Collective Privacy Policy

1.0 Introduction:
1.1 Webmettle Ltd. recognises that personal data is very important, and pledges to protect the security and privacy of any Personal Data retained by the company.

2.0 Purpose:
2.1 This policy is a collective document put in place to maintain the standards required by General Data Protection Regulation.

3.0 Scope:
3.1 This policy applies to all personal information, both electronic and manual records (hard copies, media, etc.) held by Webmettle Ltd.

4.0 Reference Documents:
4.1 (EU) 2016/679         General Data Protection Regulation
4.2 Subject Access Request Form         Appendix A
4.3 Non-Disclosure Agreement        Appendix B
4.4 Right to Erasure Form         Appendix C
4.5 Retention Schedule Guidelines         Appendix D
4.6 Personal Data Log         Appendix E

5.0 Definitions:
5.1 “Personal Data – Information or a set of information that identifies or could be used by or on behalf of Webmettle Ltd. to identify an individual. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data.

6.0 Personal Data Protection / Subject Access Request

  • 6.1 Responsibilities:
    • 6.1.1 Webmettle Ltd. ensures that any personal data shall be protected including but not limited to the following general guidelines:
      1. Do not leave personal data on your desk when not in use;
      2. Do not leave your computer logged-on or personal data displayed on the unattended computer;
      3. Do not choose a weak or easy to guess password; strong passwords must be used;
      4. Do not share or openly post passwords;
      5. Do not send personal data by e-mail, instant messaging, SMS, text and/or other end-user messaging technologies unless required as part of Service;
      6. Ensure paper and printouts personal data are not left unattended; it shall be locked in a cabinet and/or shredded immediately when not being used;
      7. If personal data is exchanged via phone, it shall be conducted in a private area;
      8. Review and identify the record retention and destruction requirements in order to protect the personal data;
      9. Maintain up-to-date and appropriate programs and controls to prevent unauthorised access to personal data.
      10. Take immediate action to secure any information that has or may have been compromised;
      11. Inform customers via website about changes made to Privacy Policy;
      12. Inform customers about actions taken in situation of disaster (via website or email).