Introduction

CosmoNet Group is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations.

We don’t store any personal data about the users and other individuals for a variety of business purposes. Our website doesn’t have any registration page or form which can be used to collect personal data.

The WordPress plugin has the capability to anonymize IPs while tracking, meaning that the last octet of the IP will be 0 instead of the actual user’s IP. Also the plugin support exclusion from the analytics for users sending Do Not Track header.

Scope

  • This policy applies to all staff, who must be familiar with this policy and comply with its terms.

This policy supplements our other policies, terms and conditions and privacy policy. We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.

  • Who is responsible for this policy?

As our General Manager has overall responsibility for the day-to-day implementation of this policy.

The Principles

CosmoNet Group shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:

  1. Lawful, fair and transparent

Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.

  1. Limited for its purpose

Data can only be collected for a specific purpose.

  1. Data minimisation

Any data collected must be necessary and not excessive for its purpose.

  1. Accurate

The data we hold must be accurate and kept up to date.

  1. Retention

We cannot store data longer than necessary.

  1. Integrity and confidentiality

The data we hold must be kept safe and secure.

Accountability and transparency

We must ensure accountability and transparency in all our use of data. We must show how we comply with each Principle. You are responsible for keeping a written record of how all the data processing activities you are responsible for complying with each of the Principles. This must be kept up to date and must be approved by the General Manager.

To comply with data protection laws and the accountability and transparency Principle of GDPR, we must demonstrate compliance. You are responsible for understanding your particular responsibilities to ensure we meet the following data protection obligations:

  • Fully implement all appropriate technical and organisational measures
  • Maintain up to date and relevant documentation on all processing activities
  • Conducting Data Protection Impact Assessments
    • Implement measures to ensure privacy by design and default, including:
    • Data minimisation
    • Pseudonymisation
    • Transparency
  • Allowing individuals to monitor processing

Creating and improving security and enhanced privacy procedures on an ongoing basis

Responsibilities 

Our responsibilities
1) Analysing and documenting the type of data we hold (currently we don’t hold any data)
2) Checking procedures to ensure they cover all the rights of the individual
3) Identify the lawful basis for processing data
4) Ensuring consent procedures are lawful
5) Implementing and reviewing procedures to detect, report and investigate data breaches
6) Assess the risk that could be posed to individual rights and freedoms should data be compromised

You responsibilities
1) Fully understand your data protection obligations
2) Check that any data processing activities you are dealing with comply with our policy and are justified
3) Do not use data in any unlawful way
4) Do not store data incorrectly, be careless with it or otherwise cause us to breach data protection laws and our policies through your actions
5) Comply with this policy at all times
6) Raise any concerns, notify any breaches or errors, and report anything suspicious or contradictory to this policy or our legal obligations without delay

 Reporting Breaches

Any breach of this policy or of data protection laws must be reported as soon as practically possible. This means as soon as you have become aware of a breach. CosmoNet Group has a legal obligation to report any data breaches to us within 72 hours.

All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:
1) Investigate the failure and take remedial steps if necessary
2) Maintain a register of compliance failures
3) Notify us of any compliance failures that are material either in their own right or as part of a pattern of failures
4) Any member of staff who fails to notify of a breach, or is found to have known or suspected a breach has occurred but has not followed the correct reporting procedures will be liable to disciplinary action. Please refer to us for our reporting procedure.

Failure to Comply

We take compliance with this policy very seriously. Failure to comply put us in risk.
The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures which may result in dismissal.

If you have any questions or concerns about anything in this policy, do not hesitate to contact us.