Data Protection Policy

know more about us

Data Protection Policy

 

Definitions

Company :means Pannash.org
GDPR : means the General Data Protection Regulation.
Responsible Person : means [insert name of person responsible for data protection within the Company].
Register of Systems : means a register of all systems or contexts in which personal data is processed by the Company.

 

1. Purpose, Scope, Users

For Beyond Technologies, hereinafter referred to as “BT”, strives to comply with applicable laws and regulations related to Personal Data protection in countries where the company operates. This policy sets forth the basic principles by which BT processes the personal data of customers, suppliers, business partners, employees and other individuals, and indicates the responsibilities of its business departments and employees while processing personal data.

This policy applies to BT and its directly or indirectly controlled wholly-owned subsidiaries conducting business within the European Economic Area (EEA) or processing the personal data of data subjects within EEA.

Specifically:

  • Where BT are a controller of personal data (“Data Controller”), this Policy applies to all personal data BT stores and processes about our clients, prospective clients, employees, associates and other third parties
  • This Policy also applies to all personal data our clients store within the BT solutions. For this personal data BT are the processor (“Data Processor”).

2. Background

Data is at the core of our business, and so we make every effort to be in full compliance with every applicable regulation or directive in relation to the way personal data is stored and processed.

When storing and processing personal data, BT respects and will fulfil individuals’ reasonable expectations of privacy. BT will do so by following recognized data protection processing principles.

Any breach of this Policy will be taken seriously and may result in disciplinary action or business sanction.

The users of this document are all employees, permanent or temporary, and all contractors working on behalf of BT.

3. Policy Document Management

Any breach of this Policy will be taken seriously and may result in disciplinary action or business sanction.

Distribution

This is an internal document and should only be shared with employees at BT and intended parties determined by the ISO/DPO

Enforcement

All employees, stakeholders and third party vendors having access to information and information systems of BT shall comply with the BT Information Security and Data Protection Policies. Such personnel should be required to execute an agreement with BT agreeing to abide by the Policy.

Exceptions

Approval for exceptions or deviations from the policies, wherever warranted, will be provided only after an appropriate assessment of the risks arising out of providing the exception. This assessment will be conducted by the Information Security Steering Committee (ISSC).

Exceptions will be agreed on a case-by-case basis, upon an official request made by the information asset owner or the user. These may arise, for example, because of local circumstances, conditions, practical limitations or legal reason existing at any point of time. All exceptions must be submitted to the ISSC.

Approval for the exception will be provided by ISSC. The ISO/DPO will review all exceptions, as the case may be, every year for validity and continuity.

Version History Control

It is the responsibility of Data Protection Policy holders to ensure that additions and amendments are inserted into the ISMS Manual whenever change occurs and the copies of superseded policies, procedures or documents are discarded.

Master copies of superseded documents are secured by the ISO/DPO as archive for future reference.

Personal Data Protection Policy Review

he Personal Data Protection Policy and all the policies will be reviewed once in a year or as per the requirement arises in the organizational structure or roles and responsibilities of the ISMS are affected. Review shall incorporate changes in business objectives or the risk environment.

4. Scope

Scope of Personal Data Protection Policy will be BT and its subsidiaries and parent company.

5. Definitions

The following definitions of terms used in this document are drawn from Article 4 of the European Union’s General Data Protection Regulation:

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to an individual. Sensitive personal data is data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject>’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.