Privacy Policy

privacy

Objective

The objective of this policy is to outline the principles and practices for protecting the privacy of personal information in the design, development, and delivery of Nuventure products and services. Privacy by Design is to proactively protect the privacy of individuals by minimizing the amount of personal data collected, ensuring that the data collected is used only for the intended purpose, and implementing strong security measures to prevent unauthorized access or disclosure.

Scope

This policy applies to all employees, contractors, and third-party service providers who handle personal information in the course of their work for our organization.

Policy Statement

At Nuventure, we are committed to safeguarding the privacy and security of personal information. We believe in integrating privacy considerations into our products, services, and business processes from the earliest stages of development. This Privacy by Design policy outlines our commitment to protecting personal information and our approach to embedding privacy protections into our operations. Besides, the ISO 27001:2022 and SOC 2 security management certifications make Nuventure a truly trusted technology partner for our clients. We are a strict GDPR compliant organization, taking measures to impart its significance in-house, with mandatory GDPR training for employees for prioritizing security of clients’ personal information.

Principles

    Our organization is committed to the following Privacy by Design principles:
  • Proactive, not Reactive: Privacy considerations are integrated into all aspects of our products and services, from the initial design phase through to end-of-life.
  • Privacy as the Default Setting: Our products and services are designed to minimize the collection and use of personal information and to make privacy the default setting.
  • Privacy Embedded into Design: Privacy considerations are incorporated into the design and architecture of our products and services, including security measures to protect personal information from unauthorized access, use, and disclosure.
  • End-to-End Security: Our products and services are designed to ensure end-to-end security of personal information, from collection to storage, use, and disposal.
  • Transparency and User Control: We provide clear and concise information about our privacy practices, including how personal information is collected, used, and disclosed, and give individuals control over their personal information.
  • Respect for User Privacy: We respect the privacy of individuals and do not use personal information for any purpose other than the intended purpose.

Procedures

    To implement these principles, Nuventure will:
  • Conduct privacy impact assessments (PIAs) to identify and mitigate privacy risks associated with our products and services.
  • Implement data minimization practices to limit the collection, use, and retention of personal information to only what is necessary to provide the intended product or service and in accordance with Data Protection Policy.
  • Provide clear and concise privacy notices that explain our collection, use, and disclosure practices to individuals.
  • Obtain the appropriate consent from individuals before collecting or using their personal information, where required by law.
  • Implement appropriate technical and organizational security measures to protect personal information from unauthorized access, use, and disclosure.
  • Regularly review and update our Privacy by Design Policy and related procedures to ensure ongoing compliance with applicable laws and regulations.

Training and Accountability

Nuventure will provide training and resources to employees, contractors, and third-party service providers to ensure they understand their roles and responsibilities under this policy. We will also hold individuals accountable for complying with this policy and related procedures and take appropriate disciplinary action for non-compliance.

Non-Compliance

Compliance with this policy shall be verified through various methods, including but not limited to automated reporting, audits, and feedback to the policy owner. Any staff member found to be in violation of this policy may be subject to disciplinary action, up to and including termination of employment or contractual agreement. The disciplinary action shall depend on the extent, intent, and repercussions of the specific violation.

Responsibilities

The Privacy Officer is responsible for approving and reviewing policy and related procedures. Supporting functions, departments, and staff members shall be responsible for implementing the relevant sections of the policy in their area of operation.

Schedule

This document shall be reviewed annually and whenever significant changes occur in the organization.