Purpose

This policy is to ensure we gather, store, and handle data with utmost security and confidentiality.

Scope

This policy applies to all confidential data provided to Elsym or collected by Elsym’s systems.

Policy

Data supplied to Elsym or collected by Elsym systems during the normal course of operations may include information that makes a person identifiable such as name, address, photograph, username, password, social security numbers, financial data, or other personal identifiable information.

Data collected will be:

• Accurate and kept up-to-date
• Collected only when needed and for lawful purposes
• Collected within its legal and moral boundaries
• Protected against any unauthorised or illegal access by internal or external parties

Data collected will not be:

• Communicated outside the bounds of business requirements
• Stored for longer than required
• Transferred to third parties who do not have adequate data protection policies
• Distributed to anyone other than the ones agreed upon by the owner of the data, or the contractual requirements of such data (unless otherwise expressly required by a court of law)

Actions to protect data:

• Protected according to all company policies established and audited under the ISO 27001 standard
• Any breach of data shall be reported according to policies established and audited under the ISO 27001 standard