PERSONAL INFORMATION MANAGEMENT POLICYLast updated on May 24, 2019
GVE GlobalVision Inc.’s (“GlobalVision”) Personal Information Management Policy (the “Policy”) is modelled after the principles set out in the national standard of Canada entitled “Model code for the protection of personal information” (CAN/CSA-Q830-96) and takes into account provisions of the General Data Protection Regulation of the European Union (“GDPR”, entitled “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Information and on the free movement of such data, and repealing Directive 95/46/EC”).
Nothing in this Policy has the effect of creating obligations for GlobalVision beyond those imposed by applicable laws and regulations pertaining to management of Personal Information.
TABLE OF CONTENTS
This Policy covers the following aspects of Personal Information management:
- Purposes and Purpose Limitation
- Limited Collection, Data Minimization, Fairness and Lawfulness
- Limited Use, Disclosure and Retention
- Accuracy, Integrity, Confidentiality and Right to Rectification
- Openness and Transparency
- Individual Access and Other Rights
- Challenging Compliance
In this Policy:
Your “Consent” means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the Processing of Personal Information relating to you.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
“Intermediary”means a natural or legal person, public authority, agency or other body which processes Personal Information on behalf of GlobalVision.
“Personal Information” means any information relating to an identified or identifiable natural person.
“Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.
“Processing”means any operation or set of operations performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated Processing of Personal Information consisting of the use of PersonalInformation to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation”means the Processing of Personal Information in such a manner that the PersonalInformation can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Information is not attributed to an identified or identifiable natural person.
“Recipient”means a natural or legal person, public authority, agency or another body, to which the Personal Information is disclosed, whether a Third Party or not.
“Restriction of Processing” means the marking of stored Personal Information with the aim of limiting it Processing in the future.
“Third Party” means a natural or legal person, public authority, agency or body other than you (as the data subject), a Controller, a Processor and persons who, under the direct authority of a Controller or Processor, are authorised to process Personal Information;
“You” refers to you or any specific individual as an identified or identifiable natural person.
SUMMARY OF THE POLICY
- ACCOUNTABILITY: GlobalVision is responsible for, and will be able to demonstrate compliance with this Policy, and has designated an individual or individuals accountable for GlobalVision’s compliance with the Policy.
- PURPOSES AND PURPOSE LIMITATION: The purposes for which Personal Information is collected will generally be identified by GlobalVision at or before the time the Personal Information is collected, for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- CONSENT: Your knowledge and Consent are required for the Processing of your Personal Information, except where inappropriate.
- LIMITED COLLECTION, DATA MINIMIZATION, FAIRNESS AND LAWFULNESS: The collection of Personal Information will be adequate, relevant and limited to that which is necessary for the purposes identified by GlobalVision for which it is processed. Personal Information will be collected by fair and lawful means.
- LIMITED USE, DISCLOSURE AND RETENTION: Personal Information will not be processed for purposes other than those for which it was collected, except with your Consent or as required by law. Personal Information will be retained only as long as necessary for the fulfillment of those purposes in a form which permits your identification for no longer than is necessary for the purposes for which the Personal Information is processed.
- ACCURACY, INTEGRITY, CONFIDENTIALITY AND RIGHT TO RECTIFICATION: Personal Information will be as accurate, complete and kept up-to-date as is necessary for the purposes for which it is to be used. Every reasonable step will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
- SAFEGUARDS: Personal Information will be protected by security safeguards appropriate to the sensitivity of the Personal Information, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- OPENNESS AND TRANSPARENCY: GlobalVision will make readily available to you specific information about its policies and practices relating to the management of your Personal Information, which will be processed in a transparent manner.
- INDIVIDUAL ACCESS AND OTHER RIGHTS: Upon request, you will be informed of the existence and Processing of your Personal Information and will be given access to that Personal Information. You will be able to challenge the accuracy and completeness of the Personal Information and have it amended as appropriate.
- CHALLENGING COMPLIANCE: You may address a challenge concerning GlobalVision’s compliance with this Policy to the designated individual(s) accountable for such compliance.
FOR MORE DETAILS PLEASE CONTACT GLOBALVISION’S DATA PRIVACY OFFICER AT: firstname.lastname@example.org