POLICY BRIEF & PURPOSE

Digital Infrastructure Alliance Ltd’s Data Protection Policy refers to our commitment to treat information of members, suppliers, stakeholders and other interested parties with the utmost care and confidentiality.With this Policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

Who is covered under the Data Protection Policy?

Controller

Digital Infrastructure Alliance Ltd (the “Company”) is the Controller of personal data and is registered on the ICO data protection record ref A8505017. Digital Infrastructure Alliance Ltd (referred to as “we”, “us” or “our” in this Data Protection Policy) is headquartered in the UK. This will mean that data you provide will be processed inside the UK.

Processor

Kava Media Ltd is the Processor responsible for your personal data as it is the business which provides secretariat services on behalf of Digital Infrastructure Alliance. Kava Media Ltd is registered on the Information Commissioner’s Office (ICO) data protection record ref Z8778999.

Generally, our policy refers to anyone we collaborate with or who acts on our behalf and may need occasional access to data.

PRINCIPLES

The seven principles for data processing are:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability

Meeting the principles

As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, financial data, etc.

The Company collects this information in a transparent way and only with the full co-operation and knowledge of interested parties. Once this information is available to us, we are committed to the following rules being applied.

Our data will be:

  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorised or illegal access by internal or external parties

Our data will not be:

  • Communicated informally
  • Stored for more than a specified amount of time
  • Transferred to organisations, states or countries that do not have adequate data protection policies
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data, the Company has direct obligations towards people to whom the data belongs. Specifically we must:

  • Let people know which elements of their data is collected
  • Inform people about how we’ll process their data
  • Inform people about who has access to their information
  • Have provisions in cases of lost, corrupted or compromised data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases

Our data protection provisions appear on our website.

Disciplinary Consequences

All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.

DATA SUBJECT RIGHTS

The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data.

Data Subject

The term ‘Data Subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address or credit card number.

The eight Data Subject rights under the GDPR

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights related to automated decision making including profiling

Further definition and how we ensure these rights are met are explained within our Privacy Statement, including how individuals can exercise these rights by contacting Digital Infrastructure Alliance’s secretariat [secretariat_at_idia.io].

Our Privacy Statement is on our website.

Data Protection Officer

Digital Infrastructure Alliance is not required to appoint a Data Protection Officer. The Secretariat team will act as first point of contact for any data protection related queries or questions, and can be reached by email.