Data Privacy and Security Policy

  • Home
  • Data Privacy and Security Policy
Your Partner for Digital Excellence

Data Privacy and Security Policy

Purpose and Overview

Softoholic is dedicated to safeguarding all personal information it manages, ensuring compliance with all relevant data privacy and protection laws.

We act as the primary decision-maker (data controller) regarding the collection and processing of personal data connected to our employees, clients, suppliers, and other related parties.

This policy explains:

  • The types of personal data we may gather and handle;
  • How we process and protect that data in line with applicable legal requirements;
  • The responsibilities all Softoholic team members have concerning data privacy and security.

This policy is a guideline for our practices and does not form part of any employment contract. Softoholic may update or revise this policy at its discretion.

Definitions

  • Personal Data: Any information related to an identified or identifiable individual.
  • Processing: Any action involving personal data, including collection, storage, use, disclosure, or deletion.
  • Sensitive Data: Information revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health status, sexual orientation, or biometric data.
  • Data Subject: The individual whom the personal data concerns.

Key Data Privacy Principles

All Softoholic personnel handling personal data must follow these principles:

  • Process data fairly, transparently, and legally, ensuring there is a clear reason under data protection laws to do so.
  • Collect data only for specific, legitimate reasons and use it solely for those stated purposes.
  • Limit data collected to what is necessary for its intended use.
  • Keep data accurate and updated; rectify or erase inaccurate information promptly.
  • Retain personal data only as long as required for its purpose.
  • Implement suitable security measures to protect data from unauthorized access, alteration, or loss.

Accountability and Responsibility

Data protection is a shared responsibility across Softoholic. Every team member, regardless of role or seniority, must adhere to this policy.

Managers have a duty to lead by example and ensure their teams comply.

Concerns or suspected breaches must be reported promptly to our designated Data Privacy Officer.

Violations of this policy can lead to disciplinary action, including termination of employment, especially in cases involving unauthorized data access or misuse.

Scope of Data Covered

This policy applies to all personal data we manage, whether stored electronically or in physical form, including:

  • Information about current, former, or prospective employees;
  • Data about customers, suppliers, and other stakeholders;
  • Any opinions or factual statements relating to individuals.

Types of Personal Information Collected

Softoholic collects personal information such as:

  • Contact details (addresses, phone numbers, email);
  • Employment history and qualifications;
  • Payroll and tax information;
  • Performance records and disciplinary actions;
  • Criminal background checks where applicable;
  • Sensitive information only when legally permitted and necessary.

Use and Processing of Personal Data

We process personal information solely to fulfill business operations, manage employment relationships, and address employee concerns, including:

  • Maintaining contact and emergency information;
  • Monitoring attendance and absence;
  • Reviewing performance and conducting appraisals;
  • Ensuring compliance with legal and regulatory obligations.

Softoholic will not use personal data for unrelated purposes without informing the individual concerned.

Data Accuracy and Retention

We commit to keeping all personal data accurate and relevant.

Data will be securely stored only for as long as necessary and disposed of responsibly when no longer required.

If you believe your information is incorrect or outdated, please notify our Data Privacy Officer for correction.

Rights of Individuals

You have the right to:

  • Request access to personal data we hold about you;
  • Request correction or deletion of inaccurate or unnecessary data;
  • Object to or restrict certain types of processing where allowed by law;
  • Lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

Requests can be submitted to [insert Softoholic’s Data Privacy Officer email].

Data Security Measures

Softoholic employs technical and organizational safeguards to protect personal data, such as:

  • Limiting access to authorized personnel only;
  • Encrypting sensitive data;
  • Regularly updating security software;
  • Ensuring physical security of storage locations;
  • Secure disposal of paper and electronic records.

Employees must ensure devices are password-protected and avoid storing company data on personal devices unless authorized.

Handling Data Breaches

Any suspected data breach must be reported immediately.

Softoholic will investigate and notify affected individuals and authorities as required by law, minimizing potential harm.

Employee Responsibilities

All employees must:

  • Keep personal and others’ data accurate and secure;
  • Access data only as required for their job;
  • Not disclose information without proper authorization;
  • Follow all security protocols.

Training and Awareness

Softoholic provides regular training to ensure all staff understand their obligations regarding data privacy and security.

This policy was created specifically for Softoholic to reflect our commitment to protecting personal information and complying with relevant data privacy laws.