Data protection policy
This is the data protection policy for Symbiosis (Symbiosis Horse Academy). Symbiosis complies with the following privacy principles with respect to personal data. It shall apply to all the staff and third parties involved in business with the company.
- The company has access to lawfully acquired personal data, and it processes that data in a transparent manner.
- The policy provides protection to any kind of data it collects with the consent of the data holders, including names, phone numbers, postal addresses, email addresses, and more.
- The company will process the data only if and to the extent that
It has gained the consent of the data holders.
The processing is necessary for the relationship of the parties.
The processing is necessary for compliance with any legal obligations.
The processing it to further a legitimate business interest.
It is necessary for the employees performance.
- The company collects information with the explicit consent of the data holders, and it uses it for the explicit, legitimate purposes set forth in this policy and for no other purpose.
- The company only collects data that is adequate, relevant, and limited for the purpose for which is being collected.
- The company collects and processes personal data as accurately as possible.
- The company takes every measure reasonable and necessary to maintain the integrity and confidentiality of the information being collected. It does not provide or allow unauthorised persons to access it.
- Data that is necessary to run the business and from which the company generates revenues, and it’s collected with free consent and for a legitimate purpose will remain the company propriety, and the company will have the ultimate power to use that data legitimately.
- Personal data shall be retained by the company management , HR or IT.
- Personal data may be disclosed to third parties such as payroll and benefits vendors, background check companies and more.
- Personal data shall be retained for the company for as long as it is necessary, and it shall be deleted immediately after the need is over.
- The data holder has the right to ask for any data the company except which is adverse to the company’s interest.
- In case of a breach of data, the company will notify the individuals and the appropriate authority within 48 hours of such breech.
1st June 2023