General
This Information Security Policy describes the use and protection of personal information in Tribe BSP.
The security policy ensures that:
- Information will be protected from unauthorized access.
- Confidentiality of information will be guaranteed.
- The integrity of the information will be guaranteed.
- The availability of information for business processes will be maintained.
- Legislative and regulatory requirements will be met.
- A business continuity plan will be developed, maintained and tested.
- Information security training will be provided to all employees.
- All actual or suspected information security breaches will be reported to the relevant manager, investigated and appropriate solutions/actions implemented
Special Privacy Requirements
- Protection of personal Data in electronic systems includes protection against the acquisition, collection, processing, analysis, storage, appearance, announcement, transmission, dissemination and/or opening of access, and destruction of personal Data.
- Personal data must be kept, maintained, and kept true and protected confidentiality.
- Personal Data is confidential so it is prohibited to disseminate and there are criminal sanctions related to the dissemination of personal Data that is not in accordance with the regulations and their designation.
- Personal data must be accurate and complete, and if necessary the data is always updated. Every reasonable step should be taken to ensure that inaccurate or incomplete personal data is deleted or corrected.
- Individuals should be given the opportunity to examine, and issue complaints about, inaccuracies and incompleteness in records containing personal data.
- Personal data should not be stored in a form that allows the identification of an individual for longer than is necessary for the purpose of data collection or further processing.
- Personal Data can only be processed if:
- The individual has given his consent clearly.
- Processing is necessary for the execution of contracts in which individuals are related parties.
- Processing is necessary to respond to requests made by individuals.
- Processing is necessary to fulfill the legal obligations for which the owner is responsible.
- Processing is necessary to protect vital individual interests. Processing is necessary to explore or provide new business products or services that may be useful to the owner, as long as these new products or services do not override the basic rights or freedoms of the individual.
- The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, criminal offenses, health or sex life is prohibited unless:
- The individual has given explicit consent to such processing.
- Processing is necessary for the purposes of the implementation of the owner's special obligations and rights in the field of labor law.
2.3 The Right Of Individuals To Refuse
Individuals may object without charge regarding the processing of personal data carried out by the owner for business purposes. The owner must provide a quick processing mechanism that allows objecting individuals to be removed from the personal data processing register for business purposes.
Individuals must be notified before personal data is disclosed for the first time to a third party or used on their behalf for business purposes. Individuals should be expressly offered the right to object to such disclosure or use at no charge. The owner must provide a processing mechanism that allows objecting individuals to block such disclosure.
2.4 Disclosure Of Personal Data To Third Parties
Tribe BSP may provide processed personal data to third parties on its systems for generally accepted business purposes such as court orders, subpoenas, employment verification, government licenses, underwriting, and other reasons. All recipients of such information must definitively identify themselves, state in writing the legal and customary purposes for which such information is sought and state that the personal data will not be used for any other purpose.
All disclosures to government agencies and other third parties must be preceded by written notice or other notice sent to the individual. One-time consent to such disclosure is sufficient.
2.5 Processing Confidentiality And Security
The owner shall apply appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, accidental loss, unauthorized alteration, and unauthorized disclosure or access.
Tribe BSP information systems or staff may not link anonymous information about an individual's behavior or activities with personally identifiable information unless the individual involved has given their consent.
All user access to processing systems and networks containing personal data must be recorded so that any recent access to personal data can be tracked. These system and network guards are responsible for the regular monitoring of those logs and the follow-up of potential security-relevant events.
2.6 Monitoring Of Internal Activities
In general, Tribe BSP does not conduct thorough monitoring of internal communications. However, it reserves the right at any time to monitor, access, retrieve, read, or disclose internal communications when there is a legitimate business need that cannot be met by other means, the individuals involved are unavailable and time is critical to business activity.