Governance Process Framework

  • Home
  • Governance Process Framework

GOVERNANCE PROCESS FRAMEWORK

1. Introduction

We believe that good governance means that every human, organizational, technical and financial resource increasingly support and contribute to achieving your mission and vision in a fashion.

2. GOVERNANCE PROCESS

2.1. The senior management of House of Nature Safaris is accountable for the effective implementation of this Policy (including the Data Privacy Principles and Procedures as set out below). Senior management of HONS is to ensure that this Policy is incorporated and embedded into other policies and procedures, subject to (and in compliance with) Applicable Data Protection Laws.

2.2 As the “Data Controller” of its Customer and Employee Personal Data, HONS must implement local policies and procedures in such a manner that it can demonstrate compliance with Applicable Data Protection Laws including (where required):

  • Ensuring that the legislative and regulatory requirements are embedded in all activities involving the processing Personal Data (e.g. ensuring “privacy by design” for all new projects involving processing Personal Data).
  • Implementing appropriate technical and organizational measures which are designed to implement the Data Privacy Principles in an effective manner and to integrate necessary safeguards into processing activities, and to protect the rights of data subjects as required in the jurisdictions in which they operate.
  • Conducting regular privacy and data protection awareness training for Employees to ensure awareness and understanding of this Policy and their responsibilities in data protection management and privacy;
  • Conducting regular privacy risk assessments of its business practices and technologies to assess the privacy risk (including with respect to third party vendors) and the adequacy of mitigating controls.
  • Ensuring Personal Data is classified and handled according to its sensitivity, and its access is restricted on a need-to-know basis.
  • Designating appropriate privacy and IT security specialists to support the business in managing its data privacy risks (e.g. the appointment of a data protection officer).

2.3 All Employees involved in Personal Data processing should understand and comply with this Policy, as well as any related policies, procedures and guidelines implemented by HONS. Failure to process Personal Data in accordance with this Policy may lead to disciplinary action. Serious and/or deliberate non-compliance with this Policy could result in dismissal for Employees.

3. DATA PRIVACY PRINCIPLES

The Group shall at all times process Personal Data in line with the following Data Privacy Principles.

3.1 Lawful, fair and transparent processing.

  • Personal Data will only be used in a way that is lawful, fair and transparent.
  • Use of Personal Data should be in compliance with Applicable Data Protection Laws within each of the jurisdictions in which the Group operates. The Group has to be transparent about when, how and for what purpose it processes the Personal Data of Customers and Employees, and what choices and rights individuals have in that jurisdiction in relation to the processing of their Personal Data.
  • Access to Personal Data should be restricted to Employees who need to know the information to fulfil their roles within the Group and Sensitive Personal Data (including access thereto) requires the highest level of protection.

3.2 Purpose and use

Personal Data should only be collected for specified, clear and legitimate purposes and only to the extent needed to achieve those purposes. Use of Personal Data helps improve the services offered by our Group, but use of such data is proportionate to clear purposes.

3.3 Data accuracy

Reasonable steps are taken to ensure that any Personal Data held is accurate and up-to-date.

3.4 Data retention

Personal Data is only be kept for as long as is necessary for the fulfilment of the purposes for which it is being used. Guidelines around document retention periods is issued by each HNS to relevant management and staff.

3.5 Data deletion

The Group takes all practicable steps to erase relevant Personal Data held when the data is no longer required for the collection purposes (including any directly related purpose) for which it is being used, unless any such erasure is prohibited under any applicable law or it is in the public interest not to have the data erased.

3.6 Rights of the individuals

  • Personal Data is processed in accordance with the rights of individuals under the Applicable Data Protection Laws within each of the jurisdictions in which HONS
  • All requests from individuals to access, amend, delete or otherwise relating to their Personal Data is handled in a manner compliant with Applicable Data Protection Laws with appropriate processes for receiving and responding to such requests.

3.7 Information security

  • Appropriate technical and organizational security measures is in place to safeguard the Personal Data the Group is entrusted with against unauthorized or unlawful processing and against accidental loss, destruction or damage to ensure a level of security appropriate to the risk (e.g. the Pseudonymization and encryption of Personal Data and/or other security measures as appropriate).
  • Security measures are reviewed regularly to ensure that they offer the appropriate level of protection.
  • The same level of security is used to protect the Personal Data that is processed on behalf of third parties (e.g. where the HONS acts as “Data Processor”).

3.8 Cross-border transfers of Personal Data

The Group may be required to transfer information out of the jurisdiction where a HONS operates as necessary. Personal Data is not be transferred to a country or territory that does not provide adequate data protection or without appropriate safeguards