POLICY PRIVACY | EZYCARD

Personal Data Protection Policy (PDPA) for Michael and Francis Management CO., LTD.

Effective Date: [23/11/2023]

1. Introduction

1.1 Purpose of the PDPA

Michael and Francis Management CO., LTD. (hereafter referred to as "the Company") recognizes the importance of protecting the personal data of individuals and is committed to ensuring compliance with relevant data protection laws. This Personal Data Protection Policy (PDPA) outlines the principles and practices the Company follows in the collection, processing, and handling of personal data.

1.2 Scope and Applicability

This policy applies to all employees, contractors, and third parties acting on behalf of the Company who have access to personal data.

2. Definitions

2.1 Personal Data

"Personal data" refers to any information relating to an identified or identifiable natural person, including but not limited to, names, contact details, identification numbers, and any other data that can be linked to an individual.

3. Principles of Data Protection

3.1 Lawfulness, Fairness, and Transparency

The Company will process personal data lawfully, fairly, and transparently. Individuals will be informed of the purposes for which their data is collected and processed.

3.2 Purpose Limitation

Personal data will only be collected for specified, explicit, and legitimate purposes. Any additional processing will be compatible with these purposes.

3.3 Data Minimization

The Company will only collect and process personal data that is adequate, relevant, and limited to what is necessary for the intended purposes.

3.4 Accuracy

The Company will take reasonable steps to ensure that personal data is accurate and up-to-date. Individuals have the right to request corrections to their personal data.

3.5 Storage Limitation

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.

3.6 Security

The Company will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction.

3.7 Data Subject Rights

Individuals have the right to access, rectify, erase, or restrict the processing of their personal data. The Company will facilitate the exercise of these rights.

3.8 Accountability

The Company is committed to demonstrating compliance with data protection principles and ensuring that all personnel are aware of their responsibilities under this PDPA.

4. Data Processing Procedures

4.1 Data Collection

Personal data will be collected directly from the data subject or through authorized third parties. Data subjects will be informed of the purposes and legal basis for processing.

4.2 Data Processing

The Company will only process personal data for the purposes for which it was collected. Any changes to the purpose of processing will be communicated to the data subjects.

4.3 Data Sharing

Personal data will only be shared with third parties when necessary for the specified purposes and with appropriate safeguards in place.

5. Data Breach Response

5.1 Notification

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority and affected data subjects will be notified as required by law.

6. Review and Update

6.1 Periodic Review

This PDPA will be reviewed periodically to ensure its continued relevance and effectiveness. Any necessary updates will be made promptly.

7. Policy Acknowledgment and Agreement

7.1 Review and Acknowledgment

All personnel, including employees and contractors, are required to review and acknowledge their understanding and compliance with this PDPA.

Conclusion:

This PDPA reflects Michael and Francis Management CO., LTD.'s commitment to protecting the privacy and rights of individuals whose personal data is processed by the company. Adherence to this policy is essential for maintaining trust and compliance with data protection laws.