IVO Solutions Ltd and its affiliates may need to gather and use certain information about individuals it comes into contact with.
This policy describes how personal data must be collected, handled, and stored in accordance with the company’s data protection standards and in accordance with the law.
This data protection policy ensures that IVO Solutions Ltd:
- Complies with data protection law and follows good practice.
- Protects the rights of staff, customers, and partners.
- Is open about how it stores and processes individuals’ data.
- Protects itself from risks of a data breach.
Data Protection Principles
This data protection policy is guided by the following principles:
Fair and lawful process of data
Specific and lawful use
Adequacy, relevancy, and reasonability
Accuracy and updated.
Sufficient and appropriate protection
Strictly non sharing unless required by law.Scope of the policy
The policy applies to the Company’s:
Headquarters
All branches
All staff and volunteers
All contractors, suppliers and authorized personnel representing the company.Integrity of data protection
Everyone who works for the company is duty bound to collect, handle and store data appropriately. In ensuring integrity of and data protection, the company management:
Reviews all data protection procedures and related policies from time to time.
Offers data protection trainings to its staff.
Handles data access requests from third parties.
Controls how the authorized persons access and handle sensitive data.
Ensures all systems, services and equipment used for storing data meet the acceptable security standards.
Ensures constant checks and scans to ensure security functions are working properly.
Monitors its staff ensuring compliance with data protection principles.Data storage guidelines
All data should be handled with ultimate care and be accessible only when needed for particular use and purpose.
Data should be accessed formally and authorized with credentials and strong passwords.
Data should regularly be reviewed and updated.
Line managers should ensure that the person accessing and using protected data is well versed with the sensitivity of the data and security guidelines.Data use
When working with data, employees must ensure that the screens of their computers are always locked when left unattended.
Data should not be shared informally, sent by email without prior authorization.
Data must be encrypted before being transferred electronically.
Data must not be sent across the borders of the United Republic of Tanzania.
Employees should not save personal information to their computers. They should always access and update the central copy of any data.Subject access requests
All subjects of personal data held by the company are entitled to:
Ask what information the company holds about them and for what reasons.
Ask how to gain access to
Be informed on how it is kept up to date.
Be informed how the company meets its data protection obligations.
Data access requests can only be made by email, addressed to the data controller via service@ivosolutions.co.tz Before
responding to data access requests, the company shall must verify the identity of the person making the request.
Providing information
The company aims to ensure that individuals are aware that their data is being processed, and that they
understand:
How data is being used
How to exercise their rights