Data Controller: Alpaca Global Solutions Limited
Alpaca Global Solutions is committed to transparent and secure handling of employee personal data, adhering strictly to GDPR requirements. The range of data collected is comprehensive, including but not limited to personal, employment, remuneration, and health information. The purpose of processing such data spans from employment contract management, legal compliance, to HR management. We ensure to safeguard data privacy through robust internal policies, restricting data access to authorized personnel and employing technical measures against data breaches.
Employees have the right to access, correct, or request deletion of their data, reflecting our commitment to data subject rights under GDPR. Data retention periods are defined clearly, aligning with legal and operational requirements.
Alpaca Global Solutions is aligning with ISO27001 standards, aiming for certification to bolster our data security framework. Our policies and procedures undergo regular audits and revisions to ensure relevance and efficacy. Security awareness is fostered across all levels through continuous training programs, reflecting our proactive stance on data protection.
Our cybersecurity measures include stringent access controls, encryption, antivirus protection, and patch management, ensuring the integrity and confidentiality of data. We conduct regular network security assessments, including penetration testing, to preemptively address vulnerabilities. A detailed joiners, movers, leavers (JML) process further ensures that access rights are promptly updated, mitigating insider threat risks.
We undertake comprehensive technical and organizational measures to protect personal data against unauthorized access or breaches. Data transfers outside the EEA are strictly managed under GDPR-compliant conditions, ensuring data subject consent and legal compliance. Our records retention schedule is meticulously maintained, reflecting our commitment to data minimization and privacy.
Background checks and security training are integral to our personnel management, ensuring that all employees, contractors, and third-party users understand and commit to our data protection standards. A formal disciplinary process is in place for violations, underlining our zero-tolerance policy for security breaches.
Our physical security measures include controlled access to facilities, surveillance, and environmental controls, safeguarding against unauthorized entry and data loss. Secure disposal of IT assets is performed in compliance with data protection regulations, preventing data leakage.
Our comprehensive Business Continuity and Disaster Recovery (BC/DR) plans ensure data availability and integrity, with regular testing and updates. Data backup protocols are rigorously implemented, ensuring resilience against data loss incidents.
Confidential information, social media, and data protection policies outlined in employment contracts reinforce our GDPR compliance framework. Employees are briefed on these terms, ensuring clarity on data handling and confidentiality expectations.