ICTSI respects the privacy of individuals and is fully committed to protecting sensitive and personal information in accordance with its obligations under the laws of Papua New Guinea regulating same including, the Digital Government Act 2022, the Cyber Crime Code Act 2016, the Civil Registration (Amendment) Act 2014, the Statistics Act 1993, the Protection of Private Communication Act 1973, and the Criminal Code Act ('Data Protection Laws').
ICTSI adheres to the general principles of transparency, legitimate purpose and proportionality in the collection, processing, securing, retention, and disposal of personal information.
Employees, clients, customers, or third parties whose personal information is being collected shall be considered as data subjects for purposes of these policies.
The data subject shall be informed the reason or purpose of collecting and processing of personal data.
The data subject shall have the right to correct the information especially in cases of erroneous or outdated data, and to object to collection of personal information within the bounds allowed by Data Protection Laws.
The data subject has the right to file a complaint in case of breach or unauthorized access of his personal information.
ICTSI shall secure the personal information of employees and third parties from whom personal information is collected and shall take adequate measures to secure both physical and digital copies of the information. Notwithstanding the foregoing, no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or to protect your vital interests or the vital interests of another natural person.
ICTSI shall ensure that personal information is collected and processed only by authorized personnel for legitimate purposes of the organization.>
Any information that is declared obsolete based on the internal privacy and retention procedures of the organization shall be disposed of in a secure and legal manner.
Data subjects may inquire or request for information from firstname.lastname@example.org and/or email@example.com, regarding any matter relating to the processing of their personal data under the custody of ICTSI, including the data privacy and security policies implemented to ensure the protection of their personal data.
ICTSI recognizes the importance of the rights of a Data Subject under the Data Protection Laws as follows:
- Right to be informed whether personal data pertaining to a data subject shall be, are being, or have been processed.
- Right to object to the processing of a data subject’s personal information given and an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied.
- Right to access, upon demand, the contents of a data subject’s personal data that was processed, sources from which personal data was obtained, names and addresses of recipients of the personal data, manner by which such data was processed, reasons for the disclosure of the personal data to recipients, if any among others.
- Right to ensure or blocking of personal data from the filing systems.
- Right to erasure or blocking of a data subject’s personal data from the filing system.
- Right to erasure or blocking of a data subject’s personal data from the filing system.
- Transmissibility of rights to the lawful heirs and assigns of the data subject.
- Right to data portability or the capability to move data from one platform or service to another.
Collection of Personal Information
Choice and Consent
In collecting a data subject’s personal information, ICTSI ensures that the data subject is aware of the nature, purpose, and extent of the processing of a data subject’s personal information. The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.
Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
In the performance of our services, or as part of our transactions and dealings, we process and collect the following personal information which may include, but not limited to:
Name, marital status, Tax Identification Number, age, address, education, profession, business experience, business affiliation, family affiliation and any information from which identity of an individual is apparent or can be reasonably and directly ascertained, whether recorded in material form or not, such as CCTV footages and other visual recordings as part of our transactions with a data subject you.
Employment history, résumé and pictures sent with it, compensation and benefits, educational background, organizational affiliation, gender, date of birth, religion, ethnicity, civil status citizenship, physical medical history, past criminal and/or administrative records, government issued identifying information, payroll information of job applicants and current employees.
Company information, performance, history, and financial and capital, during vendor accreditation to engage in business transactions with us.
Information a data subject provides us when a data subject visits or uses our company website and other mobile and online applications and any information a data subject submits to our sales or customer relations agents for update of records or information.
Use of Personal Information
The Processing of Personal Information is for purposes of:
- Identification in company records and corporate housekeeping.
- Corporate transactions and business operations.
- Compliance with the requirements, including reportorial obligations to relevant local government units, and other appropriate government agencies or offices.
- Maintenance of security within and around the premises.
- Compliance with legal processes or lawful orders of judicial and quasi-judicial bodies, or any other government agencies and instrumentalities;
- Any other lawful business activities of ICTSI.
Sharing of Personal Information
ICTSI may share or disclose Personal Information of Data Subjects to:
- Relevant local government units, and other appropriate government agencies or offices and other competent authorities which by law, rules or regulations require us to disclose the personal information.
- Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise or defend our legal rights, and any other judicial and quasi-judicial bodies or government agencies pursuant to a lawful order.
- Any agent, contractor, consultant, adviser, auditor, underwriters or any service provider ICTSI engages to carry out lawful business activities or services who ensures the confidentiality and adheres to the provisions of the Data Protection Laws including, to third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- Our employees or other personnel handling a data subject’s transactions and requests.
- Credit reporting agencies, courts, tribunals, and regulatory authorities, in the event a data subject fails to pay for goods or services we have provided to them.
Retention and Security of Personal Information
Personal Information collected shall be retained as long as necessary to:
- Fulfill the declared, specified, and lawful purposes provided above, or when the processing relevant to the purpose has been completed or terminated.
- Exercise or defend legal claims.
- Comply with laws, regulations, or lawful court order.
Thereafter, a data subject’s personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
ICTSI ensures the integrity and confidentiality of a data subject’s personal information by providing suitable and adequate organizational, physical, and technical security measures, policies and procedures intended to reduce the risks of accidental destruction or loss, or the unauthorized disclosure or access to such information. Physical access to the servers and network equipment is highly restricted to authorized personnel only. Various security appliances and devices are employed to safeguard ICTSI’s network and its systems.
We will comply with laws applicable to us in respect of any data breach.