Privacy Policy

1. Objective

The objective of this policy is to outline the principles and practices for protecting the privacy of personal information in the design, development, and delivery of Big Solutions products and services. Privacy by Design is to proactively protect the privacy of individuals by minimizing the amount of personal data collected, ensuring that the data collected is used only for the intended purpose, and implementing strong security measures to prevent unauthorized access or disclosure.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who handle personal information in the course of their work for our organization.

3. Policy Statement

At Big Solutions, we are committed to safeguarding the privacy and security of personal information. We believe in integrating privacy considerations into our products, services, and business processes from the earliest stages of development. This Privacy by Design policy outlines our commitment to protecting personal information and our approach to embedding privacy protections into our operations.

4. Principles

Our organization is committed to the following Privacy by Design principles:

  • Proactive, not Reactive: Privacy considerations are integrated into all aspects of our products and services, from the initial design phase through to end-of-life.
  • Privacy as the Default Setting: Our products and services are designed to minimize the collection and use of personal information and to make privacy the default setting.
  • Privacy Embedded into Design: Privacy considerations are incorporated into the design and architecture of our products and services, including security measures to protect personal information from unauthorized access, use, and disclosure.
  • End-to-End Security: Our products and services are designed to ensure end-to-end security of personal information, from collection to storage, use, and disposal.
  • Transparency and User Control: We provide clear and concise information about our privacy practices, including how personal information is collected, used, and disclosed, and give individuals control over their personal information.
  • Respect for User Privacy: We respect the privacy of individuals and do not use personal information for any purpose other than the intended purpose.

5. Procedures

To implement these principles, Big Solutions will:

  • Conduct privacy impact assessments (PIAs) to identify and mitigate privacy risks associated with our products and services.
  • Implement data minimization practices to limit the collection, use, and retention of personal information to only what is necessary to provide the intended product or service and in accordance with the Data Protection Policy.
  • Provide clear and concise privacy notices that explain our collection, use, and disclosure practices to individuals.
  • Obtain the appropriate consent from individuals before collecting or using their personal information, where required by law.
  • Implement appropriate technical and organizational security measures to protect personal information from unauthorized access, use, and disclosure.
  • Regularly review and update our Privacy by Design Policy and related procedures to ensure ongoing compliance with applicable laws and regulations.

6. Training and Accountability

Big Solutions will provide training and resources to employees, contractors, and third-party service providers to ensure they understand their roles and responsibilities under this policy. We will also hold individuals accountable for complying with this policy and related procedures and take appropriate disciplinary action for non-compliance.

7. Document Security Classification

Company Internal. Please refer to the Data Classification Policy for more details.

8. Non-Compliance

Compliance with this policy shall be verified through various methods, including, but not limited to, automated reporting, audits, and feedback to the policy owner. Any staff member found to be in violation of this policy may be subject to disciplinary action, which may include termination of employment or contractual agreement. The disciplinary action shall depend on the extent, intent, and repercussions of the specific violation.

9. Responsibilities

The Privacy Officer is responsible for approving and reviewing policy and related procedures. Supporting functions, departments, and staff members shall be responsible for implementing the relevant sections of the policy in their area of operation.

10. Schedule

This document shall be reviewed annually and whenever significant changes occur in the organization.