Digy4 Internal Data Protection Compliance Policy

Document ID:D10003

Version No: 01

Effective Date :1 December 2021

 

 

This Internal data protection compliance policy “Policy” has been made effective from 22-Nov-2021.

Introduction 

 

Intent 

 

Personal Data 

 

 

Important Terms

          Digy4 will be the Controller when;

 

 

 

         Digy4 will be the Processor when;

 

 

 

 

Data Protection/Processing Principles

The employees/stakeholders which deal with the Personal Data must abide by the following data protection principles

 

 

Data Subject Rights

 

 

 

 

 

When Digy4 is the Processor Compliance Officer will:

 

 

  1. The employee/stakeholder must prevent unauthorised persons from gaining access to data processing systems in which Personal Data are Processed.
  2. The employee/stakeholder must prevent persons entitled to use a data processing system from accessing Personal Data beyond their needs and authorisations.
  3. The employee/stakeholder must ensure that the Personal Data is protected against undesired destruction or loss.
  4. The employee/stakeholder must ensure adequate security of Personal Data and take appropriate measures against unlawful processing.
  5. The employee/stakeholder must inform his/ her supervisor/officer in charge and the Compliance Officer immediately after being aware of any violation of this Policy.

 

Data Breach Reporting

 

 

 

Contents of data breach notification-

Personal Data Breach Records

Roles and Responsibilities of Compliance Officer 

 

Access and Correction 

Sr. No    Location    Response Timelines

1    Canada    30 days

2    Europe    30 days

3    UK    30 days

 

Sub Processor

 

Penalty 

 

Schedule A

Canadian Privacy Principles

Introduction 

Canadian Privacy Principles

 

For more details or any clarifications on the Canadian Privacy Laws please visit https://www.priv.gc.ca/en

 

 

 

Contents of Data breach notification. 

 

Requirements under Canada’s Anti-Spam Law (“CASL”)

Applicability of CASL

 

Requirements under CASL

 

 

Contents of the message

 

 

Unsubscribe mechanism

 

Withdrawal of Consent

Additional precautions under CASL