Data Protection Policy
Policy brief & purpose
This Data Protection Policy (the “Policy”) refers to CEGsoft's (the “Company”) commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this Policy, we ensure that we gather, store, and handle data fairly, transparently and with respect towards individual rights.
This Policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of Information, as defined herein, to us.
Who is covered under the Policy?
Employees of our Company and its subsidiaries must follow this Policy. Contractors, consultants, partners, and any other external entity that gathers, stores, and/or handles Information for the Company are also covered. Generally, our Policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to the Information we collect, handle, and store.
As part of our operations, we need to obtain and process the Information we receive. This Information includes any offline or online data that makes a person identifiable such as names, addresses, tax group or corporate network, age, email address, etc. (collectively referred to as, the “Information”).
Our Company collects this Information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this Information is available to us, the following rules apply.
Our Information will be:
• Used accurately for the purpose it was gathered;
• Kept up to date as reasonably possible;
• Stored until no longer needed for the purpose it was collected;
• Collected fairly and for lawful purposes only;
• Processed by the Company within its legal and moral boundaries; and
• Protected against any unauthorized or illegal access by internal or external parties.
Our Information will not be:
• Transferred to organizations, states or countries that do not have adequate data protection policies;
• In addition to ways of handling the Information, the Company has direct obligations towards people to whom the Information belongs. Specifically we will:
◦ Let people know which of their Information is collected;
◦ Inform people about how we’ll process their Information;
◦ Inform people about who has access to their Information;
◦ Have provisions in cases of lost, corrupted or compromised Information; and
◦ Allow people to request that we modify, erase, reduce or correct, within a reasonable time period, Information contained in our databases.
• Notwithstanding the above, Information may need to be released to entities outside of the Company. When a legitimate business reason exists for releasing Information, a written Nondisclosure Agreement (NDA), requiring the Information recipient’s agreement to maintain that Information in confidence and restrict its use and dissemination, must be obtained before disclosing the Information.
To exercise Information protection we’re committed to:
• Restrict and monitor access to sensitive Information;
• Develop transparent Information collection procedures;
• Train employees in online privacy and security measures;
• Build secure networks to protect online data from cyberattacks;
• Establish clear procedures for reporting privacy breaches or Information misuse;
• Establish Information protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.); and
• Our Information protection provisions will appear on our website.
All principles described in this Policy must be strictly followed. A breach of this Policy will invoke disciplinary and possibly legal action by the Company against any person and/or entity that has caused the breach.