Data Protection Policy

Data Protection Policy

INTRODUCTION

The Data and confidentiality Protection is handled and maintained in all aspects in accordance with the Constitution of the Republic Sudan which guarantees that all citizens are allowed freedom of communication and correspondence. Confidentiality is guaranteed and no communication or correspondence may be observed or recorded except as provided by law. In its Article 37 the Sudan Constitution provides for: “The privacy of all persons shall be inviolable; no person shall be subjected to interference with his/her private life, family, home or correspondence, save in accordance with the law”.

Data Protection Policy — Purpose Statement about the use of Personal Information

This policy outlines the guidelines for handling and the purposes for which we hold personal data about our employees, consultants, agents and others who work for us. As part of our Compliance Management System this Policy has been introduced to be part of our internal policies. The Personal Data is being dealt with subject to the constitution and the other relative enactments and legislation and should be kept and handled always subject to law, accordingly:

  1. We will collect, hold and process information consisting of personal data including sensitive personal data about all our employees, applicants for employment, self-employed contractors, consultants, agency workers, and others who work for us, who are referred to in this policy as ‘Data Subjects’.
  2. The purpose for which we hold any information about Data Subjects is solely for administrative and personnel management purposes.
  3. The policy defines ‘Sensitive Personal Data’ as personal data consisting of but not limited to information as to nationality; religion; sex; age; date of birth; health condition; marital status; dependent details; qualifications; residential address; the commission or alleged commission of any offence or any proceedings for any offence committed or alleged to have been committed, including the disposal of such proceedings or the sentence of any court in such proceedings.
  4. The purpose for which we hold Sensitive Personal Date about ‘Data Subjects’ is solely for monitoring equal opportunities, or the provision of specific services to individuals, including but not limited to: suitability and fitness for work, sick pay and sick leave, safe environment and obligations in respect of the employment equal opportunities.
  5. We will establish and adhere to standard retention times for the various categories of information to be held on the records of workers and former workers and the retention times on business needs taking into account relevant professional guidelines. [Normally information about applicants for work and employees, including references and recruitments documents, will not be kept for longer than any period during which claims might be brought against us in connection with which the information may be needed.
  6. The purpose for which we hold any information about ‘Data Subjects’ after the end of our contractual relationship is solely for meeting any residual contractual related matters including, but not limited to the provision of references, processing applications for re-engagement, matters relating to retirement benefits and allowing us to fulfill contractual or statutory obligations.
  7. In addition to the above purposes, we may collect, hold and process data including Sensitive Personal Data if it is necessary to do so for the sake of compliance with any
  8. If necessary for the above purposes we may transfer personal data to our subsidiary and associate companies, insurers, bankers, legal, medical and other professional advisers, administrators of Social Insurance and Pension scheme or pension provider and other companies to which we have contracted work relating to any of the above purposes for which the personal data are to be used. The transfer of personal data is always subject to confidentiality undertaking by recipients. Data may also be disclosed to others at employee’s or data owner request.
  9. Subject to the extent Permitted by Law, we monitor electronic communications by our consultants and employees, within our Information Technology System including access to websites, to ensure that these systems are being used in accordance with our internet policies.
  10. The Data Protection Policy and the relevant enactments set out eight enforceable principles of good practice, to which we will make all reasonable efforts to adhere. These principles are that the data must be: – Fairly and lawfully processed; – Processed for limited purposes and not in any manner incompatible with those purposes; – Adequate, relevant and not excessive; – Accurate; – Not kept for longer than is necessary; – Processed in accordance with individuals’ rights; – Secured; – Not transferred without adequate protection.
  11. Each of our staff and to whom the data subject belongs shall have a right to request access to, and to request correction of, his personal data in relation to our employment agreement. Those who wish to exercise

04

  1. Each of our staff and to whom the data subject belongs shall have a right to request access to, and to request correction of, his personal data in relation to our employment agreement. Those who wish to exercise these rights can contact the Human Resources Manager who is the person accountable for Data Protection and Privacy.

Sanctioned and Approved by the Board of Directors this Day of 150 March 2017.

Osama Daoud Abdellatif.

Chairman of Board of Directors DAL Group.