POLICY BRIEF & PURPOSE
Digital Infrastructure Alliance Ltd’s Data Protection Policy refers to our commitment to treat information of members, suppliers, stakeholders and other interested parties with the utmost care and confidentiality.With this Policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
Who is covered under the Data Protection Policy?
Controller
Digital Infrastructure Alliance Ltd (the “Company”) is the Controller of personal data and is registered on the ICO data protection record ref A8505017. Digital Infrastructure Alliance Ltd (referred to as “we”, “us” or “our” in this Data Protection Policy) is headquartered in the UK. This will mean that data you provide will be processed inside the UK.
Processor
Kava Media Ltd is the Processor responsible for your personal data as it is the business which provides secretariat services on behalf of Digital Infrastructure Alliance. Kava Media Ltd is registered on the Information Commissioner’s Office (ICO) data protection record ref Z8778999.
Generally, our policy refers to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
PRINCIPLES
The seven principles for data processing are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Meeting the principles
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, financial data, etc.
The Company collects this information in a transparent way and only with the full co-operation and knowledge of interested parties. Once this information is available to us, we are committed to the following rules being applied.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorised or illegal access by internal or external parties
Our data will not be:
- Communicated informally
- Stored for more than a specified amount of time
- Transferred to organisations, states or countries that do not have adequate data protection policies
- Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data, the Company has direct obligations towards people to whom the data belongs. Specifically we must:
- Let people know which elements of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
Our data protection provisions appear on our website.
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
DATA SUBJECT RIGHTS
The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data.
Data Subject
The term ‘Data Subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address or credit card number.
The eight Data Subject rights under the GDPR
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights related to automated decision making including profiling
Further definition and how we ensure these rights are met are explained within our Privacy Statement, including how individuals can exercise these rights by contacting Digital Infrastructure Alliance’s secretariat [secretariat_at_idia.io].
Our Privacy Statement is on our website.
Data Protection Officer
Digital Infrastructure Alliance is not required to appoint a Data Protection Officer. The Secretariat team will act as first point of contact for any data protection related queries or questions, and can be reached by email.