4. Data Protection Principles
DS9 has adopted the following principles to govern its collection and processing of Personal Data:
Personal Data shall be processed lawfully, fairly, and in a transparent manner.
The Personal Data collected will only be those specifically required to contact Data Subjects and to fulfill contractual obligations. Such data may be collected directly from the Data Subject or provided to DS9 via its employer. Such data will only be processed for that purpose.
Personal Data shall only be retained for as long as it is required to fulfill contractual requirements, or to provide statistics to our clients who provided us with the Personal Data.
Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.
A request of a Data Subject to execute its rights under the GDPR as listed in section 3 above must be put in writing.
Personal Data shall only be processed based on the legal basis explained in section 2, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent.
If the Data Subject has provided Consent to the processing of personal data or if such Consent was provided by the employer of the Data Subject in order to allow the employee to login and use the services provided by DS9, then this consent may be withdrawn at any time (but may then result in an inability to fulfill certain services).
DS9 will not use personal data for any automated decision making.