Privacy policy is an important document that outlines how an organization collects, uses, and protects the personal data of its customers, users, or employees. It is a crucial component of any business or online platform that deals with personal information, as it helps to establish trust and transparency with the individuals whose data is being processed.

Data Collection and Processing

Methods of Data Collection

The privacy policy of an organization can detail the various methods used to collect personal data. This can include both active and passive data collection techniques.

Active data collection refers to the voluntary submission of information by individuals, such as when they fill out a job application, sign up for a newsletter, or provide feedback. Examples of active data collection include:

  • Job applications
  • Business relationship building
  • Communication and correspondence
  • Newsletter subscriptions

Passive data collection, on the other hand, involves the automated gathering of information without the individual’s direct involvement. This can include the use of cookies, IP addresses, and tracking of online activity. Examples of passive data collection include:

  • Cookies tracking IP address and online activity

Purposes and Legal Basis for Data Processing

The privacy policy should also outline the various purposes for which the collected data is processed, as well as the legal basis for such processing. Some common purposes and their associated legal bases include:

  • Communication and Inquiries: Legitimate interests to handle inquiries
  • Information Provision (e.g., Investor info, newsletters): Consent
  • Promotional Purposes: Consent
  • Legal Claims: Legitimate interests to defend legal claims
  • Social Sharing: Legitimate interests to enhance service and enable social sharing
  • Polls/Lotteries/Promotions: Consent
  • Job Applications: Consent
  • Brand Promotion (Job Fairs): Legitimate interests to promote the organization as a brand
  • Security Incident/Fraud Detection: Legitimate interests to ensure system security
  • Analytics/Market Research: Legitimate interests for marketing and research
  • Due Diligence (Regulatory): Compliance with legal/regulatory obligations
  • Legal Compliance (Gambling Laws): Compliance with legal/regulatory obligations
  • Fraud/Improper Activity Detection: Compliance with legal/regulatory obligations
  • Sharing Within Group Entities: Legitimate interests to provide services
  • Sharing with Regulators: Compliance with legal/regulatory obligations

Data Subject Rights

The privacy policy should also outline the various rights that individuals (data subjects) have with respect to their personal data. These rights may include:

Access

Individuals have the right to request confirmation of whether their personal data is being processed and to receive a copy of the data.

Rectification

Individuals have the right to request the correction of any inaccurate personal data and the completion of any incomplete data.

Erasure

Individuals have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer needed for the purposes it was collected.

Objection

Individuals have the right to object to the processing of their personal data in specific situations, such as for direct marketing purposes.

Restriction

Individuals have the right to request the restriction of the processing of their personal data under certain conditions, such as when the accuracy of the data is disputed.

Withdrawal of Consent

Individuals have the right to withdraw their consent for the processing of their personal data, if the processing is based on consent.

Data Portability

Individuals have the right to receive a copy of their personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller.

Complaint to Supervisory Authority

Individuals have the right to file a complaint with the relevant data protection authority if they believe their rights have been violated.

Data Sharing and Transfers

The privacy policy should also address how the organization shares and transfers personal data to other parties, both within the organization and externally.

Sharing Within Group Entities

The privacy policy should explain how personal data may be shared between different entities within the organization, such as subsidiaries or affiliates. This should be done in accordance with Intra-Group data processing agreements, which may include the use of Standard Contractual Clauses.

Sharing with Third-Party Data Processors

The organization may engage third-party vendors and service providers, such as cloud service providers, marketing companies, or advisors, to assist with various processing activities. The privacy policy should explain the purposes for which this data sharing occurs and the measures taken to ensure the security and protection of the data.

International Data Transfers

If the organization transfers personal data to countries outside the individual’s home country or jurisdiction, the privacy policy should explain the safeguards and legal mechanisms used to ensure the adequate protection of the data, such as the use of Standard Contractual Clauses or other approved data transfer mechanisms.

Security Measures

The privacy policy should outline the technical, physical, and organizational measures implemented by the organization to protect personal data against unauthorized access, destruction, alteration, or disclosure. This may include measures such as:

  • Encryption of data
  • Secure storage and access controls
  • Regular security audits and risk assessments
  • Employee training and awareness programs
  • Incident response and breach notification procedures

By providing this information, the privacy policy demonstrates the organization’s commitment to data security and its efforts to safeguard the personal information entrusted to it.

Data Retention

The privacy policy should also address the organization’s data retention practices, explaining how long personal data is kept and the rationale behind the retention period. This information helps individuals understand how long their data will be stored and the reasons for doing so, which may be based on legal requirements, business needs, or other legitimate purposes.

Conclusion

The privacy policy is a crucial document that helps to establish trust and transparency between an organization and the individuals whose personal data it processes. By clearly outlining the methods of data collection, the purposes and legal bases for data processing, the rights of data subjects, the measures taken to ensure data security, and the retention and sharing practices, the privacy policy empowers individuals to make informed decisions about their data and reinforces the organization’s commitment to responsible data stewardship.

推荐的文本: 我们的站点地址是:https://cg777.com.ph。

评论

推荐的文本: 当访客留下评论时,我们会收集评论表单所显示的数据,和访客的 IP 地址及浏览器的 User-Agent 字符串来帮助检查垃圾评论。

由您的电子邮箱地址所生成的匿名化字符串(又称为哈希)可能会被提供给 Gravatar 服务确认您是否有使用该服务。 Gravatar 服务的隐私政策在此:https://automattic.com/privacy/。在您的评论获批准后,您的资料图片将在您的评论旁公开展示。

媒体

推荐的文本: 如果您向此网站上传图片,您应当避免上传那些有嵌入地理位置信息(EXIF GPS)的图片。此网站的访客将可以下载并提取此网站的图片中的位置信息。

Cookies

推荐的文本: 如果您在我们的站点上留下评论,您可以选择用 Cookies 保存您的名字、电子邮箱地址和网站地址。这是通过让您可以不用在评论时再次填写相关内容而向您提供方便。这些 Cookies 会保留一年。

如果您访问我们的登录页,我们会设置一个临时的 Cookie 来确认您的浏览器是否接受 Cookies。此 Cookie 不包含个人数据,且会在您关闭浏览器时被丢弃。

当您登录时,我们也会设置多个 Cookies 来保存您的登录信息及屏幕显示选项。登录 Cookies 会保留两天,而屏幕显示选项 Cookies 会保留一年。如果您选择了「记住我」,您的登录状态则会保留两周。如果您注销登陆了您的账户,用于登录的 Cookies 将会被移除。

如果您编辑或发布文章,我们会在您的浏览器中保存一个额外的 Cookie。这个 Cookie 不包含个人数据而只记录了您刚才编辑的文章的 ID。这个 Cookie 会保留一天。

来自其他网站的嵌入内容

推荐的文本: 此站点上的文章可能会包含嵌入的内容(如视频、图片、文章等)。来自其他站点的嵌入内容的行为和您直接访问这些其他站点没有区别。

这些站点可能会收集关于您的数据、使用 Cookies 、嵌入额外的第三方跟踪程序及监视您与这些嵌入内容的交互,包括在您有这些站点的账户并登录了这些站点时,跟踪您与嵌入内容的交互。

我们与谁共享您的信息

推荐的文本: 若您请求重置密码,您的 IP 地址将包含于密码重置邮件中。

我们保留多久您的信息

推荐的文本: 如果您留下评论,评论和其元数据将被无限期保存。我们这样做以便能识别并自动批准任何后续评论,而不用将这些后续评论加入待审队列。

对于本网站的注册用户,我们也会保存用户在个人资料中提供的个人信息。所有用户可以在任何时候查看、编辑或删除他们的个人信息(除了不能变更用户名外)、站点管理员也可以查看及编辑那些信息。

您对您的信息有什么权利

推荐的文本: 如果您有此站点的账户,或曾经留下评论,您可以请求我们提供我们所拥有的您的个人数据的导出文件,这也包括了所有您提供给我们的数据。您也可以要求我们抹除所有关于您的个人数据。这不包括我们因管理、法规或安全需要而必须保留的数据。

您的数据将发送到何处

推荐的文本: 访客评论可能会被自动垃圾评论监测服务检查。