YWBN Data Protection and Personal Data Protection Policy
Table of Contents
The guiding principle behind this policy is with regards to contemporary communication channels such as the Internet, intranets and email play an essential part in accessing and exchanging information. This allows for faster and more effective communication than in the past.
The Young Women in Business Network Co-operative Financial Institution (“YWBN CFI”) strives to protect the personal rights of any individual/group whose personal data it processes – including its employees, members, suppliers and other contractual partners or interested persons.
In this context, YWBN CFI has drafted and accepted the following principles that relates to data protection and personal data privacy to ensure compliance with the Protection of Personal Information Act No. 4 of 2013.
These principles have the objective of defining security standards for processing, storing and transferring personal data within YWBN CFI in order to ensure adequate protection of personal rights of the affected data subjects
These principles govern all data privacy issues. It applies to the processing of the personal data of any individual/group whose personal data are processed within YWBN CFI, including employees, members, suppliers, other contractual partners, interested persons and other parties
Consent is any freely given, informed declaration by the data subject that he/she accepts the processing of his/her personal data.
Data protection/privacy is the sum of all actions taken to protect the personal rights of data subjects when handling their personal data.
Data subjects are all members whose personal data are processed within YWBN CFI, including current, future and former employees, members, suppliers and other contractual partners or interested persons.
Personal data are any information relating to an identified or identifiable individual/group. An individual/group is identifiable if he/she/it can be directly or indirectly identified.
Processing of personal data is any operation performed in respect of personal data – such as collection, receipt, recording, storage, updating, modification, alteration, retrieval, use, transmission or deletion. This definition will also apply to the word “processed” when used in this context.
Transfer of personal data is the forwarding of personal data, its distribution or all other forms of transfer to third parties. This definition also applies to the words “transferred” and “transferring” when used in this context.
- Permissibility of Data Processing
The processing of personal data is permitted only if the data subject has consented thereto.
- Consent shall be declared whereby the data subject must be informed in advance about the purpose of such processing of personal data and the possible transfer of personal data to third parties. The declaration of consent must be highlighted when included as part of other statements so as to be clear to the data subject.
- Intended Purpose
Personal data may only be collected for specified, explicit and legitimate purposes and may not be further processed contrary to such intended purpose.
- Further Processing of Data
Data transferred from one division within YWBN CFI to another division is in accordance with the purpose for which the data was collected and is considered as further processing and storing of this data.
- Data Quality
Personal data must be factually correct and, as far as necessary, up-to-date. Appropriate and reasonable measures should be undertaken to correct or delete incorrect or incomplete data.
- Confidentiality of Data Processing
Only authorised staff is allowed to be involved in the processing of personal data. It is prohibited for them to use such data for their own private purposes or to make it accessible to any unauthorised entity. Unauthorised in this context also means the use of personal data by employees who do not need access to such data to fulfil their employment duties.
- Data Security
YWBN CFI shall implement appropriate organisational measures to ensure the necessary data security. These measures refer in particular to computers (servers), networks and communication links.
YWBN CFI network administration seeks to promote a level of security and privacy. Thus users should be aware that the data they create on the corporate system remain the property of the YWBN CFI. All work-related documents must be saved in the “user personal drive” folder that is linked to the network server in order to ensure that the content is part of the backup procedure that runs every evening. For security and network maintenance purposes, authorised individuals (IT technicians) within YWBN CFI will monitor equipment, systems and network traffic at any time.
- Computer Equipment
All email facilities are provided for business purposes only. All user activity on the Intranet and internet is subject to logging codes.
Laptops, tablets and mobile phones are the main repositories of information and every reasonable precaution must be taken to prevent their unauthorised use.
All computer equipment is the property of YWBN CFI and is password protected. It is recommended that passwords are changed on a regular basis. Passwords are not to be communicated to anybody, for whatever reason.
If one of the above devices are stolen or lost, it is automatically assumed that the device has been compromised. The IT Department needs to be informed to be able to disable any access to the system. Within 24 hours, a report must be submitted to the Managing Director describing the stolen equipment, the circumstances of it being stolen and the precautions that had or had not been taken. In the case of a mobile phone, the service provider needs to be informed to be able to disable the “SIM” card and blacklist the phone to prevent any further use.
- Information Right
Each data subject, with adequate proof of identity, has the right to demand information about the type of personal data concerning him/her/it that is processed by the YWBN CFI. This information should be provided to the data subject. The data subject may address any such application for information to the office.
- Correction Claim
If the stored personal data are incorrect or incomplete, the data subject may require correction. Data subjects are responsible for providing only correct personal data to YWBN CFI. In addition, data subjects shall inform YWBN CFI of any relevant changes (e.g. changes of address or name).
- Implementation within the YWBN CFI
The managers of the different divisions within YWBN CFI are responsible to ensure that this Policy is implemented, which includes in particular providing information to the employees in their division.