Data privacy is a fundamental right of individuals to know and to decide what personal data about them is collected, used and shared.
We should take every step to ensure the privacy of our Recipients, business partners, customers and employees
Personal data is any information relating to an identified or identifiable person
We must collect personal data fairly and lawfully
Legal Justification: Prior to collecting and using personal data we must have a legal justification
Legal permission or obligation
We must process personal data responsibly
Purpose Limitation: We must process data only for the purposes indicated at the time of collection
Confidentiality: We may only share, disclose, transfer, permit access to or publish personal data within Sonova or to 3rd parties if we are authorized to do so and only on a strict “need to know” basis.
Be aware that there are limitations to cross-border access & transfers of data (always reach out to Legal or Compliance)
Data Quality: We must ensure that personal data stored in our systems is accurate and up to date.
Standards when collecting, processing and sharing personal data
Rules when engaging a service provider
Prior to engaging a service provider who will be processing personal data on our behalf please consult Legal or Compliance
Understand what information they need
Verify that they can protect the data (and abide by applicable laws)
Enter into a written agreement
Document our data processing activities
Accountability: Each of us is personally accountable and responsible for maintaining a record of processing activities under our own responsibilities, describing what personal data we hold and where we hold it. Also, it must be transparent how and why we use the data and who has access to it.
Documentation: We must accurately and completely document all documenting processing activities; and assess the risk to the privacy of individuals posed by such activities when we start to design or plan a new project, process or product, that involves the processing of personal data.
What should we do in case of a data incident
Data incident means that someone received improper or unauthorized access to collected, personal data held by or under the responsibility of Sonova
Examples = loss of a laptop, mobile device, disk, USB stick or paper files