Data Protection Policy – Gema Institute of Business & Technology (Pvt) Ltd  

Policy Number   : GQAPO005-GIBT

Approved date   : 22 January 2024

Last Reviewed    : February 2024

 

1. Introduction

1.1 GIBT Campus recognizes the importance of protecting the privacy and confidentiality of personal data collected and processed as part of its operations. This Data Protection Policy outlines our commitment to compliance with data protection laws and regulations.

 

2. Scope

2.1 This policy applies to all personal data collected, processed, and stored by GIBT Campus, whether in electronic or paper format, and covers all individuals associated with the university, including students, staff, faculty, contractors, and other third parties.

 

3. Principles

3.1 GIBT Campus is committed to the following principles in relation to data protection:

1. Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and transparently in accordance with applicable laws and regulations.
2. Purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
3. Data minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step shall be taken to ensure that inaccurate personal data are rectified or erased without delay.
5. Storage limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
7. Accountability: GIBT Campus shall be responsible for, and be able to demonstrate compliance with, the principles outlined in this policy.

 

 

 

4. Responsibilities

4.1 The Data Protection Officer (DPO) is responsible for overseeing compliance with data protection laws and regulations, and for developing and implementing data protection policies and procedures.

4.2 All members of staff, faculty, and other individuals associated with GIBT Campus are responsible for complying with this policy and for ensuring the protection of personal data in their possession.

 

5. Data Collection and Processing

5.1 Personal data shall only be collected and processed where necessary for the fulfillment of lawful purposes associated with the activities of GIBT Campus, and where such processing is carried out in accordance with applicable laws and regulations.

5.2 Individuals shall be informed of the purposes for which their personal data is being collected and processed, and their consent shall be obtained where required by law.

 

6. Data Security

6.1 GIBT Campus shall implement appropriate technical and organizational measures to ensure the security of personal data and to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

6.2 Access to personal data shall be restricted to authorized individuals who require such access for the performance of their duties.

 

7. Data Subject Rights

7.1 Individuals whose personal data is processed by GIBT Campus shall have the right to access, rectify, erase, restrict processing, and portability of their personal data, as well as the right to object to processing under certain circumstances.

7.2 Requests from data subjects to exercise their rights shall be promptly acknowledged and responded to in accordance with applicable laws and regulations.

 

8. Data Breach Response

8.1 In the event of a data breach involving personal data processed by GIBT Campus, the DPO shall be notified immediately.

8.2 GIBT Campus shall promptly investigate any suspected or actual data breaches and shall take appropriate measures to mitigate any adverse effects and to prevent future occurrences.

 

9. Training and Awareness

9.1 GIBT Campus shall provide regular training and awareness programs to all staff, faculty, and other individuals associated with the university on data protection policies, procedures, and best practices.

 

10. Review and Revision

10.1 This Data Protection Policy shall be reviewed periodically and revised as necessary to ensure ongoing compliance with applicable laws and regulations and to reflect changes in the university’s operations.

 

11. Compliance

11.1 Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.