PRIVACY POLICY

The Data Protection Act 1998 (DPA) was passed to implement various Data Protection Directive and applies to all data relating to, and descriptive of, living individuals (defined as "personal data") which are held either electronically or in a structured manual filing system. ELNEXU CONSULTS is committed to a policy of protecting the rights and freedoms of individuals concerning the processing of all data held by it which affects their privacy, whether in their personal or family life, business, or professional capacity.

Data may only be processed in accordance with this policy and with the terms of ELNEXU CONCULTS Notification to the Information Commissioner, which sets out the purposes for which ELNEXU CONCULTS holds and processes personal data. Any breach of the policy may result in ELNEXU CONCULTS PAY, as the registered Data Controller, being liable in law for the consequences of the breach. This liability may extend to the individual processing the data and his/her Head of the department under certain circumstances.

1.1 PRINCIPLES

All data users must comply with the eight Data Protection Principles. The principles define how data can be legally processed. 'Processing' includes obtaining, recording, holding, or storing information and carrying out any operations on the data, including adaptation, alteration, use, disclosure, transfer, erasure, and destruction.

i. Personal data shall be processed fairly and lawfully.

ii. Personal data shall be held only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.

iii. Personal data shall be adequate, relevant, and not excessive about the purpose for which it is processed.

iv. Personal data shall be accurate and where necessary kept up to date.

v. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.

vi. Personal data shall be processed in accordance with the rights of data

vii. Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of the data.

viii. Personal data shall not be transferred to a country or a territory outside Nigeria unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects about the processing of personal data.

• The DPA defines both personal data and sensitive personal data. Data users must ensure that the necessary conditions are satisfied for the processing of personal data and in addition that the extra, more stringent, conditions are satisfied for the processing of sensitive personal data.

• "Personal data" has a broad-ranging definition and can include not only items such as home and work address, age, telephone number and schools attended but also photographs and other images if focused on an individual and disclosing information that is biographical in a significant sense.

• "Sensitive personal data" consists of racial/ethnic origin, political opinion, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, and criminal record.

INFORMATION OWNERSHIP/DISCLOSURE/LOSS POLICY

Objectives:

•To maintain appropriate protection of all ELNEXU CONSULTS information assets and to prevent loss, damage, or compromise of assets and interruption to business activities.

•To prevent compromise or theft of information and information processing facilities.

•To maintain the integrity and availability of information processing and communication services.

•To prevent the loss, modification or misuse of information exchanged between organizations and user data in application systems.

An inventory is maintained of all ELNEXU CONSULTS major information assets, and each owner is clearly stated. Within the inventory, each information asset is classified according to sensitivity using ELNEXU CONSULTS agreed Network security classification scheme. Classified information and outputs from systems handling classified data are appropriately labeled according to the output medium. When permanently disposing of equipment containing storage media all sensitive data and licensed software must be deleted before the equipment is moved off-site using procedures authorized by the Director of Information Technology. Damaged storage devices containing sensitive data must undergo appropriate risk assessment, to determine if the device should be destroyed, repaired, or discarded.
ELNEXU CONCULTS encourages a clear desk and screen policy when employees are absent from their normal workplace and outside normal working hours. In addition, screens on which confidential or sensitive information is processed or viewed should be sited in such a way that they cannot be viewed by unauthorized persons. Removal off-site of ELNEXU CONSULTS sensitive information assets, either printed or held on computer storage media must be properly authorized by the appropriate Head of Department, Head of Section, or line manager.
Information owners must ensure that appropriate backup and system recovery procedures are in place. The Head of the Department or Section is responsible for ensuring that the frequency of such backup operations and recovery procedures meets the business's needs. The archiving of information and documents must take place with due consideration for legal, regulatory, and business issues, with liaison between technical and business staff, and in keeping with ELNEXU CONSULTS Data Retention Policy. Storage media used for archiving information must be appropriate to its expected longevity. The format in which the data is stored must also be carefully considered, especially where proprietary formats are involved. All users of information systems must manage the creation, storage, amendment, copying, and deletion or destruction of data files in a manner that safeguards and protects the confidentiality, integrity, and availability of such files. Day-to-day data storage must ensure that current information is readily available to authorized users and that archives are both created and accessible in case of need. Highly sensitive or critical documents should not rely upon the availability or integrity of data files over which the author may have no control. Key documents and reports should normally be self-contained. Hard copies of sensitive or classified material must be protected and handled according to the distribution and authorization levels specified for those documents. All users must be aware of the risks of breaching confidentiality associated with the photocopying (or other duplication) of sensitive documents. All information used for, or by the ELNEXU CONCULTS, must be filed appropriately and according to its classification. All signatures authorizing access to systems or release of information must be properly authenticated.
All hardcopy documents of a sensitive or confidential nature must be disposed of when no longer required, in line with ELNEXU CONSULTS Data Retention Policy and policy on sustainability. Any third party used for external disposal of ELNEXU CONSULTS obsolete information-bearing equipment or hardcopy material must be able to demonstrate compliance with ELNEXU CONSULTS Network security. Before sending sensitive information or documents to third parties, not only must the intended recipient be authorized to receive such information, but the procedures and network security measures adopted by the third party must also be seen to continue to assure the confidentiality and integrity of the information. Sensitive data or information may only be transferred across networks, transmitted by post or other similar means, or copied to other media, when the confidentiality and integrity of the data can reasonably be assured. Email addresses should be checked carefully before dispatch, especially where the information content is sensitive. The identity of recipients or requesters of sensitive or confidential information over the telephone must be verified and they must be authorized to receive it. Staff authorized to make payment by credit card for goods ordered over the telephone or Internet, are responsible for safe and appropriate use. Email should only be used for business purposes in a way that is consistent with Other forms of business communication. Information received via email must be treated with care due to its inherent Network security risks. File attachments should be scanned for possible viruses or other malicious code.

Get started it's simple and easy to use

Designed to get the job done simple, easy, and straight forward

Please Fill Up the form

Form submitted successfully , Thank you for choosing elpay.You will receive an update within 24 hours

×