PRIVACY POLICY
DATA PROTECTION AND PRIVACY POLICY
PURPOSE.
SCOPE.
DEFINITIONS.
Policy guidelines.
Data accuracy.
Data processing.
Data disposal.
Data security.
Data assessment.
Data access agreements.
Responsibility.
Purpose
The purpose of this policy is to provide guideline on processing personal data by AIB-AXYS Africa.
Scope
This policy covers data collected and store by AIB-AXYS in electronic or physical form. It shall apply to all staff, board and affiliated parties that collect data on AIB-AXYS behalf (agents, relationship manager and all users of our digital platforms).
Definitions
Data subject – The person the data relates to.
Third-party is person(s) who have access to AIB-AXYS data subject personal identifiable information.
AIB-AXYS – refers to AIB-AXYS Africa as constituted.
Data processing – any form of data adding action or handling that may alter data in its current form by either adding or deleting or amending.
Policy guidelines
AIB-AXYS shall in dealing with Personal Identifiable Information ensure that information is processed
Without infringing the privacy of the data subject.
In lawful manner.
In a reasonable manner.
Collection, use and storage or handling of the data will only be done in manner guided by principles of AIB-AXYS Africa.
Data accuracy
AIB-AXYS will store personal identifiable information as accurately as possible, update and systematically review to ensure it fulfils the purpose for which it is processed.
The data subject may request correction of the data that is inaccurate or incomplete using the approved methods or forms that may be provided by AIB-AXYS and it is approved partners.
When the data is corrected, AIB-AXYS will undertake to notify the third-party partners and the data subject through the approved and available mode of communication.
Data processing
Data processing shall be carried out in lawful and fair manner as prescribed by guiding document outline for the purpose it is intended for without interfering with data subject rights and freedom.
Data processing shall be guided by data subject consent, legal and regulatory compliance, public interest or any other requirement that may be guided by stock market operation.
Verification of data shall be done in compliance with law and in a manner guide by existing contractual agreements between AIB-AXYS and vendor with consent of data subject through available means of granting consent.
AIB-AXYS shall maintain confidentiality of data subject for the period they hold that data.
Health and human resource data shall be kept separate from personal data and only accessible from authorized persons or department that handles such data.
Client data shall be kept separate from other data subject data and will be accessible and processed by authorized persons only.
Compliance and human resource under guidance of management and working with relevant departments shall specify other data that may require additional data security and restrictions. They will also give guidelines on data that is deemed risk and requires processing and designate the personal to handle such data, level of confidentiality needed and level of protection.
Where minors are involved, the rights of children shall prevail in protecting their rights and in best interest. Parental consent will be required to process such data.
Data disposal
Personal data information will be disposed in a secure manner that may not breach data subject rights.
Under supervision of data handling department, the executer will ensure that the data is completely destroyed and no residues of such data remains.
Non-disclosure form shall be signed with the party that will be granted rights to destroy such data.
Data subject will be notified and give consent to such action. AUB-AXYS shall disclose the period for data subject to object to such dispose and on lapse, the data subject will be deemed to have granted such
Data security
AIB-AXYS shall provide high level of data protection and will ensure other policies that protect such data provide clear guideline on how security breaches will be handled.
To maintain data confidentiality, personal data will be stored in a way that it is accessible to the authorized persons and is transferred through mean of communication or transport that guarantee security.
Personal data may not be used for other purpose than the one intended for.
All data handlers will sign a non-disclosure form or clause included in the contract that bans them using personal data held by AIB-AXYS for any other purpose than the intended use.
Private emails shall not be used to transport personal identifiable data where company resources are available to grant such transfer.
AIB-AXYS will use Information Technology to process and store data between its systems and that of third party where such data is required to help the data subject carry out duties for which data was collected for.
Data assessment
Data security and protection assessment shall be regularly carried out to ensure compliance with the policy.
An independent part will be appointed to ascertain compliance with the policy during regular audit carried out internally or externally as requested.
AIB-AXYS will grant the external parties appointed by themselves or from regulatory bodies or as required access to data in line with guidelines of this policy and any other policy that may guide the process and provides data protection with consent of both parties through mutual agreements.
Both parties will be responsible of notifying the data subject of the intended purpose through the approved means.
Data access agreements
Where law or situation requires access to personal data access, all parties involved shall sign and execute non-disclosure agreements which will be made available to data subject if required.
Authority to access to sensitive personal data that is not limited to health, financial status, marital status shall be granted by the governance, executive or human resource and used under supervision of the involved head of department in strict compliance to data protection and privacy act.
Responsibility
AIB-AXYS will be responsible for compliance with the policy through the appointed department.
The data policy shall be implemented for all staff members and training done.
The policy will reside with compliance department and regularly reviewed to align with new and emerging trends and risks.