These procedures will be regularly reviewed to ensure that they are up to date and remain compliant with all applicable legislative requirements.
These procedures do not govern processes by third parties. Notwithstanding the above, Lion & Lion will regularly check with contracting third parties to ensure that they are compliant with GDPR and all applicable laws.
Data breach/incident management procedure
Personal data breach is a breach of security which can result in loss, destruction, alteration or unauthorized disclosure of personal data
Data Security Incident is a situation that may affect and compromise the protection, integrity, availability and confidentiality of one’s personal data.
*All personal data breach is a security incident
To provide framework for reporting and managing data security breaches affecting personal or sensitive personal data.
Breach of personal data security will be dealt with immediately and appropriately in order to minimize the impact of the breach and prevent it from recurring.
Upon being aware of an actual, potential or suspected breach of personal data security, the Company will, within 72 hours, notify the affected individuals as well as any relevant authorities. Notification shall be sent by way of either a phone call or an email.
If any actual, potential or suspected breach was discovered by the data subject, a report must be made by emailing to firstname.lastname@example.org as soon as possible.
Such email must contain;
Date of incident and date you were made aware of the potential breach
Location and nature of incident
Upon the Company being aware and upon the form being received by the DPO, the DPO will notify the competent authority within 72 hours after being aware of such breach. The DPO will then conduct an identification and initial assessment by establishing the following;
Whether or not a personal data security breach has taken place.
To determine the cause of the breach;
To determine the type of personal data involved in the breach;
To determine the extent of such breach;
The repercussions of such breach;
Steps to rectify such breach.
Following this assessment, the DPO will notify the complainant within 14 days after such investigation and assessment have been concluded.
This procedure deals with complaints about how Lion & Lion manages personal data. Complaints raised may include the following;
Misuse of personal data
Loss of personal data
Unauthorized access to personal data
Unlawful processing of personal data
Complaints will be dealt with in accordance with the procedure set out herein.
If you have any concerns/problems regarding the way your personal data is handled, please contact the DPO at email@example.com. For us to facilitate and assist in dealing with the complaint, such email shall include the following;
Full name and NRIC/passport number;
Name of person who collected the Personal Data;
Details of the complaint;
Timeframe of which the suspected wrongdoing occurred; and
Any documentary evidence to support the complaint.
Upon receiving your complaint, the DPO will liaise with the relevant departments to investigate your complaint. You will be notified of the outcome of such investigation within reasonable time. Any action(s) taken will also be notified to you upon the conclusion of the investigation.
Data Requests for Access and Transfer
Data subject may request for access or transfer of his/her personal data. Such request must be made in writing and must email it to firstname.lastname@example.org. Email must include the data subject’s identification details and proof. Lion & Lion will aim to address the request within 14 days.
All personal data disclosed in response to such request will be communicated by a method appropriate to the security and sensitivity of the information. Information containing sensitive personal data sent by email or via USB or other portable media will be encrypted. If personal data is sent via hardcopy, the envelope/package shall be marked as strictly private and confidential.
Data updates, amendments and erasure
You may request for data updates, amendments and erasure by emailing us at email@example.com. For data updates and amendments, a copy of relevant identification proof must be attached in order for the amendments/updates to be made.
Lion & Lion will make it a priority to keep your personal data accurate and up to date. Your request will be communicated to the relevant team holding such data and will be dealt with accordingly. Your data will be updated/amended/erased within 14 days after such request is received and acknowledged. Upon the updates, amendment or erasure of such personal data, a notification will be sent to notify you regarding the completion of the process.
WORK WITH US
We believe that the success of our company is a result of our clients’ growth. Like what we do? Drop us a message or give us a call.