- Introduction
- Purpose of the Policy
- Scope and Applicability
- Policy Statement
- Commitment to Data Protection and Privacy
- Information Security Principles
- Definitions
- Personal Data
- Sensitive Personal Data
- Data Processing
- Information Security
- Roles and Responsibilities
- Data Protection Officer (DPO)
- IT Security Team
- Employees
- Third-party Service Providers
- Data Protection Measures
- Data Collection and Processing
- Data Accuracy and Minimization
- Data Retention and Disposal
- Data Sharing and Transfer
- Individual Rights
- Information Security Practices
- Data Breach Response and Notification
- Training and Awareness
- Employee Training Programs
- Continuous Awareness Campaigns
- Specialized Training for IT Staff
- Compliance and Monitoring
- Legal Compliance
- Monitoring and Evaluation
- Audits and Assessments
- Policy Review and Updates
- Review Schedule
- Amendment Process
- Acknowledgment of
- Employee Acknowledgment
- Compliance Certification
1. Introduction
This policy reflects the high priority that Accord Worldwide, Inc. places on the privacy, protection, and security of the data we manage. Through the implementation of this policy, we demonstrate our commitment to privacy, data protection, and information security excellence, fostering trust among our clients, employees, and partners.
Purpose of the Policy:
This policy articulates the commitment of Accord Worldwide, Inc. to protect the privacy, integrity, and accessibility of data collected, processed, and maintained by the organization. It is crafted to align with global data protection regulations and to embed a culture of privacy and security throughout our operations. This document serves as a blueprint for managing personal and sensitive data ethically, legally, and securely.
Scope and Applicability:
The scope of this policy extends to all forms of data, whether digital or paper-based, under the control of Accord Worldwide, Inc. It applies to all employees, contractors, and third-party service providers engaged in the processing of data on behalf of the company. This policy covers the entire lifecycle of data, from collection to destruction, across all departments and international operations.
2. Policy Statement
Commitment to Data Protection and Privacy:
Accord Worldwide, Inc. pledges to uphold the privacy rights of individuals by implementing comprehensive data protection and privacy measures. We are dedicated to processing data transparently, fairly, and securely, ensuring that individuals’ rights are respected and protected.
Information Security Principles:
Our approach to information security is founded on the principles of confidentiality, integrity, and availability. We commit to safeguarding data against unauthorized access, ensuring accuracy and completeness of information, and maintaining data accessibility for authorized users.
3. Definitions
- Personal Data: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
- Sensitive Personal Data: Data that includes racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health information, sexual orientation, or sexual life.
- Data Processing: Any operation performed on personal data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
- Information Security: Measures and processes designed to protect data from unauthorized access, disclosure, alteration, or destruction, ensuring confidentiality, integrity, and availability.
4. Roles and Responsibilities
- IT Security Team: Responsible for implementing technical and organizational measures to secure data across all IT infrastructure, applications, and platforms.
- Employees: Required to adhere to data protection principles and practices as part of their daily duties. Employees must report any data breaches or security incidents to the designated authorities within the organization immediately.
- Third-party Service Providers: Must comply with data protection requirements equivalent to or higher than those of Accord Worldwide, Inc. Agreements with third-party providers include clauses that guarantee the protection of data processed on behalf of the company.
5. Data Protection Measures
- Data Collection and Processing: Data is collected only for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Consent from data subjects is obtained where required, and the principle of minimal data collection is adhered to, ensuring that only necessary data for the specified purposes is collected.
- Data Accuracy and Minimization: Regular data reviews and updates are conducted to ensure that all data held is accurate and, where necessary, kept up-to-date. Efforts are made to delete or correct inaccurate data without delay.
- Data Retention and Disposal: Data is retained only for as long as necessary for the purposes for which it was collected. A data retention schedule is maintained, and secure disposal methods are used for data that is no longer needed.
- Data Sharing and Transfer: Data sharing is conducted under strict conditions, with appropriate safeguards in place. Data transfers outside the European Economic Area (EEA) are carried out in compliance with international data transfer mechanisms and regulations.
6. Individual Rights
Accord Worldwide, Inc. acknowledges and supports the rights of data subjects under data protection law, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and rights concerning automated decision-making and profiling. Procedures are in place to ensure these rights can be exercised effectively and without undue delay.
7. Information Security Practices
Comprehensive information security practices are implemented, including but not limited to access control, data encryption, network security measures, and physical security controls. These practices are designed to protect data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
8. Data Breach Response and Notification
A structured response plan is in place for data breaches, ensuring timely detection, reporting, and investigation. Accord Worldwide, Inc. commits to notifying the relevant supervisory authority and, where applicable, the data subjects, in accordance with legal obligations and within the prescribed timeframes.
9. Training and Awareness
Regular training on data protection, privacy, and information security is provided to all employees, with specialized training for staff involved in high-risk data processing activities. Awareness campaigns are conducted to keep data protection and privacy at the forefront of organizational culture.
10. Compliance and Monitoring
Compliance with this policy, as well as with applicable data protection laws and regulations, is monitored continuously. Regular audits and assessments are conducted to identify and mitigate risks, ensuring ongoing compliance and improvement of data protection practices.
11. Policy Review and Updates
This policy is reviewed annually or as required by changes in legislation, regulatory guidance, or operational practices. Amendments are made to ensure that the policy remains effective and aligned with current data protection standards and organizational objectives.
12. Acknowledgment of Compliance
All employees and relevant third parties are required to acknowledge their understanding and commitment to comply with this Data Protection, Privacy, and Information Security Policy. This acknowledgment is part of our commitment to ensuring that all stakeholders are aware of and contribute to our data protection and privacy objectives.