Bodega Technologies maintains a data privacy policy providing direction and support to all levels of the organization, from individual contributor to executive management. The data privacy policy has been approved by management, published and communicated to all workforce members and relevant external-parties, and is reviewed annually or when significant changes to the internal or external environment occur to ensure it continued suitability, adequacy and effectiveness.

The data privacy policy ensures appropriate data protection mechanisms, including technical, process and physical mechanisms, are implemented in accordance with all relevant data privacy laws, regulations and contractual requirements set forth in the jurisdictions in which Bodega maintains a business presence.

Bodega data privacy policy is a confidential internal document and is not made available in its entirety for external review. The summary of the objectives and requirements included in Bodega’s data privacy policy is provided below.
 

DATA PRIVACY OBJECTIVES


  • Identify applicable laws and regulations in the jurisdictions in which Bodega maintains a business presence
  • Define what information assets are and are not considered personal information and sensitive personal information.
  • Establish the minimum standards for the processing, protection and handling of personal information and sensitive personal information in both digital and paper formats.
  • Determine ownership and assign accountability for the protection of all personal information assets.
  • Establish limits on the collection, use and sharing of all personal information assets.
  • Establish controls to prevent the misuse of all personal information assets.
  • Provide standard public data privacy policy statements describing how personal data is collected and under what circumstances it may be used by Bodega.



GENERAL NOTES


  • Information security incidents, whether found to contain personal information or not, are governed by Bodega’s incident response plan.

DATA PRIVACY POLICY