Data Handling Policy
1. Introduction
DataAutomation is dedicated to the secure and responsible handling of data entrusted to us by our clients. This Data Handling Policy outlines our commitment to ensuring the confidentiality, integrity, and lawful processing of data in compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).
2. Scope
This policy applies to all individuals and entities affiliated with DataAutomation, including employees, contractors, consultants, partners, and third parties who handle data on our behalf. It encompasses all data processing activities conducted by DataAutomation, both internally and externally.
3. Policy Elements
DataAutomation acknowledges the importance of data transparency, security, and privacy. Our policy includes the following elements:
– Data Transparency and Consent: We are transparent about the data we collect and obtain consent from individuals for processing their data.
– Data Security Measures: We implement robust technical and organizational measures to safeguard data against unauthorized access, ensuring confidentiality and integrity.
– Incident Response and Breach Notification: We maintain an incident response plan to detect, assess, and respond to security incidents or data breaches promptly. We notify affected parties in accordance with legal requirements and internal procedures.
– Data Retention and Disposal: Data is retained only for as long as necessary and securely disposed of when no longer needed, using irreversible methods.
– Data Protection Impact Assessments (DPIAs): We conduct DPIAs to identify and mitigate risks associated with data processing activities, ensuring compliance with requirements.
– Training and Awareness Programs: We provide regular training to employees on data protection laws, security best practices, and incident response procedures to enhance awareness and skills.
– Continuous Improvement and Review: We continuously review and enhance our data handling practices to remain effective and compliant with legal requirements, incorporating feedback from stakeholders.
– Compliance Monitoring and Enforcement: Compliance with this policy is monitored through audits, assessments, and reviews. Violations are promptly investigated, and appropriate disciplinary action is taken.
– Data Protection Officer (DPO): We have a DPO responsible for overseeing compliance with data protection laws, acting as the primary point of contact for inquiries and concerns.
4. Data Collection and Storage
– DataAutomation acts as a pass-through entity and does not retain data longer than necessary to fulfill the purpose for which it was collected.
– Data is collected transparently and with the full cooperation and knowledge of our customers. It is stored securely in Amazon Web Services (AWS) data centers, utilizing encryption and access controls.
5. Data Usage and Sharing
– Data provided to DataAutomation by clients is used solely for the purposes specified in contractual agreements. We never sell or use data for any reason other than that specifically contracted by the client.
– Prior to sharing data with third parties, appropriate data processing agreements are in place to maintain confidentiality and security.
6. Security Measures
– All employees are required to use Two-Factor Authentication (2FA) for accessing systems and platforms. VPNs are mandatory for remote access, and regular antivirus screenings are conducted.
– DataAutomation undergoes regular audits by Deloitte to assess and verify compliance with data protection laws and industry best practices.
7. Data Subject Rights
– Data subjects have the right to access, rectify, or erase their personal data held by DataAutomation. Requests are handled promptly and in accordance with applicable laws.
8. Conclusion
DataAutomation is committed to upholding the highest standards of data protection and privacy. By adhering to this policy, we aim to maintain trust and confidence among our clients, employees, and stakeholders while ensuring compliance with legal and regulatory requirements.
Date of Last Revision: 5/1/2024
Contact Information:
For inquiries or concerns regarding this Data Handling Policy, please contact:
Data Protection Officer
Email: dpo@dataautomation.com