Our policy consists of the following ten privacy principles, which are summarized from the complete principles included in the body of the policy below:
1. Accountability: We establish policy and accountability over personal information, not only within IPI SOLUTIONS (NIG) LTD but also with our Clients.
2. Notice: We provide individuals with notice about how we collect, use, retain, and disclose personal information about them.
3. Collection: We collect personal information from individuals only for the purposes identified in the privacy notice we provided and only to provide the product or service the individual has requested or authorized.
4. Choice and Consent: We give individuals choices and get their consent regarding how we collect, use, and disclose personal information about them.
5. Use and Retention: We use the personal information that we collect for the purposes we identify in the privacy notice and in accordance with the consent that the individual provided. We do not retain personal information longer than is necessary to fulfill the purposes for which it was collected and to maintain reasonable business records.
6. Disclosure or Onward Transfer: When we disclose personal information to third parties, it is only for purposes that are identified in the privacy notice. We disclose personal information in a secure manner, with assurances of protection by those parties, according to contracts, laws and other agreements, and, where needed, with the consent of the individual.
7. Quality: We take steps to ensure that personal information in our records is accurate and relevant to the purposes for which it was collected.
8. Access: We allow individuals a way to make inquiries regarding the information about them that we hold and, when appropriate, to access their personal information for review and update.
9. Security: We protect personal information from unauthorized access and use.
10. Monitoring and Enforcement: We monitor compliance with our privacy policies, both internally and with our vendors, and we establish processes to address inquiries, complaints, and disputes.
Applying responsible privacy practices to personal information (also referred to as “personal data” or “personally identifiable information”) is at the forefront of IPI SOLUTIONS (NIG) LTD’s commitments. Several aspects of privacy make it central to our operations. Privacy is one of the four pillars of IPI SOLUTIONS (NIG) LTD’s Safe Operations Initiative, along with security, reliability, and business integrity. Privacy has been, and still is, an area of individual concern, and the individuals we interact with expect us to handle personal information with the utmost care. In fact, privacy is a key driver in the level of trust that people have in us.
The scope of “personal information” is quite broad and encompasses virtually any information about an individual that could be traced back to that individual. When there is doubt, for example whether the data refers or relates to an individual or an organization, or whether the data can be tied to an individual or is anonymous, we must treat the data as personal information. Note also that even with respect to data about an organization, there may be separate contractual or other obligations regarding the confidentiality of such data.
Understanding the hierarchy of policies, standards, and procedures
How to use this policy
At IPI SOLUTIONS (NIG) LTD, the IT Privacy Group (ITPG), partnering with the Legal Resource Group (LRG) and other departments, is responsible for the development of privacy policies and standards, and for developing internal processes and programs that enhance the integration of privacy management into the fabric of IPI SOLUTIONS (NIG) LTD business operations. For internal IT systems and processes, the Chief Information Officer (CIO) and CISO share this responsibility. Supporting ITPG is the IT Privacy Management Committee (ITPMC), which serves as the coordinating body for developing and implementing IPI SOLUTIONS (NIG) LTD’s approach to privacy management through the development and review of policies, practices, and business processes.
Other groups, such as Security and Internal Audit, play a role in helping to ensure that the organization meets its privacy commitments. However, the ultimate responsibility for privacy protection rests with each departmental head. Each department within IPI SOLUTIONS (NIG) LTD is responsible for putting procedures in place that uphold this global policy and its related standards, and for assigning day-to-day responsibilities for privacy protection to specific staff members for enforcement and monitoring.
In the departments, specific privacy procedures must be defined, documented, communicated, and updated as needed. The design, acquisition, implementation, configuration, and management of our business process, infrastructure, systems, products, and services must be reviewed for consistency with the global privacy policies, standards and procedures. The activities of our vendors must also be managed to ensure compliance with our policies and standards.
Where possible, notice must be provided to individuals at or before the collection of personal information. Otherwise, notice must be provided as soon as practical thereafter. Notice must be provided in all data collection vehicles, including online and offline channels, and must be clearly and conspicuously displayed to the user. Furthermore, in describing what a product or service does with personal information, the notice must be complete, accurate, and easy to understand. Notice is most often provided through a detailed privacy statement, supplemented by a “short notice” where appropriate. All Web sites, and any product or service that collects personal information, must have a privacy statement.
All privacy notices must include, as applicable, descriptions of:
Personal information can be collected online such as by using forms on Web sites, or offline such as by using registration cards and sweepstakes entry forms. Regardless of the collection method, the same privacy protections apply to all personal information.
Individuals should not be required to provide more personal information than is necessary for the provision of the product or service that the individual has requested or authorized. If any data is requested that is not needed for providing a service or product, such fields must be clearly labeled as optional.
When resorting to the collection of personal information through the use of a third party (not directly from the individual), it must be confirmed that the third party collected the information fairly and lawfully, and that the individual consented to have their information shared with IPI SOLUTIONS (NIG) LTD. When using vendors to collect personal information on our behalf, we must ensure that the vendors comply with our vendor privacy requirements.
Sensitive personal information is a sub-category of personal information that includes, but is not necessarily limited to, information regarding an individual’s:
Other categories of personal information are often treated as sensitive as well, including:
The collection of such sensitive information should be avoided unless it is strictly necessary to provide a service that the individual has requested, or unless IPI SOLUTIONS (NIG) LTD is required by law to do so. In any case, sensitive personal information must not be collected or used without legal advice and the explicit consent of the individual if required by law.
Consult LRG before collecting personal information from children. This includes situations where we collect information through a product or service that is targeted to children, or where we ask for age and may get information that indicates that a given user is a child.
Choice refers to the options we offer individuals regarding the collection and use of their personal information. Consent refers to their agreement to the collection and use, often expressed by the way in which they exercise a choice option.
Individuals must be informed about the choices available to them with respect to the collection, use, and disclosure of personal information. Consent must be obtained from the individual at or before the time when personal information is collected or as soon as practical thereafter. Individual choices must be implemented and respected. If personal information is to be used for purposes not identified in the privacy notice at the time of collection, the new purpose must be documented, the individual notified, and consent must be obtained prior to such new use or purpose.
When personal information is provided for one purpose (known as the primary purpose), individual consent is implicit for uses necessary to carry out that purpose. However, if the personal information is to be used or shared for any secondary purpose (any use beyond that necessary to provide the service or product that the user has requested), then there must be a choice mechanism presented to the user. The two main mechanisms for gaining the consent of an individual for secondary use or for sharing of personal information are known as “opt in” and “opt out.”
Opt in is an option that requires IPI SOLUTIONS (NIG) LTD to obtain the explicit consent of an individual before his or her personal information can be used or disclosed for secondary purposes. It is an active decision by an individual to consent to the secondary use(s). For example, an unchecked check box may be presented and the user must check the box to opt in. Opt in is IPI SOLUTIONS (NIG) LTD’s preferred method of offering choice or obtaining consent from individuals and is a legal requirement in some jurisdictions.
Opt out is an option that allows IPI SOLUTIONS (NIG) LTD to use or disclose personal information unless the individual requests otherwise. The individual must be given a clear and conspicuous opportunity to opt out of any secondary uses of personal information. For example, a check box may be presented already checked and the individual must uncheck it to opt out.
Opt in is strongly encouraged, but not necessarily required in all cases. However, there are several cases in which opt in is required:
Unless a contract, law, or regulation specifically requires otherwise, personal information must only be used for the purposes identified in the privacy notice and only if the individual has provided consent, and it must be retained for no longer than necessary to fulfill the stated purposes and support our business operations and reporting requirements.
Primary uses of personal information are generally permissible. Primary uses of data are those for which the personal information was originally collected or provided. For example, if an individual provides shipping information when ordering a product, using that information to send the order is a primary use. Primary uses of data can also be defined as the use of personal information to operate the service that the user has chosen. Analysis of personal information that is necessary to maintain the operations of the service—and use of data to enable better customer service—can be considered a primary use of data if identified as such in the privacy notice.
The line between a primary use and a secondary use is not always clear. However, the best guidance is to look at the situation from the perspective of the individual. When the individual provides the data, is it reasonably clear that a given use would have been part of the purpose for which the data is provided? If not, it is unlikely that it may be considered a primary use.
Individuals must be given additional notice and choice regarding secondary uses or transfers of personal information, and those choices must be respected. This principle allows the individual to provide personal information for a specific purpose without the fear that it may later be used for an unrelated purpose without the individual’s knowledge or consent.
Personal information should be kept only as long as necessary for business purposes identified at the time of collection or subsequently authorized by the individual. This includes meeting legal requirements for maintaining customer information enabling effective customer service and supporting our business records. Data collected for specific purposes should have a specific lifetime and expiration.
In many instances, there are regulations and laws that require customer and transaction records (that may contain personal information) to be maintained for certain durations. Depending on where the information is collected and stored, there may be various national and local laws that must guide the retention practices associated with personal information.
When the use of the personal information is no longer necessary for business purposes, a method must be in place to ensure that the information is destroyed in a manner sufficient to prevent unauthorized access to that information or is de-identified in a manner sufficient to make the data non-personally identifiable. Reasonable steps must be taken to ensure that personal information is handled and disposed of in a manner consistent with the nature of the information.
Individuals must be informed in the privacy notice if personal information is to be disclosed to third parties, and personal information must be disclosed only for the purposes described in the privacy notice and for purposes for which the individual has provided consent, unless a contract, law, or regulation specifically allows or requires otherwise.
Information may be shared with two kinds of entities:
Independent third parties are entities that may use, with consent, individuals’ information for their own purposes (that is, secondary purposes beyond that necessary to fulfill a service on behalf of IPI SOLUTIONS (NIG) LTD), such as marketing. Vendors and other agents are entities who receive personal information in order to perform some function on behalf of IPI SOLUTIONS (NIG) LTD, and they do not have any independent right to use that data for their own purposes.
When IPI SOLUTIONS (NIG) LTD wants to transfer personal information to a vendor or other third party acting as its agent, this action must be included in the privacy notice. In addition, IPI SOLUTIONS (NIG) LTD must enter into a written agreement with the vendor requiring that the vendor provide at least the same level of privacy protection as is required by Woodgrove’s policies and procedures. See the requirements of the Vendor Privacy Program for more details.
By contrast, some of the necessary steps for sharing personal information with independent third parties include:
Maintaining data integrity and quality requires that, as appropriate for the intended purpose, the data is reliable, accurate, complete, and current. Where appropriate, processes must be established to validate and update personal information as it is collected, created, and maintained. Steps must be taken to ensure that personal information used on an ongoing basis is sufficiently accurate and complete to make decisions, unless there are clear limits to the need for accuracy. Additionally, because personal information may be stored in multiple systems and databases, those systems must be designed to ensure that personal information (including individual preferences) remains accurate when data is merged or replicated from one system to another.
Part of the effort to maintain the reliability of data includes providing reasonable access mechanisms for individuals to view, edit, or update information that may be inaccurate. Another aspect of this effort is keeping the data secure from unauthorized modification or deletion. The Access and Security principles are addressed in greater detail below.
An important element of transparency and accurate processing of personal information is allowing individuals to be able to find out whether personal information is held about them, to be able to understand the specific nature of that information, and to be able to ensure that the information is accurate and up to date. Individuals will be informed of how they may review or update their personal information as appropriate.
To protect the privacy of individuals, the identity of the individual requesting access must first be verified before any access to review or update is provided. IPI SOLUTIONS (NIG) LTD should inquire about the purpose for the access request so that it can furnish the individual with relevant information, and it should suitably authenticate the identity of the requestor. When IPI SOLUTIONS (NIG) LTD is clear on the purpose of the access request and the identity of the requestor, it must respond within a reasonable time, generally within 30 days, and at minimal or no cost to the individual. The information supplied to the individual must be provided or made available in a form that is generally understandable. For example, where we use abbreviations or codes to record information, an explanation must be provided. If we are unable to meet the 30-day timeframe, the individual must be advised in written or electronic communication of the expected date that the information requested will become available.
After reviewing the information, individuals may be permitted to update, correct, or amend the personal information as warranted. Controls must be established to help ensure that the updated information is not erroneous and that the access right is not otherwise misused to detract from the quality of the information we use. When practical, economically feasible, and where warranted, updates and corrections to personal information will be communicated to third parties that previously received the individual’s information.
Nonetheless, there may be circumstances in which the individual’s access or correction request will be limited or denied. In those circumstances, the individual will be informed in written or electronic communication of the reason for the denial, and if applicable, of the individual’s right to challenge the denial as permitted or required by law or regulation.
Information security is one of many components required to build and maintain a Services and Support environment. Security is a fundamental means to achieving IPI SOLUTIONS (NIG) LTD’s privacy objectives. It is critical that the information security practices mandated by IPI SOLUTIONS (NIG) LTD’s security guidelines, IPI SOLUTIONS (NIG) LTD IT, and other departments be implemented for all products, services, and systems.
Security controls must be developed, documented, approved, and implemented and must include administrative, technical, and physical safeguards to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Such controls must be based on the Services and Support Security Program (SBSP). It must be each group’s responsibility to ensure compliance with the SBSP and its policies. More restrictive security controls must be applied to the protection of sensitive personal information.
Controls over the use and protection of personal information must be reviewed for their effectiveness. Monitoring involving Internal Audit and the BPG may take place; however, the ultimate responsibility for monitoring compliance to ensure the continued compliance of our operations with privacy policies, standards, and procedures lies with department heads who must assign this day-to-day responsibility to specific staff.
Individuals must be informed about how to raise privacy complaints, both directly with IPI SOLUTIONS (NIG) LTD and through applicable third-party dispute resolution programs sanctioned by the BPG, for example, TRUSTe. Privacy complaints must be addressed following an established process, and their resolution must be documented and communicated to the individual.
Effective complaint response and escalation processes regarding the handling of privacy-related issues must be implemented, because a complaint may escalate and become a privacy incident. Privacy incident reporting may come from a number of sources. Incidents may be reported outside of IPI SOLUTIONS (NIG) LTD from customers or other individuals, law enforcement officials, security incident response organizations, privacy advocacy groups, or the media.
Privacy policies must be enforced through: