Data Controller Contact Information
KA Publishing Ltd, Calgary, Canada
Date this policy was last updated: March 17th, 2023
This document governs the data protection policy of our websites in KA Publishing LimitedKA Publishing Limited (referred to as "the Company" in this policy) is committed to protecting the personal data of its customers, employees, and other individuals who interact with the Company. This Data Protection Policy sets out how the Company will comply with data protection laws, including the General Data Protection Regulation (GDPR).
The reason for this policy:
The purpose of this policy is to ensure that the Company handles personal data in compliance with the GDPR and any other applicable data protection laws. This policy will help the Company to protect personal data and ensure that it is processed fairly, lawfully, and transparently.
Data protection laws:
The GDPR is a data protection law that sets out the rules for the processing of personal data within the European Union (EU). The GDPR applies to the Company, as it processes personal data of individuals within the EU. In addition to the GDPR, the Company will comply with any other applicable data protection laws.
People, risks, responsibilities, and policy scope:
The Company recognizes that protecting personal data is a shared responsibility, and all employees have a role to play in ensuring that personal data is handled securely and in compliance with data protection laws.
Data protection risks:
The Company acknowledges that there are inherent risks associated with the processing of personal data. These risks include unauthorized access, accidental loss, destruction, or damage of personal data. The Company will take appropriate technical and organizational measures to mitigate these risks.
Responsibilities:
The board of directors has:
overall responsibility for ensuring that the Company complies with data protection laws. The board will receive regular updates on the Company's data protection practices, including any risks or incidents.
The data privacy officer is responsible for:
The IT manager is responsible for:
The marketing manager is responsible for:
General employee guidelines:
All employees who handle personal data must comply with the following guidelines:
Data storage:
Personal data should be stored securely, and appropriate measures should be taken to prevent unauthorized access, loss, destruction, or damage. Personal data should not be stored for longer than is necessary for the purposes for which it is being processed.
Personal data use:
Personal data should only be used for the purposes for which it was collected. The Company will obtain explicit consent from data subjects where necessary and will only use personal data for direct marketing purposes where appropriate consent has been obtained.
Personal data accuracy:
Personal data should be kept accurate and up-to-date. The Company will take reasonable steps to ensure that personal data is accurate, including conducting regular reviews of personal data and providing data subjects with the ability to update their personal data where necessary.
Subject access requests:
Data subjects have the right to request access to their personal data held by the Company. The data privacy officer is responsible for handling subject access requests and ensuring that the Company responds to such requests in accordance with data protection laws.
Training:
The Company will provide regular training to all employees who handle personal data to ensure that they understand their responsibilities under data protection laws and are aware of the Company's policies and procedures for handling personal data.
Monitoring and Review:
The Company will regularly review its data protection policies and procedures to ensure that they remain up-to-date and effective in protecting personal data. The data privacy officer will be responsible for monitoring the Company's compliance with data protection laws and for reviewing the effectiveness of the Company's data protection policies and procedures.
Complaints:
Data subjects have the right to lodge complaints with the relevant supervisory authority if they believe that their personal data has been mishandled. The Company will provide data subjects with information on how to lodge a complaint and will cooperate with the supervisory authority in the resolution of any complaints.
Enforcement:
The Company takes its obligations under data protection laws seriously and will take appropriate action against any employee who breaches the Company's data protection policies and procedures, including disciplinary action and termination of employment where appropriate.
Disclosing personal data for other reasons:
Personal data should not be disclosed to third parties unless it is necessary for the purposes for which it was collected or where the Company is required to disclose the data by law. The Company will ensure that appropriate safeguards are in place when disclosing personal data to third parties.
Data breach:
A data breach is any accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data. In the event of a data breach, the Company will take appropriate measures to mitigate the impact of the breach and will notify the relevant supervisory authority and affected data subjects in accordance with data protection laws.
Providing information:
The Company will provide data subjects with clear and transparent information about how their personal data is being processed, including the purposes for which it is being processed and their rights under data protection laws. The Company will provide this information in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
Contact Information:
Data subjects can contact the Company's data privacy officer at [email protected] for any queries or concerns regarding the Company's handling of their personal data.
Conclusion:
KA Publishing Limited is committed to complying with data protection laws and protecting the personal data of its customers, employees, and other individuals who interact with the Company. This Data Protection Policy sets out the Company's commitment to data protection and the responsibilities of its employees in ensuring that personal data is handled securely and in compliance with data protection laws.