Data Protection

Por Ultimo, ICO registered, is committed to protecting the privacy and confidentiality of personal and sensitive information entrusted to us by our clients, employees, contractors, and stakeholders. This Data Protection Policy outlines our responsibilities, procedures, and safeguards for collecting, processing, storing, and disclosing personal data in compliance with applicable data protection laws and regulations.

Policy Objectives:

  1. Compliance: To comply with all relevant data protection laws, regulations, and industry standards, including the General Data Protection Regulation (GDPR) in the European Union.
  2. Data Collection and Processing: To ensure that personal data is collected and processed lawfully, fairly, and transparently for specified purposes and with appropriate consent.
  3. Data Minimization: To collect and process only the minimum necessary personal data required for the intended purpose.
  4. Data Accuracy and Retention: To maintain accurate and up-to-date personal data and retain it only for as long as necessary to fulfill the purpose for which it was collected.
  5. Data Security: To implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration.
  6. Data Subject Rights: To respect the rights of data subjects, including the right to access, rectify, erase, restrict processing, and object to the processing of their personal data.
  7. Data Sharing and Transfers: To ensure that personal data is shared or transferred to third parties or countries only when necessary and in compliance with applicable data protection laws.

Policy Guidelines:

  1. Lawful Basis for Processing: a. Personal data will be processed lawfully, fairly, and transparently based on one or more lawful bases, such as consent, contractual necessity, legal obligations, legitimate interests, or protection of vital interests.
  2. Data Collection and Purpose Limitation: a. Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes. b. Data subjects will be informed about the purpose of data collection and any additional processing activities.
  3. Data Accuracy and Retention: a. Reasonable steps will be taken to ensure the accuracy and completeness of personal data. b. Personal data will be retained only for as long as necessary to fulfill the purpose for which it was collected, or as required by legal and regulatory obligations.
  4. Data Security and Confidentiality: a. Appropriate technical and organizational measures will be implemented to protect personal data against unauthorized access, disclosure, loss, destruction, or alteration. b. Access to personal data will be limited to authorized individuals with a legitimate business need.
  5. Data Subject Rights: a. Data subjects will be provided with information on their rights and procedures to exercise those rights. b. Requests from data subjects to exercise their rights will be promptly addressed and responded to within the timeframes specified by applicable laws.
  6. Data Sharing and Transfers: a. Personal data will only be shared with third parties or transferred to countries outside the European Economic Area (EEA) when necessary and in compliance with applicable data protection laws. b. Adequate safeguards, such as contractual agreements or recognized mechanisms, will be implemented for cross-border data transfers.
  7. Data Breach Management: a. Procedures will be in place to detect, investigate, and respond to data breaches promptly. b. Appropriate authorities and affected individuals will be notified of any data breaches in accordance with legal requirements.
  8. Staff Training and Awareness: a. Regular training and awareness programs will be conducted to educate employees on their responsibilities regarding data protection. b. Employees will be required to adhere to this Data Protection Policy and related procedures.
  9. Data Protection Officer: a. A designated Data Protection Officer (DPO) will be appointed to oversee data protection