It is important to have personal data protection policy in all countries where the Company has operations. This Policy lays forth all the basic principles under which the Company chooses to process the personal data of customers, consumers, employees, business partners, suppliers, and other individuals. It also indicates the related responsibilities of all its employees and business departments when processing personal data.
This Policy is applicable to the Company and its wholly-owned subsidiaries, directly or indirectly controlled. Also to conducting business within the EEA (European Economic Area) or processing personal data of the data subjects & DPIA inside the EEA.
The following terms used in this document were drawn from Article 4 of the GDPR of the EU:
Personal Data: Any and all information that relates to an identifiable natural person (“Data Subject”) who could be identified, indirectly or directly, particularly by referencing an identifier such as an identification number, a name, an online identifier, location data, or to one or multiple factors that are specific to the physiological, physical, mental, genetic, economic, social, or cultural identity of that natural person.
Sensitive Personal Data: These are personal data which, by their nature, are particularly sensitive about fundamental freedoms and rights. They merit specific protection because the context of their processing can create high risks to the fundamental freedoms and rights. These personal data include personal data revealing political opinions, ethnic or racial origin, philosophical or religious beliefs, trade union membership. It also incorporates biometric or genetic data for the identification purpose of a natural person and data concerning his health.
Data Controller: A legal person, public agency or authority, which determines means of the processing and purposes of personal data.
Data Processor: A legal person, public agency or authority, which handles personal data on behalf of a Data Controller.