1. Purpose
To ensure that Bioenzene protects Personal Data and Sensitive Personal Data throughout its lifecycle in compliance with leading privacy standards.
2. Scope
This Enterprise Privacy Management Policy (“Policy”) is applicable to Bioenzene associates, contractors, consultants, interns, trainees, service providers, customers, and business partners who may have access to or receive Personal Data from Bioenzene, or who provide Personal Data to Bioenzene. This Policy applies regardless of where the Processing of Personal Data happens, or whether the Processing is wholly or partly automated, or manually as part of a structured filing system. Wherever the context requires in the Policy, Personal Data shall be construed to also include Sensitive Personal Data.
3. Data Protection Principles
Bioenzene shall abide by the following principles when managing Personal Data:
- Processing of Personal Data shall be done lawfully, fairly and transparently, regardless of the source of Personal Data.
- Personal Data shall only be collected and processed for specific, explicit and legitimate purposes.
- Personal Data collected shall be adequate, relevant and limited to what is necessary in relation to the purpose for which it is collected. No more than the minimum amount of data shall be retained for Processing.
- Personal Data shall be accurate and up-to-date. Upon receipt of request from the Data Subject, inaccurate data shall be rectified or erased without delay.
- Personal Data which is no longer required shall be removed or erased.
- Adequate security controls shall be implemented for protection against unauthorized Processing, loss, damage, and destruction.
Guided by these principles, Bioenzene shall:
- Uphold rights of Data Subjects and address their concerns through the data protection office.
- inculcate a culture of data protection and privacy to sustain awareness and adhere to global data protection laws.
- embed privacy-by-design in organizational processes
- retain Personal Data only for as long as necessary to fulfil the purposes of collection or as required by law
- ensure that access to Personal Data is given only to authorized associates
- ensure adequate security controls are in place when transferring Personal Data across jurisdictions or to any third party through means of contracts, data transfer agreements, or to the extent allowed by law
- conduct a Data Protection Impact Assessment in case of change in processes, introduction of new technologies, risks to Data Subject rights, or as required by law
- record and report all data breaches to the data protection office, the relevant regulatory authority, and the affected Data Subjects within prescribed timelines
- confirm adherence to this policy through regular audits and monitoring systems
- take timely remedial measures against all breaches to this Policy
- encourage associates and all related parties to adhere to the Policy by imbibing this as an inherent part of their work culture.
4. Glossary
| Term | Definition |
|---|---|
| Bioenzene | Bioenzene Limited, its subsidiaries, group companies, affiliates, directors, associates, assigns and successors. |
| Data Protection Impact Assessment (DPIA) | An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. |
| Data Subject | The individual about whom information is being processed. |
| Notice | A statement made to a data subject that describes how the organization collects, uses, retains and discloses Personal Data. |
| Processing | A statement made to a data subject that describes how the organization collects, uses, retains and discloses Personal Data. |
| Personal Data | Any information relating to a natural person, which could be used for identifying such person, in particular by reference to a name, an identification number location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity. |
| Sensitive Personal Data | Such Personal Data which consists of information revealing the Data Subject’s medical, financial, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. |