About / Privacy & Data Protection Policy
Our Commitment to Privacy and Data Protection
We are committed to protecting the rights and interests of our employees and our clients, so we have in place a privacy and data protection policy that meets stringent international practices including the requirements of the European General Data Protection Regulation (GDPR) and the Canadian Personal Information Protection and Electronics Document Act (PIPEDA).
We shall always inform individuals when we store and process their personal data, ensuring they understand what data we store and process, with whom we share it, and why. We accomplish this through communication of this policy to our stakeholders both internal and external and any further communications required by the GDPR and PIPEDA.
We shall only store and process personal data when we have a lawful basis to do so and only for the core business purposes of staff administration, marketing, advertising, public relations, accounting, and record keeping. The sensitivity of the data we store and process and the impact of such storage and processing on individuals will be carefully balanced against the legitimate interests of JASCO to ensure the rights and interests of the individuals are protected.
We shall only store and process client personal information provided directly by current or past clients during business transactions. We shall only store and process the minimal data required (name, title, business email address, and business telephone number) to contact these clients regarding products and services they have received from JASCO or similar products and services they may wish to receive from JASCO in the future. We shall not share this information with a third party without client consent. Clients have the right to contact JASCO (see below) at any time to disallow the use of their data for direct marketing purposes.
Automated Data Processing
We shall not perform automated processing or mining of personal data.
We shall regularly review the personal data that we store and process, and associated consent records, to ensure that they are accurate and up to date and that they still need to be retained. We shall regularly review our data handling controls, data sharing controls, records management controls, and security controls, as well as this policy, to ensure continued compliance with the GDPR and PIPEDA.
We shall seek individual consent as the requisite lawful basis to store and process personal data, as applicable, and shall inform individuals of their rights under the GDPR and PIPEDA as follows.
Right to be informed
Individuals have the right to know what personal data we are collecting, how and why we are processing it, and with whom we are sharing it.
Right of access
Individuals have the right to obtain a copy of their personal data in our possession at any time.
Right of rectification and data quality
Individuals have the right to ensure that their information in our possession is correct and complete.
Right to erasure including retention and disposal
Individuals have the right to request secure disposal of their personal data from our records at any time.
Right to restrict processing
Individuals have the right to restrict processing of their personal data.
Right to object
Individuals have the right to object to the processing of their data.
Individuals may contact firstname.lastname@example.org at any time to exercise any of their rights above or to request further information or clarification regarding this policy. Such requests will be addressed within one calendar month of receipt.