Privacy & Data Protection

Business practices need to be transparent for a business to maintain trust with a client base. Digitalisation has made sensitive data more attainable to unqualified sources. It is the responsibility of each corporation to protect their sensitive client data, and Cipher-Care makes a promise now to ensure that any and all sensitive data will be stored securely and will remain accessible only to those cleared and qualified to access it. Several government agencies are laying down laws regarding data protection policies, and Cipher-Care will abide by these in accordance with the countries we operate in.

Our Policies

At Cipher-Care we take data protection seriously and have gone to extreme lengths to ensure that we follow and sometimes exceed local and national data protection regulations. We have made our policies available here.

Consent

During the initial contact stages with a client, a general consent form is obtained that includes information for the client related to how their data will be stored and used. Should there be a need to move data or for terms of the consent agreement to change, additional consent will be obtained accordingly. In cases where client organizations refuse consent related to data, there will be limitations on the services that Cipher-Care can offer depending on what information the client is willing to provide.

Withdrawal Procedures

Once a data subject has given consent for the collection and processing of their data they are not bound by that agreement indefinitely. In any country, they are entitled to withdrawal of consent at any point in time as long as it is reasonable (for example, consent cannot be withdrawn after a task is already completed).

Data Collection

When consent has been obtained we can proceed with data collection. Cipher-Care remains transparent about data collection and use throughout our services. Collection might differ depending on the kind of service that a company requires. Therefore, specific collection related details are discussed with clients during initial consultation stages.

Data Storage

Collected data needs to be stored securely. Where data is stored, how long it will be stored, and who will have access to it, are discussed with clients during the consent phase. Cipher-Care’s data is stored securely and every possible step is taken to minimise the risk of a data breach. However, should a breach occur Cipher-Care has measures in place to notify affected parties and manage any consequences of such a breach. Where necessary, a data protection officer is on staff. During storage all clients will have access to their stored data as indicated by law and any further arrangements will be made as needed related to storage renewals, etc.

Data Loss

Secure storage includes minimizing the risk of data loss. Steps are taken to avoid data loss due to hardware and software failures. Steps are also taken to protect against unexpected elements like natural disasters.

Data Transfer

Data is transferred only when absolutely necessary and should the need arise it is discussed with any affected clients. Any organization that data is transferred to will be thoroughly screened to ensure that it also meets all security standards that Cipher-Care expects for our clients.

Data Breach

As mentioned, all reasonable precautions will be taken to protect against a data breach, however, should it occur there are steps that Cipher-Care will take to manage the situation. Part of these steps will include full disclosure with affected clients. In cases where it is required, the necessary authorities will also be notified. Notifications need to be made in written format. The notice usually needs to encompass the following:

A cause of, or reason for, the breach should be spelled out.
Notifications can be made electronically as long as that is attainable to the data subjects.
The company must ensure that the data subject has received the notice.

Reports should be created when a breach occurs. This report should be made available to authorities and should be kept for future reference. All remedial measures should also be documented and the risk must be addressed as well.

Data Processing

Full policies and procedures related to data processing are easily accessible for all Cipher-Care clients. Policies will provide information on the:

Collection of data
Analysis and process of that which was collected
Storage
Updating or correction of data-
Transferring, displaying, disclosing, and distributing information as part of services
Removal and deletion or anonymizing data

Criteria for Data Processing

Data subjects have given consent
Data processing is necessary in order to fulfil a specific contract or task that has been requested or consented to by the data subject
It is a processes necessary for the purpose of compliance

The processing is an essential part of a response to a national emergency or public safety matter
The processes is considered legal and ethical by any local laws
The process protects the health or life of a data subject who has not given consent
The objective of the process is lawful