EMPLOYEE CONFIDENTIALITY POLICY
We designed our company confidentiality policy to explain how we expect our employees to treat confidential information. Employees will unavoidably receive and handle personal and private information about clients, partners and our company. We want to make sure that this information is well-protected.
We must protect this information for two reasons. It may:
- Be legally binding (e.g. sensitive client data.)
- Constitute the backbone of our business, giving us a competitive advantage (e.g. business processes.)
This policy affects all employees, including board members, contractors, partners, Interns and volunteers, who may have access to confidential information.
Confidential and proprietary information is secret, valuable, expensive and/or easily replicated. Common examples of confidential information are:
- Unpublished financial information
- Data of Clients/Partners/Consultants
- Patents, formulas or new technologies
- Client lists (existing and prospective)
- Data entrusted to EEMS Limited by external parties
- Pricing/marketing and other undisclosed strategies
- Documents and processes explicitly marked as confidential
- Unpublished goals, forecasts and initiatives marked as confidential
Employees may have various levels of authorized access to confidential information.
What employees should do:
- Lock or secure confidential information at all times
- Shred confidential documents when they’re no longer needed
- Make sure they only view confidential information on secure devices
- Only disclose information to other employees when it's necessary and authorized
- Keep confidential documents inside our premises unless it's absolutely necessary to move them
What employees shouldn't do:
- Use confidential information for any personal benefit or profit
- Disclose confidential information to anyone outside EEMS Limited
- Replicate confidential documents and files and store them on insecure devices
When employees stop working for EEMS Limited, they're obliged to return any confidential files and delete them from their personal devices.
We take measures to ensure that confidential information is well protected. We'll:
- Store and lock paper documents
- Encrypt electronic information and safeguard databases
- Ask employees to sign non-compete and/or non-disclosure agreements (NDAs)
- Ask for authorization by senior management to allow employees to access certain confidential information
Confidential information may occasionally have to be disclosed for legitimate reasons. Examples are:
- If a regulatory body request it as part of an investigation or audit
- If our company examines a venture or partnership that requires disclosing some information (within legal boundaries)
In such cases, employees involved should document their disclosure procedure and collect all needed authorizations. We're bound to avoid disclosing more information than needed.
Employees who don't respect our confidentiality policy will face disciplinary and, possibly, legal action.
We'll investigate every breach of this policy. We'll terminate any employee who willfully or regularly breaches our confidentiality guidelines for personal profit. We may also have to punish any unintentional breach of this policy depending on its frequency and seriousness. We'll terminate employees who repeatedly disregard this policy, even when they do so unintentionally.
This policy is binding even after separation of employment.
DATA PROTECTION POLICY
POLICY BRIEF & PURPOSE
EEMS Limited Data Protection Policy refers to our commitment to treat information of employees, clients, consultants, partners, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
This policy refers to all parties (employees, clients, consultants, partners, stakeholders etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
EEMS Limited employees must follow this policy. Consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, confidential data, technical data, financial data etc.
EEMS Limited collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
Our data will not be:
- Communicated informally
- Stored for more than a specified amount of time
- Transferred to organizations, states or countries that do not have adequate data protection policies
- Distributed to any party other than the ones agreed upon by the data's owner
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
- Let people know which of their data is collected
- Inform people about how we'll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
To exercise data protection, we're committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
Our data protection provisions will appear on our website.
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.