Data Protection Policy
NIST Institute Private Limited involves in activities which deals with various types of data collection from employees, students, vendors, suppliers, clients, regulatory norms and international boards.
The data protection policy sets the arrangements in place to ensure that all personal data records held by the organization are obtained, processed, used and retained in accordance with the rules of data protection (based on the Data Protection Acts):
- Take and process the information/data fairly.
- Keep it safe and secure - Appropriate security measures must be taken against unauthorized access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction.
- Maintain it as authentic, accurate, complete and up-to-date.
- Use and disclose it only in ways suitable with the purposes.
- Keep it only for one or more specified, explicit and lawful purposes.
- Ensure that it is adequate, relevant and not excessive.
- Securely store the documents as long as it is necessary for the purpose.
- Give a copy of an individual personal data to him/her based on the written request.
- Under the Data Protection Act 1998, you can make a formal request to receive copies of any information held by NIST. To do this you are required to submit a subject access request.
The policy should be reviewed and evaluated at certain pre-determined times and, as necessary.