Introduction
Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.
Data Privacy Policy
We value your privacy and are dedicated to safeguarding it. This policy outlines how we process any personal information you provide via our applications We, OASYS Information Technology L.L.C, are the data processor of your personal information. We recommend that you read through this policy thoroughly to gain a clear understanding of our privacy practices. OASYS has a clear objective to be transparent in its use of personal data and to ensure that all customers, and their employees, where we store or process personal data, have their privacy maintained to provide the security and trust expected of our organization.
DEFINITIONS
A "Data Subject" refers to an employee of the data controller whose personal data is being collected, processed, or stored by the Data Controller.
The "Data Controller" is the employer or organization responsible for collecting, managing, and determining the purpose and means of processing employee data. They ensure compliance with legal obligations and protect employee privacy throughout the data-handling process.
"Personal Data" refers to any information that can identify an employee, either directly or indirectly, within the context of an employer. This includes direct identifiers like name, ID number, or email address, as well as indirect identifiers that, when combined, can reveal an employee's identity, such as gender, birth date, national id etc.
A "Data Processor" is an entity that processes personal data on behalf of the Data Controller, following their instructions and guidelines. The Data Processor does not determine the purpose or means of data processing but is responsible for handling the data securely and in compliance with legal and contractual requirements.
"Processing" of personal data may include "collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and any may be by automated or manual means."
OASYS Information Technology L.L.C as a data processor
This policy is defined by OASYS Information Technology L.L.C being a Data Processor on behalf of the Customer , Data Controller as defined in Data Protection Regulation and applies to all internal employees, third-party suppliers and sub processors. OASYS employees are trained and required to be compliant. Third party sub processors are audited to ensure their systems align with and support compliance with this policy. This policy remains current until it is reviewed or reissued. When this occurs, all affected personnel will be made aware before the new policy is adopted. OASYS Information Technology L.L.C, will have a clear and specific agreement with the Data Controller to ensure that personal data is kept secure and up to date.
Responsibilities of data controller
The Data Controller is responsible for determining the purposes and means of processing personal data, ensuring that all processing activities comply with applicable legal and regulatory requirements. This includes ensuring lawful, fair, and transparent processing, protecting the rights of data subjects, and implementing appropriate security measures to safeguard personal data. The Data Controller must also provide clear information to data subjects regarding how their data is used, manage relationships with Data Processors to ensure compliance, and conduct Data Protection Impact Assessments (DPIAs) when necessary. Additionally, the Data Controller is obligated to notify relevant authorities and data subjects in the event of a data breach and to maintain accurate records of all data processing activities to demonstrate compliance with data protection regulations.
OASYS Information Technology L.L.C agree to:
- comply with the requirements of the Services Agreement in the provision of services to the Data Controller;
- process and use the Data only to the extent strictly necessary to perform its obligations or as otherwise provided under the Services Agreement;
- only disclose the Data to the Data Processor’s employees and personnel that have a need to access the Data for the Data Processor's compliance, while the Data Processor shall ensure that all such employees and personnel are bound by a confidentiality agreement;
- take all reasonable steps to ensure the reliability of all its employees and personnel who have access to the Data;
- ensure that appropriate controls are in place to prevent the Data Processor’s access to special categories of Data, where relevant, except in circumstances expressly authorized by the Data Controller;
- implement, maintain and at all times operate adequate and appropriate technical and organizational measures to; (i) protect the security, confidentiality, integrity and availability of the Data, and (ii) protect against unauthorized or unlawful processing of the Data and against accidental loss, destruction or the making vulnerable of, or damage to, the Data; such measures shall, at a minimum, meet a. the requirements of Data Protection Law; b. the standards required by all applicable accepted industry practices;
- comply with its obligations under Data Protection Law, and shall take such steps as are requested by Data Controller to enable the Data Controller to comply with the Data Controller's obligations under Data Protection Law;
- provide evidence to the Data Controller on request of the technical and organizational measures the Data Processor has taken to comply with its obligations.
Data Transfer
OASYS will not transfer, access or process any personal data outside the locations which are specified in the agreement without the express prior written consent of the Data Controller.
International Data Transfers
No data is transferred outside of the countries specified in the agreement without it being agreed by the Data Controller and OASYS’s Data Protection Officer. It is the responsibility of the Data Controller to ensure that specific consent from the data subject is obtained prior to transferring their data outside the specified countries.
Sub processors
OASYS Information Technology L.L.C will not subcontract personal data processing without the written permission of the Data Controller. If written permission is provided, then OASYS Information Technology L.L.C will ensure that all third parties engaged to store or process personal data on OASYS behalf (i.e. Data subprocessors) are aware of and comply with the contents of this policy and the data protection regulation. Assurance of such compliance is obtained from all subprocessors, whether companies or individuals, prior to granting them access to Personal Data controlled by OASYS Information Technology L.L.C. Breach or Compliance Failure If OASYS Information Technology L.L.C discovers or suspects a compliance failure, security incident, suspected incident or breach, then it will:
- implement immediate containment of the breach;
- accurately record the details of the incident;
- provide an initial assessment of the incident to the Data Controller within 24 hours;
- provide support to the Data Controller to establish the details surrounding the breach.
Returning Data
Upon request by the Data Controller or upon termination of the Service Agreement, OASYS Information Technology L.L.C. will either return or securely dispose of any personal data belonging to the Data Controller in accordance with the terms of the agreement.
Privacy by Design and Default
OASYS Information Technology L.L.C encompasses privacy by design as an approach to projects and applications.
Criminal Record Checks
Where criminal record checks are required and justified by law, they are carried out. Criminal record checks are not undertaken based solely on the consent of the data subject.
Data Portability
Upon request, a data subject is entitled to receive a copy of their data in a structured format. Where applicable, and provided it does not impose an undue burden or compromise the privacy of other individuals, OASYS Information Technology L.L.C. will assist the Data Controller in transferring the data in an agreed-upon format , as outlined in the agreement between OASYS Information Technology L.L.C. and the Data Controller.
Right to be Forgotten
With a formal written request from the Data Controller to the OASYS Information Technology L.L.C, Data Protection Officer, OASYS Information Technology L.L.C will assist the Data Controller, where relevant, in deleting or removing any personal data requested.
Monitoring
The OASYS Information Technology L.L.C Data Protection Officer has overall responsibility for this Policy and will monitor it regularly to make sure it is being adhered to.
For Further information, please contact the OASYS Information Technology L.L.C Data Protection Officer.
The Data Protection Officer,
OASYS Information Technology L.L.C,
Post Box No. 13531, Suite 101, Al Salmiya Building Tower,
125-136 Riqqat Al Buteen, Dubai, United Arab Emirates
info@oasys-me.com
Phone: +97143577666
Contact Us
United Arab Emirates
+97143577666
Qatar
