Data Protection Policy

SMARTPIKA LIMITED DATA PROTECTION POLICY

Version No. 002

Issued Date: 06 February 2025

The Policy Scope

At SmartPika we recognize the importance of data in our operations and the need to ensure its security, confidentiality, integrity, and availability.

SmartPika Data Protection Policy ensures the protection, integrity, and appropriate usage of data assets. It includes data classification, ownership, secure collection and storage, controlled access, responsible data handling, proper retention and disposal, secure data sharing, incident response, compliance with regulations, continuous improvement, and employee reporting mechanisms. The policy aims to maintain trust in data protection practices.

This data protection policy outlines our commitment to effectively manage and protect company data assets. This policy applies to all employees, contractors, and third-party partners who handle company data in any form.

1.0 Data Classification

We recognize that not all data holds the same level of sensitivity. To effectively manage our data, we classify it into different categories based on its importance and potential impact. This classification helps us allocate appropriate resources for data protection and access control. Moreover, SmartPika clearly defines data ownership, ensuring that individuals or teams are responsible for specific data sets, thereby promoting accountability and appropriate handling.

a. Confidential Data: This includes sensitive information such as personally identifiable information (PII), financial data, trade secrets, and other proprietary information. Access to confidential data should be limited to authorized individuals with a legitimate need.

b. Internal Data: This category includes internal reports, operational data, and non-sensitive information that is not publicly available but doesn't pose a significant risk if accessed by unauthorized individuals.

c. Public Data: This refers to information that is intended for public consumption, such as marketing materials, press releases, and publicly available website content.

2.0 Data Collection and Storage

We collect data from various sources while doing our business, which support our operations and decision-making processes. The collection of data is done transparently, ensuring compliance with applicable privacy laws and regulations. We strive to collect only necessary data and avoid excessive or unnecessary data gathering.

For data storage, SmartPika employs secure and reliable systems and infrastructure. We implement appropriate security measures to protect data at rest and in transit. Regular backups and disaster recovery plans are in place to ensure data availability and integrity.

3.0 Data Access and Authorization

Access to company data is granted on a need-to-know basis, following the principle of least privilege. Employees are assigned access rights based on their job roles and responsibilities. Access controls, such as strong passwords, multi-factor authentication, and encryption, are implemented to prevent unauthorized access to sensitive data.

Employees are educated about data handling best practices and their responsibilities regarding data protection. They are required to use company-approved tools and software to manage and process data securely. Additionally, employees must not disclose, share, or use company data for personal or unauthorized purposes.

a. Access Controls: Access to company data should be granted based on the principle of least privilege, ensuring that individuals have access only to the data necessary to perform their job functions.

b. User Authentication: Strong authentication mechanisms, such as unique usernames and passwords, two-factor authentication, or biometric measures, should be implemented to prevent unauthorized access.

4.0 Data Retention and Disposal

Data retention periods are defined based on legal, regulatory, and business requirements. SmartPika ensures that data is retained only for the necessary duration and securely disposed of when no longer needed. We employ appropriate methods for data disposal, such as secure deletion, shredding, or data anonymization, to prevent unauthorized access or data breaches.

5.0 Data Sharing and Transfer

When sharing data with external parties, SmartPika takes necessary precautions to protect the confidentiality and integrity of the information. We enter into data-sharing agreements or contracts that establish the responsibilities and obligations of all parties involved. These agreements ensure compliance with data protection regulations and specify the purpose and scope of data sharing.

In cases where data is transferred internationally, SmartPika adheres to applicable data transfer mechanisms, such as standard contractual clauses or other approved methods, to ensure the protection of personal data.

6.0 Data Breach Response

Despite preventive measures, data breaches can still occur. SmartPika has established a comprehensive incident response plan to promptly and effectively respond to any data breach incidents. This plan includes procedures for identifying, containing, investigating, and notifying affected parties, as required by relevant laws and regulations. We prioritize minimizing the impact of data breaches and take steps to prevent similar incidents in the future.

7.0 Compliance and Continuous Improvement

SmartPika is committed to complying with all relevant data protection laws, regulations, and industry standards. We regularly review and update our data protection practices aligning with evolving requirements and best practices. Internal audits and assessments are conducted to evaluate the effectiveness of our data protection policies and identify areas for improvement.

Employees are encouraged to report any concerns or potential data breaches through the designated channels. Whistleblower protection mechanisms are in place to safeguard employees who report such incidents in good faith.

By adhering to this Data Protection Policy, SmartPika strives to maintain trust and confidence.