Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers, stakeholders and other interested parties with absolute caution and confidentiality. This policy describes how we collect, store, handle and secure our data fairly, transparently and with confidentiality This policy ensures that Sabytel follows good practices to protect the data gathered from its customers, employees, and stakeholders. The rules outlined in this document apply regardless of whether the data is stored electronically, on paper or on any other storage device.
Policy Elements
As a key part of our operations, we gather and process any information or data that makes an individual identifiable such as names, addresses and telephone number. This information is collected only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply to our company.
Our data will:
Be precise and consistently updated.
Is collected legitimately and with a clearly stated purpose.
Be processed by the company in line with its legal and ethical binds.
Have protection measure that protects it from any unauthorized or illegal access occurring by internal or external parties.
Our data will not:
Be communicated informally
Exceed the specified amount of time stored ; therefore, personal data of employees, customers, and affiliates who no longer use Sabytel services will be archived for 3 years and deleted afterwards.
Be transferred to organizations, states or countries that do not acquire proper data protection policies.
Be spread to any party unless approved by the data’s owner (except for the legitimate requests demanded from law enforcement authorities).
Roles and responsabilities
Everyone who works for or with Sabytel is responsible for ensuring that the collection, storage, handling and protection of data is being done appropriately. The contact person responsible for managing the Data Protection process is the Chief Information Security Officer - Email, support@sabytel.com.
IT security manager is responsible for:
Strictly complying with all Sabytel policies related to non-disclosure, non-competition and confidentiality of information.
Ensuring that access to the personal data registered on the Sabytel Website is restricted only for authorized personnel.
Ensuring that access to the personal data registered on the Sabytel website will not be shared with or provided to unauthorized personnel.
General guidelines
Access to data covered by this policy should be restricted only to those who need it for their work.
Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
Sabytel provides comprehensive training to all employees to help them understand their responsibilities when handling data.
Employees should keep all data secure, by taking sensible precautions and following the Data Storage guidelines specified below.
In particular, strong passwords must be used and they should never be shared.
Personal data should not be disclosed to unauthorized people, neither within the company or externally.
Employees should request help from their line manager or the Data Protection Officer if they are unsure about any aspect of data protection.
Data storage
These rules describe how and where data should be safely stored. When data is stored on paper, it should be kept in a secure place where unauthorized people are not allowed access. These guidelines also apply to data that is usually stored electronically but has been printed out for certain reasons.
Data erasure
Our clients can contact us requesting data erasure via email at support@sabytel.com or through the digital form available on our website. In addition, data subject will be provided with all necessary information before proceeding with erasure. Before proceeding with the erasure, the data subject will read the statement of our Data Protection Officer, explaining the outcome of the data being deleted. Erasure of data can be requested at any time.
Cross border data transfer
Adequacy decisions by the European Commission in regard to cross border data transfer. The European Commission has so far recognized Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection. In addition, we ensure data protection and privacy for the information it possess for natural persons, therefore we are compliant with the legislative requirements. The point of contact for all Data Protection Authorities (DPAs) and individuals in the EU on all issues related to data processing is support@sabytel.com
Children
Our website is not appealing to children, nor are they directed to children younger than 6. Sabytel does not knowingly collect personally identifiable data from persons under the age of 16 and strives to comply with the provisions of The Office of the Privacy Commissioner of Canada (OPC) and European Union General Data Protection Regulation (EU GDPR). If you are a parent of a child under 16 and you believe that your child has provided us with information about him or herself, please contact us at support@sabytel.com
Disclosing data
In certain circumstances, when required, Sabytel can disclose data to law enforcement agencies without the consent of the data subject. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary. We have a privacy policy available on our website, stating out how data relating to customers, stakeholders, employees and other parties involved is used in our company.
What are your data protection rights?
Sabytel would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access: You have the right to request Sabytel for copies of your personal data. We may charge you a small fee for this service.
The right to rectification: You have the right to request that Sabytel correct any information you believe is inaccurate. You also have the right to request Sabytel to complete information you believe is incomplete.
The right to erasure: You have the right to request that Sabytel erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that Sabytel restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to Sabytel’s processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that Sabytel transfer the data that we have collected to another organization, or directly to you, under certain conditions.