1. Policy, scope and objectives
The Board of Directors and management of ClearObject., located at 8626 East 116th Street, Suite 300, Fishers, IN 46038 are committed to compliance with all relevant US, UK, and EU laws in respect of personal data, and to protect the “rights and freedoms” of individuals whose information ClearObject collects in accordance with the General Data Protection Regulation (GDPR). To that end, ClearObject has developed, implemented, maintains and continuously improves a documented personal information management system (‘PIMS’) for ClearObject.
The scope of the PIMS will cover the activities of ClearObject in its entirety with no aspect of the company’s undertakings being exempt. Company directors are responsible for the development and enactment of relevant policies, procedures, and protocols to ensure compliance as far as reasonably practical with the requirements of GDPR. Company directors and managers will ensure that employees are aware of the GDPR obligations placed upon them through relevant GDPR training and consultation.
1.3 Objectives of the PIMS
ClearObject’s objectives for the PIMS are that it should enable ClearObject to meet its own requirements for the management of personal information; that it should support organizational objectives and obligations; that it should impose controls in line with ClearObject’s acceptable level of risk; that it should ensure that ClearObject meets applicable statutory, regulatory, contractual and/or professional duties; and that it should protect the interests of individuals and other key stakeholders.
1.4 ClearObject is committed to complying with data protection legislation and good practice including:
a. processing personal information only where this is strictly necessary for legitimate organizational purposes;
b. collecting only the minimum personal information required for these purposes and not processing excessive personal information;
c. providing clear information to individuals about how their personal information will be used and by whom;
d. only processing relevant and adequate personal information;
e. processing personal information fairly and lawfully;
f. maintaining an inventory of the categories of personal information processed by ClearObject;
g. keeping personal information accurate and, where necessary, up to date;
h. retaining personal information only for as long as is necessary for legal or regulatory reasons or, for legitimate organizational purposes;
i .respecting individuals’ rights in relation to their personal information, including their right of subject access;
j. keeping all personal information secure;
k. only transferring personal information outside the EU in circumstances where it can be adequately protected;
l. the application of the various exemptions allowable by data protection legislation;
m. developing and implementing a PIMS to enable the policy to be implemented;
n. where appropriate, identifying internal and external stakeholders and the degree to which these stakeholders are involved in the governance of ClearObject’s PIMS; and
o. the identification of workers with specific responsibility and accountability for the PIMS.