ASKGALORE DIGITAL IT SECURITY POLICY
1. PRIVACY PRINCIPLES
Askgalore Digital will handle Personal Data in accordance with the following principles. Askgalore Digital ensures that its business partners and vendors comply with the principles of this Policy and applicable legal and regulatory compliance standards through appropriate contractual agreements.
- Lawfulness of Processing
Askgalore Digital will collect, store, process, use, share, transfer, analyze or otherwise handle (“Process” or “Processing”) Personal Data in accordance with applicable legal requirements for legitimate business or compliance purposes or if individuals have provided consent to the Processing or any relevant basis as defined by the applicable laws or regulations.
- Limit Collection and processing
Askgalore Digital will limit the Processing of Personal Data in terms of scope and duration, as is necessary for the intended purpose.
In accordance with applicable legal requirements, Askgalore Digital will provide information to individuals that explain the scope and purpose of Processing, and whom to contact to seek clarifications about privacy or data protection.
Askgalore Digital will take all necessary measures, as required by applicable laws and regulations, to ensure that Personal Data processed are accurate for the intended purpose. Any inaccurate personal data, in the context of the purposes for which they are processed, will either be erased or rectified without delay. Accuracy of data may be subject to the data subject’s duty to notify and/or utilize the options as outlined in Privacy Notices.
- Security and Confidentiality
Askgalore Digital aims to protect the security and confidentiality of individuals’ Personal Data and implement physical, technical, and organizational measures against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access. Askgalore Digital will ensure measures are appropriate to the risks represented by the Processing it carries out and the nature of those Personal Data.
- Privacy by Design
Askgalore Digital incorporates the principles of Privacy by Design into all of its personal data processes executed using digital systems, technologies, or manually. By default, privacy requirements are embedded into every standard, protocol, and process followed by Askgalore Digital.
Askgalore Digital discloses, when required/asked, personal data to third parties only for the purposes identified in the privacy notice, with the consent of the individual, or as required for lawful purposes. Third parties refer to public authorities, Law Enforcement Agencies, and similar authorities.
2. DATA SUBJECT RIGHTS
In accordance with applicable legal requirements, Askgalore Digital will provide the opportunity to exercise data subject rights, which are available to the individuals in the context of their engagement with Askgalore Digital. Such rights may include the right to request access to their Personal Data, to correct inaccurate or incomplete Personal Data or to object to the Processing of their Personal Data. Each Data Subject Request is validated and tracked to closure. As per the applicable law, and the engagement of data subjects with Askgalore Digital, there might be other rights available such as right to be forgotten, right to withdraw consent, right to data portability, etc. Askgalore Digital will ensure its compliance and deploy all required measures to help data subjects exercise their rights granted.
3. INTERNATIONAL DATA TRANSFERS
Askglore Digital operates on a global level and from time to time it may be required to transfer Personal Data across countries. Askgalore Digital recognizes that Personal Data needs to be treated with care, including data transfer to countries, which may not have adequate data protection laws. If Askgalore Digital transfers Personal Data to such countries, it will protect these Personal Data as set out in this Policy and in accordance with the requirements of applicable law.
4. DATA RETENTION
Askgalore Digital will observe retention policies and procedures so that it deletes Personal Data after a reasonable time and the purposes are met. The exception applies if in the context of those purposes, it is necessary to keep the Personal Data indefinitely, or the law requires the Personal Data to be kept for a certain time. When Askgalore Digital no longer needs to keep Personal Data for the purposes, for which they are held, it will delete them as soon as practicable.
5. JURISDICTION-SPECIFIC REQUIREMENTS AND IMPLEMENTATION
National data protection and privacy laws may impose additional requirements on Askgalore Digital for the Processing of Personal Data. Where required, Askgalore Digital will establish procedures and guidelines in order to supplement the principles of this Policy and engage with relevant regulatory/ supervisory authority, as required.
6. PRIVACY ORGANIZATION AND CONTACT
Askgalore Digital also appoints Data Protection Officers (or comparable function), where required by applicable laws. The privacy function is also responsible for deploying training and awareness programs and supporting the implementation of privacy principles into business operations and processes.
7. DATA BREACH REPORTING
All known or suspected incidents involving Personal Data must be reported immediately upon discovery. This includes incidents notified toAskgalore Digital from any Askgalore Digital associate, client, third party service provider, or another business partner. Askgalore Digital will provide education and awareness to its workforce regarding the procedures for reporting a suspected or confirmed incident. Each incident is investigated and tracked to closure.
Askgalore Digital has internal arrangements in place to ensure compliance with this Policy, to allow the effective exercise of individuals’ rights set out in this Policy and under applicable law, and to deal with any concerns from individuals that Askgalore Digital may not have complied with the Policy and/or applicable law.
9. CHANGES TO THE POLICY
Askgalore Digital may update this Policy from time to time and without prior notice to individuals to reflect changes in law or privacy practices.