Privacy and Design and by default shall be applied as governing principles:
The principles of privacy by design are:
Privacy by default dictates that Ducis Services Ltd does not process more PI than is strictly necessary, even where the PI principal might, for instance, be able to increase the scope of the processing. This applies equally to the amount of personal data collected, the extent of the processing, and the period of storage
2.3 Data Privacy Principles
The following Data Privacy principles shall be applied:
2.4 Collecting PI
2.5 Disclosure of Information
2.6 Appropriate Handling of Information
3. Enforcement and Violations
ENFORCEMENT – All divisions & employees of the organization must comply with the requirements of this policy. Management is responsible for ensuring that the policy is implemented within its area of responsibility.
Ducis Services Ltd expects all users to comply with the terms of this policy and all other policies, procedures, guidelines, and standards published in its support.
VIOLATIONS – Violations of this policy shall result in disciplinary action / legal ramifications by the organization. Disciplinary action will be consistent with the severity of the incident as determined by an investigation and as deemed appropriate by Management and HR.
Compliance with this policy will be reviewed by the organization’s Internal Audit Team.
All Right Reserved by Sirius Support 2023.