Deris Attorney-at-Law-Partnership hereafter the company is committed to conduct operations in compliance with laws and regulations on data protection. This Policy sets forth the principles that are followed by the company to protect the personal data and privacy of its clients, business partners, employees and any other stakeholders.
In this Policy, the term Personal Data means any information concerning an identified or identifiable individual (the Individual), in particular name, address, e-mail address, date of birth, etc., whereas the expression Process or Processing denotes the collection, transfer, use, disclosure, retention, erasure and any other operation which is performed on Personal Data.
This Policy applies to all employees of the company and those who have permanent and regular access to Personal Data, or who are involved in the collection of Personal Data or in the development of tools used to Process Personal Data (Staff).
The company commits to the following privacy principles when Processing Personal Data:
We give fair and transparent notice when collecting Personal Data
When Personal Data is collected, the Individual shall be given fair notice, providing relevant information such as who we are, the categories of Personal Data collected, the purpose(s) of collection and the Individual’s data protection rights.
We only Process Personal Data for specific and legitimate business purposes
Personal Data shall only be Processed for a specific and legitimate business purpose and/or to meet a local regulatory or legal requirement. We will, in particular, only Process Personal Data that is adequate, relevant and limited to what is necessary for the purpose for which it is collected and used.
We Process Personal Data fairly and lawfully
Personal Data shall only be Processed (i) based on the Individual’s consent given in a clear, freely granted and informed manner and/or to the extent necessary (ii) for the performance of a contract, (iii) to comply with a legal requirement or (iv) for a legitimate interest of the company, a third party or the Individual herself/himself.
We manage Personal Data properly
Reasonable steps shall be taken to ensure that Personal Data is accurate, up-to-date in view of the purposes of the Processing and retained for only so long as appropriate for the purpose for which it was collected, unless applicable laws and regulations provide for a longer retention period.
We protect Personal Data against unauthorized and unlawful Processing and damage
Appropriate technical and organisational measures shall be taken against unauthorised Processing and/or accidental loss, destruction, alteration and misuse of Personal Data.
We take adequate safeguards when Personal Data is Processed by third parties
Before Personal Data is shared with third parties (namely licensees, service providers, contractors and distributors) and/or transferred to other countries (including through remote access), it shall be ensured that the recipient provides an adequate level of Personal Data protection as required by the laws and regulations that are applicable to the company.
We Process sensitive Personal Data with additional care
The Processing of Personal Data relating to religious, political or trade union-related views or activities as well as Personal Data on health, the intimate sphere, the racial origin, social security measures, administrative or criminal offences, proceedings or sanctions is subject to additional safeguards and shall only be permissible if required for compliance with applicable laws or regulations, or expressly consented by the Individual.
We respect the rights of Individuals and treat their requests appropriately
Upon request from the Individual, within the statutory deadline, (i) access shall be given to the Personal Data on her/him that is held by the company and (ii) said Personal Data shall be rectified, erased or blocked, unless applicable laws and regulations permit the company to refuse or only partially comply with the request.
Compliance and Support
Each Staff shall comply with this Policy, watch out for, and immediately report, any potential or observed breach of this Policy or applicable data protection laws and regulations to the Data Protection Team. This is important to enable the company to properly react and defend itself against data breaches, and to comply with legal reporting obligations concerning such breaches.
Failure to comply with this Policy may result in employee corrective action, including termination of employment.
The company shall ensure that adequate resource is provided to maintain compliance with this Policy. This includes ensuring appropriate senior management responsibility and oversight of this Policy.
Roles and Responsibilities
The board of directors of the company shall have the ultimate responsibility for establishing, safeguarding and reviewing the principles set out in this Policy.
The designated managers of the company are the owners of the Processing activities within this entity.
The Data Protection Team shall in particular coordinate compliance with this Policy and applicable laws, including handling Individuals’ requests, as well as cooperate with the local supervisory authorities.