Version 1.0
Prepared by: @Lorraine Sebata
Approved by: @Samia Thompson
Reviewed Date: 2025-09-15
Next review date: 2026-09-15
This policy applies to all employees, contractors, and temporary staff of Easyterms.
This Employee Data Protection Policy outlines Easyterms' commitment to protecting the privacy and security of its employees' personal data. The policy establishes the principles and procedures for the collection, storage, use, access, and disposal of employee data in a manner that ensures compliance with applicable Bahamian privacy laws.
This policy applies to all employees, contractors, and temporary staff of Easyterms. It covers all forms of employee data, whether stored in physical or electronic format, including but not limited to, HR records, payroll information, performance reviews, health information, and background check data.
Easyterms will comply with all relevant Bahamian laws and regulations regarding the protection of employee data. This includes respecting employees' rights to privacy, providing required disclosures, and maintaining data in a secure manner.
Employee data will be collected only for legitimate business purposes (e.g., payroll, benefits administration, performance management, legal obligations). Employees will be informed of the purpose for which their data is being collected.
The company will take reasonable steps to ensure that employee data is accurate, complete, and up-to-date. Employees are responsible for notifying HR of any changes to their personal information.
All employee data will be stored securely, protected from unauthorized access, use, or disclosure. Access to sensitive employee data will be granted on a strict need-to-know basis. Physical records will be kept in locked cabinets, and access controls and encryption will protect electronic records.
Employees have the right to access and review their own personal data held by the company. Access requests will be handled in a timely manner, subject to legal and regulatory restrictions.
Employee data will be retained only for the period necessary to fulfill its purpose or as required by law. Once the retention period has expired, data will be securely disposed of through methods such as shredding for physical documents and digital wiping or destruction for electronic files.
Employee data will not be shared with third parties without the employee's consent, except where required by law (e.g., tax authorities) or for legitimate business purposes (e.g., benefits providers). Third-party vendors who handle employee data must agree to meet the company's data protection standards.
In the event of a data breach involving employee data, the company will have a plan to respond, investigate the incident, and, where required by law, notify affected employees and relevant authorities.
Senior Management: Responsible for approving this policy and ensuring that adequate resources are allocated for its implementation and enforcement.
Human Resources (HR) Department: Responsible for the day-to-day management of employee data, ensuring compliance with this policy, and handling employee data access requests.
IT Department: Responsible for implementing and maintaining the technical security measures for electronic employee data.
All Employees: Responsible for understanding and adhering to this policy, safeguarding the data they have access to, and reporting any potential data breaches or security concerns.
This policy will be reviewed at least annually, or more frequently if there are significant changes in relevant data protection laws or company operations.