Protecting personal data (whether from our employees, business partners, customers or users) is fundamental to maintaining the trust and confidence of our stakeholders. Any misuse or breach of this information would jeopardize our reputation. It could also trigger significant financial losses, regulatory penalties, and legal consequences.
That’s why strong personal data protection practices are essential. It is both a matter of ethical responsibility and a critical component of our business integrity and long-term success. We handle all personal data with the utmost care, transparency, and compliance with applicable laws and industry standards.
What does it mean?
Personal data protection involves its proper collection, usage, storage, and safeguarding to ensure its security and appropriate use.
What is considered “personal data”? Any electronic or physical data that can directly or indirectly identify an individual:
- General identification and contact details (name, email, phone number, address).
- Government-issued identification numbers (national ID, passport).
- Financial information (credit card, bank account numbers).
- Technical identifiers (national ID, device ID, geolocation).
- Biometric identifiers (facial geometry, fingerprint).
Our Do’s
- We limit data collection and use - we only collect and use personal data to the extent necessary and provide clear, transparent information about our practices.
- We minimize data retention - we only keep personal data within the Company and third parties as necessary to fulfill legitimate business purposes or comply with legal obligations.
- We ensure security and accountability - we implement robust security measures to protect personal data and maintain accountability throughout its lifecycle.
Handling data privacy
in practice
Because real life is rarely as clear-cut as theory, here are the answers to a few questions you might have
I want to organize an event with customers and a few employees, and I would like to have a photographer present. What should I be mindful of?
Among other obligations, data protection requires obtaining consent from individuals before collecting, using, or disclosing their personal data.
I work in a department with access to employee data and receive a request from an external party asking for access to an employee’s personal data. What should I do?
Protecting personal data and restricting access on a need-to-know basis is essential for maintaining privacy and complying with personal data protection laws. Any external requests must be carefully evaluated and handled according to Company policies and applicable regulations.