Data/Personal Information Protection

  1. Employees agree to process personal data in accordance with the following mandatory data-protection principles:

    1. Personal information shall be held for specific lawful purposes and not be used or disclosed in a way incompatible with the purpose(s)
    2. Personal information must be obtained and processed fairly and lawfully
    3. Personal information must be adequate, relevant and not excessive for the purpose(s)
    4. Personal information must not be kept longer than necessary
    5. Personal information may not be transferred to a third party unless certain safeguards are in place and the Employer has agreed in writing to such transfer
    6. Personal information in manual and digital format should be protected
    7. Personal information gathered through video surveillance should also be protected:
      1. Photographs of individuals should not be displayed in departments, used in teaching material, promotional material, prospectuses, etc., displayed on websites, or in any other way made public without the permission of the individual(s) concerned
  2. Protection of manual data/ personal information:

    1. Manual data/ personal information should be held in filing cabinets, locked cupboards or rooms with access restricted to named individuals or categories of individuals
    2. All cabinets shall either be locked with a key or stored in an office that can be locked
    3. No public access shall be allowed to any area or room where data is stored or can be accessed
    4. Reasonable steps should be taken to detect and prevent unauthorised access

Correction/Blocking and Erasure of Data

  1. Employees may not correct, erase or block data processed in the execution of the mandate except on the instructions of an authorised person
  2. In the event that the data subject approaches the employee directly with a request for the correction or erasure of his/her data, such employee shall immediately pass the request on to the rest of the Employer

Transmission Control

  1. Due to the nature of business of the Employer, the employees shall from time to time obtain/compile/gather/collect critical, confidential and sensitive or personal data about their clients
  2. The employees shall, as the responsible party under data protection legislation, collect, store and process such data insofar as it is necessary to conduct the Company’s business
  3. Accordingly, the parties wish to regulate control over, access to and protection of such data once the employees become aware of it
  4. The employees agree to co-operate in the case of all reasonable enquiries made by the Employer or the relevant authority regarding the processing of personal information
  5. The Employer shall inform the data subject immediately once the security has been breached or any data has been damaged or leaked
  6. The Employer implements the following measures for the protection of personal data during electronic transmission or transport or communication of data:
    1. VPN channels
    2. Firewall
    3. Access via encrypted connections
  7. Data is stored and transported physically in such a way that the risk of theft, loss or damage is confined to a minimum. Rules define the protection of data media with regard to:
    1. storage
    2. issue
    3. transport (virtual and physical)
    4. release for the execution of transport
  8. Employees shall not use the data for any other purposes and, in particular, are not entitled to pass it on to third parties
  9. No copies or duplicates shall be made without the knowledge of the Employer:
    1. Exceptions in this respect include backup copies, insofar as these are required to ensure proper data processing and data required for the observation of statutory storage obligations