Data Protection and Privacy Policy

Define the principles and practices to follow in protecting Personal Information (PI) including ensuring the accuracy, confidentiality, and availability of PI, and allowing our employees, clients, customers, and partners to request access to and enable correction of their PI.

Date: 19/12/2022
Version 1
CLASSIFICATION: Restricted

1. Purpose and Scope

 

PURPOSE – The purpose of this policy is to define the principles and practices to follow in protecting all PI. Our commitment includes ensuring the accuracy, confidentiality, and availability of PI and allowing our employees’, clients’, customers’, and partners to request access to enable correction of their PI.

 

SCOPE – This policy is applicable to all systems, information processing facilities and personnel, as well as all third-party personnel within the scope of Ducis Services Ltd’s Information Security Management System.

 

2. Data Privacy Policy

 

2.1 Introduction

 

Ducis Services Ltd is committed to providing its employees, clients, customers, and partners with exceptional service. We collect, use and disclose Personal Information (PI) about our employees, clients, customers, and partners which makes protecting their PI a key priority.

In the course of its business, it is necessary for Ducis Services Ltd to record, store, process, transmit, and otherwise handle Confidential and or PI (generally referred to as ‘Personal Information’).

Ducis Services Ltd takes these activities seriously and provides fair and secure systems for the appropriate handling of Information. All such activities at Ducis Services Ltd are intended to be consistent with both generally accepted privacy ethics, standard business practices, and the relevant legal and regulatory requirements i.e., General Data Protection Regulation (GDPR).

 

2.2 Privacy by Design and by Default

 

The Principles of Privacy and Design and by default shall be applied as governing principles:

The principles of privacy by design are:

  • Limit collection. – The system or process collects only the minimum amount of PI that is relevant, proportional, and necessary for the identified purpose.
  • Limit processing. – The system or process limits the processing of PI to that which is adequate, relevant and necessary for the identified purpose.
  • Maintain accuracy and quality– The PI used is accurate, complete and up to date.
  • Minimize PII Limit collection -PI that does not need to be used in full or is no longer necessary is reduced through methods such as deletion, pseudonymization, and de-identification.

Privacy by default dictates that Ducis Services Ltd does not process more PI than is strictly necessary, even where the PI principal might, for instance, be able to increase the scope of the processing. This applies equally to the amount of personal data collected, the extent of the processing, and the period of storage

 

2.3 Data Privacy Principles

 

The following Data Privacy principles shall be applied:

  • Management shall take reasonable efforts to ensure that all Personal Information processed and maintained by Ducis Services Ltd is accurate, timely, relevant, and complete.
  • Management shall establish appropriate controls to ensure that Sensitive Information (i.e. Confidential, internal and PI) is disclosed only to those who are authorized and have a legitimate business need for such access.
  • Management also shall make reasonable efforts to ensure that all Sensitive Information is used only as intended, and that precautions preventing misuse are both effective and appropriate.
  • Data Privacy Impact Assessments (DPIA) shall be performed where new projects/contracts result in PI processing activities.
  • Management shall establish and maintain sufficient controls aiming to ensure that all Ducis Services Ltd Information is free from unauthorized alteration that may affect the integrity of the Information.
  • Information Owners, shall classify all relevant Information in line with the Information Management and Classification policy and ensure controls are designed in line with the classification.
  • Ducis Services Ltd is committed to ensuring the security of client, customer, and member PI to protect it from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.
  • Ducis Services Ltd shall use appropriate security measures when destroying client’s, customers and Staff’ PI.
  • Ducis Services Ltd shall continually review and update our security policies and controls as technology changes to ensure ongoing PI Security.
  • All Employees/Staff shall be provided with training to ensure that they understand Ducis Services Ltd policy and the procedures it has put into place to implement this policy.


2.4 Collecting PI

 

  • Unless the purposes for collecting PI are obvious and the employee, client, customer or and/or partner voluntarily provides his or her PI for those purposes, we will communicate the purposes for which PI is being collected, either orally or in writing, before or at the time of collection.
  • Ducis Services Ltd shall obtain client, customer, and member consent to collect, use or disclose PI where required.
  • Ducis Services Ltd shall retain client, customer, and member PI only if necessary to fulfill the identified purposes, a legal or business purpose.
  • External parties to Ducis Services Ltd should request correction to their PI by forwarding a request to the Information Officer. Ducis Services Ltd employees who seek to correct PI must inform their line manager and HR department.
  • We may collect information about your computer or device and Internet or other electronic network activity information. This includes:
    • Device identifiers, such as IP address, WIFI MAC address and Bluetooth address;
    • Geolocation information such as your mobile device’s Global Positioning System (GPS) technology, other technology (such as wireless transmitters known as beacons) and information about your contacts, depending on your device settings;
    • Information about your online activity, including information collected through the use of standard Internet technologies, such as cookies, pixels, web beacons, logs and other Internet technologies, as further set forth in our Cookie Statement and your offline activity, including information about your visit to our resorts or properties; and
    • Through Google Analytics, information about the use of our Site such as how often you visit our Site, what pages you visit, and what other sites you used prior to visiting our Site (for more information, see the “Web Analytics” section below).

 

2.5 Disclosure of Information

 

  • All requests for Sensitive Information coming from a person or organization outside Ducis Services Ltd shall be forwarded to the Information Officer.
  • All requests for PI that fall outside normal business procedures and that come from an Ducis Services Ltd employee must be forwarded to the Information Officer. The Data Protection Officer will decide whether the requests will be granted.

2.6 Appropriate Handling of Information

 

  • In general, Ducis Services Ltd may collect, process, store, transmit, and disseminate only Sensitive Information that is necessary for the proper functioning of its business.
  • When information is no longer needed, it must be destroyed, considering applicable legal requirements.
  • Before Ducis Services Ltd Information is removed the Staff shall take due care to ensure that the necessary security controls are applied as per the Information Security policies.
  • Where Sensitive Information is to be moved to another country to conduct business activities, Staff shall consult with their departmental manager or the Information Owner to ensure compliance with applicable legislation.
  • The display screens for all personal computers, workstations, and dumb terminals used to process Sensitive information, must where possible be positioned such that they cannot be readily viewed internally or in public areas.
  • All Sensitive Information shall not be disclosed to anyone except those people who have a genuine need to know.
  • The collection of Sensitive Information on prospects, customers, and others with whom Ducis Services Ltd does business, is required. However, Staff shall not collect such Information from prospects or customers without having obtained their consent.

2.7 Location Tracking in Our Time-Tracking Mobile App

 

Our time-tracking mobile app includes a location-tracking feature that is only active when a user is clocked in and actively tracking time. When the app is not in use and the user is not tracking time, location tracking is completely disabled.

 

Why We Collect Location Data

 

We collect location data solely to support project compliance, ensuring accurate work records and adherence to location-based project requirements. This data helps validate work hours and locations for compliance and operational purposes.

 

How We Handle Your Location Data

 

  • No Third-Party Access: We do not sell, share, or provide access to your location data to any third parties.
  • Limited Use: Location data is only used for internal compliance and operational verification.
  • Secure Storage: We take appropriate measures to protect your location data and ensure it is only accessible by authorized personnel.

By using our time-tracking mobile app, it is acknowledged and consented to the collection of location data under these conditions.

 

2.8 Contact Us

 

If you have any concerns about this policy, please contact us at getsirius@sirius-support.io referring to the privacy policy.

All Right Reserved by Sirius Support 2024

Privacy policy | Terms of Service | Careers