1. Purpose
The purpose of this policy is to establish guidelines for the collection, use, and exchange of employee data within Netro42 Limited. This policy aims to ensure the confidentiality, integrity, and security of employee information in compliance with applicable data protection laws.
2. Scope
This policy applies to all employees, contractors, and third parties who have access to employee data in any format within the organisation.
3. Data Collection and Use
3.1. Consent: Netro42 will obtain explicit consent from employees before collecting and processing their personal data.
3.2. Data Minimisation: Only relevant and necessary employee data will be collected for legitimate business purposes.
3.3. Purpose Limitation: Employee data will be used only for the purposes specified at the time of collection, unless additional consent is obtained.
4. Data Security
4.1. Access Controls: Access to employee data will be restricted to authorized personnel based on their job responsibilities.
4.2. Data Encryption: Employee data in transit and at rest will be encrypted to prevent unauthorized access.
4.3. Data Retention: Employee data will be retained only for the duration necessary for the intended purpose and in compliance with legal requirements.
5. Data Sharing and Disclosure
5.1. Third-Party Vendors: Any third-party vendors handling employee data on behalf of Netro42 Ltd. will be selected based on their ability to ensure data security and compliance.
5.2. Legal Compliance: Employee data will be disclosed in compliance with applicable data protection laws and regulations.
6. Employee Rights
6.1. Access and Rectification: Employees have the right to access and rectify their personal data held by Netro42.
6.2. Data Portability: Upon request, employees will be provided with a copy of their personal data in a commonly used format.
7. Training and Awareness
All employees will receive training on data protection principles and their responsibilities under this policy.
8. Reporting Data Breaches
Any suspected or actual data breaches must be reported immediately to the Managing Director.
9. Review and Update
This policy will be reviewed regularly and updated as necessary to ensure its effectiveness and compliance with changing laws and business requirements.
10. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.
Updated: 7 February 2023