This Policy applies to all the personal data processed by the Legal Firm and is part of our approach to compliance with the domestic legal provisions and the GDPR. Our staff is expected to comply with this Policy and failure to comply may lead to disciplinary actions. Our Firm sets out its commitment to ensuring that any personal data is carried out in compliance with the Processing of the Personal Data and the Free Movement of these Data Law 125(I)/2018 and the General Data Protection Regulation 679/2016 (hereinafter referred to as the “GDPR”), imbedding them in the culture of our staff and our Firm. We commit to treat information of Data subjects with utmost care and confidentiality, specifically to comply with the GDPR’s six (6) principles for data processing as stipulated below, and to be able to demonstrate our accountability and compliance with these principles.
DATA PROTECTION PRINCIPLES:
By virtue of article 5 of the GDPR, when processing personal data, the Firm ensures that:
- It is processed lawfully, fairly and in a transparent manner in relation to the Data subject (“Lawfulness, Fairness and Transparency”);
- It is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“Purpose Limitation”);
- It is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“Data Minimisation”);
- It is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“Accuracy”);
- It is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“Storage Limitation”);
- It is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“Integrity and Confidentiality”).
Our Legal Firm will facilitate any request from a Data subject who wishes to exercise its rights under the GDPR, always communicating in a concise and easily accessible form, without undue delay.
PROCEDURES / GUIDANCE:
The Firm will:
- Ensure that the legal basis for processing personal data is identified in advance and that all processing complies with the Law;
- Not do anything with your data that you would not expect, given the content of this Policy;
- Ensure that appropriate Privacy notices are in place advising staff and others how and why their data is being processed;
- Only collect and process the personal data that it needs for purposes it has identified in advance;
- Ensure that, as far as possible, the personal data it holds is accurate, or a system is in place for ensuring that it is kept up to date as far as possible;
- Only hold onto your personal data for five (5) years;
- Ensure that appropriate security measures are in place to ensure that personal data can only be accessed by those who need to access it and that it is held and transferred securely.
RIGHTS OF DATA SUBJECTS:
Employees of our Firm and its subsidiaries must follow this Policy. Any Contractors, Consultants, Partners and any other external Associate are also covered. Generally, our Policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to certain information and data.
All principles described in this Policy must be strictly followed. A breach of Data Protection guidelines will invoke disciplinary for misconduct, including dismissal. The Firm will ensure that all the staff who handles personal data on its behalf are aware of their responsibilities under this Policy and other relevant data protection security Policies, and that they are adequately trained and supervised.
If you have any query in relation to the GDPR, then you can contact as at firstname.lastname@example.org.