JS Group Data Protection Policy
Policy brief and Purpose
JS Data Protection Policy refers to our commitment to treat information of our employees, principals, customers, stakeholders and other interested parties with utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with due respect towards individual rights.
Scope
This policy refers to all parties (employees, principals, customers, suppliers, vendors etc) who share any amount of information to us.
Employees of this organization must follow this policy. Contractors, Consultants, Partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
Policy Elements
As part of our Operations, we need to obtain and process information. This information includes any online or offline data that makes a person identifiable such as names, addresses, usernames and passwords, photographs, social security numbers, financial data etc.
Our company collects this information in a transparent way and only with full cooperation and knowledge of interested parties/Data Subjects. (A data subject is any person whose personal data is being collected, held or processed). Once this information is available with us, following rules apply:
Our Data will be:
- Accurate and kept up to date
- Collected fairly and for lawful purposes only
- Processed by the company within its moral boundaries
- Protected against any unauthorized or illegal access by internal or external sources
- Free from malicious activities
Our Data will not be:
- Communicated informally
- Stored for more than a specified amount of time
- Transferred to Organizations, states or countries that do not have adequate data protection policies
- Distributed to any party/source other than the ones agreed upon by Data Subjects
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
- Let people know which of their data is collected
- Inform people about how we will process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases / storage / NAS
Actions
To exercise data protection, we are committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures with fair consents and approvals
- Train employees in online privacy and security measures as per Govt. guidelines
- Firewall enabled secure networks to protect online data from any cyberattacks / ransomware
- Establish clear procedures for reporting privacy breaches or data misuse
- Establish data protection practices (Data Encryption, Two-way authentications, Access authorization, privacy by design and default, frequent backups)
Responsibilities
Everyone who works for or with JS Group has some responsibility for ensuring that data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy.
However, these people have key areas of responsibilities:
- Directors are responsible for ensuring that JS Groups meets its obligations.
- Legal Team would have responsibility to check and approve any contract or agreement with third parties that may handle company’s sensitive data.
- Legal Team would also look into Legal implications.
- IT Manager/IT Team is responsible for:
- Keeping management updated about data protection responsibilities, risks and issues
- Reviewing all data protection procedures in line with an agreed schedule
- Arranging data protection training and advice for the people covered by this policy
- Handling Data Protection questions from employees covered by this policy
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards
- Performing regular checks to ensure security software and hardware is functioning properly
- Evaluating any third-party services the company is considering using to store or process the data. For instance, cloud computing services
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary action.