Data Protection Policy

Auxanova Business Services FZCO

1. Purpose

  • Auxanova Business Services FZCO (“Auxanova” or “the Company”) is committed to protecting the privacy and personal data of individuals and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This policy sets out the principles, responsibilities, and measures governing the processing of personal data by the Company.

    • 2. Scope

  • This policy applies to all personal data processed by Auxanova Business Services FZCO, whether relating to employees, clients, partners, vendors, or any other individuals. It covers all forms of data processing, including collection, storage, use, sharing, retention, and disposal of personal data.

    • 3. Data Protection Principles

  • Auxanova processes personal data in accordance with Article 5 of the GDPR. Personal data shall be:
    • Lawful, fair, and transparent – processed in a lawful, fair, and clear manner.
    • Purpose-limited – collected for specified, explicit, and legitimate purposes.
    • Data-minimised – adequate, relevant, and limited to what is necessary.
    • Accurate – kept accurate and up to date.
    • Storage-limited – retained only as long as necessary.
    • Secure – protected through appropriate technical and organisational measures.

    4. Governance and Responsibility

    • Overall responsibility for compliance rests with the designated Responsible Person.
    • This policy shall be reviewed at least annually and updated as required.

    5. Lawful, Fair, and Transparent Processing

    • Auxanova shall maintain a Register of Processing Activities.
    • The Register shall be reviewed at least once a year.
    • Data subject access requests shall be handled promptly and lawfully.

    6. Lawful Basis for Processing

  • Auxanova shall process personal data only where a valid lawful basis exists, including:
    • Consent
    • Performance of a contract
    • Compliance with a legal obligation
    • Protection of vital interests
    • Public interest
    • Legitimate interests
  • Where consent is relied upon, clear opt-in evidence shall be maintained and individuals may withdraw consent at any time.

    • 7. Data Minimisation

  • Personal data collected and processed shall be limited to what is strictly necessary for the stated purposes and lawful basis.

    • 8. Data Accuracy

    • Reasonable steps shall be taken to ensure accuracy and completeness.
    • Data shall be reviewed and updated where appropriate.

    9. Data Retention and Archiving

    • Retention periods shall be defined based on legal and business needs.
    • Personal data shall not be retained longer than necessary.
    • Retention policies shall be reviewed annually.

    10. Data Security

    • Secure storage using up-to-date systems
    • Restricted access on a need-to-know basis
    • Protection against unauthorised access or disclosure
    • Secure deletion of data when no longer required
    • Regular backups and disaster recovery measures

    11. Personal Data Breaches

    • Risks to individuals shall be assessed promptly.
    • Breaches shall be reported to authorities where required.
    • Affected parties shall be informed as necessary.
    • Corrective actions shall be implemented to prevent recurrence.

    12. Policy Review

  • This Data Protection Policy shall be reviewed annually or sooner where required due to changes in laws, regulations, or business operations.