Data protection goals
JurisTax Holdings Ltd, including its subsidiaries and affiliates, (hereafter “JurisTax”) take the protection of personal data very seriously and formulate the following data protection goals by the Management. This defines the basic orientation of JurisTax towards compliance with the European Union General Data Protection Regulation 2016, the Data Protection Act 2017 and any other relevant data protection law (hereafter the “data protection laws”). In particular, it is stated that compliance with legal regulations takes precedence over business requirements.
Fairness and Legality
When personal data is processed by JurisTax, the right of the data subject to his or her data is to be safeguarded. Personal data should be lawfully collected and processed.
The processing of personal data is intended solely to pursue the purposes defined prior to the collection of the data. Subsequent changes to the purposes are only possible to a limited extent and require justification.
The person concerned should be informed about the handling of his or her data. In principle, personal data must be collected from the data subject himself or herself. When collecting the data, the data subject should be able to recognise at least the following or be informed accordingly about:
- the identity of the responsible party;
- the purpose of data processing;
- the periods for which the documents are to be kept; and
- third parties or categories of third parties to whom the data may be transferred.
Data Avoidance and Data Minimisation
Before personal data is processed, it should be checked whether and to what extent this is necessary in order to achieve the purpose for which it was processed. If it is possible to achieve the purpose and the effort is proportionate to the intended purpose, anonymised or statistical data must be used. Personal data should not be retained for potential future use unless required or permitted by law.
Personal data that is no longer required after the expiry of legal or business process related retention periods should be deleted.
Personal data must be stored correctly, completely and - if necessary - up to date. Appropriate measures shall be taken to ensure that inaccurate, incomplete or outdated data is deleted, corrected, supplemented or updated.
Confidentiality and Data Security
Personal data must be treated confidentially in personal contact and protected against unauthorised access, unlawful processing or disclosure, as well as accidental loss, alteration or destruction by appropriate organisational and technical measures.
All head of departments, managers and employees of JurisTax undertake to pursue these goals of data protection and to observe the relevant data protection laws and support the data protection strategy to the best of their ability.
To ensure data protection, JurisTax relies on technical and organisational measures, privacy by design and default, risk management, training and other procedures that are still being developed.