Skip to main content

Data Protection Policy

Viper Ltd recognise that in order to carry out its services, it must collect and use personal data relating to the people with whom and for whom it works. ‘Personal data’ means any information relating to a living individual from which that individual may be identified (including, for example, their name, address or payroll number), whether by itself or taken together with other information in the possession of Viper Ltd.

Viper Ltd will manage any personal data in accordance with the General Data Protection Regulations 2018 and other related legislation, in whichever manner that such data is collected, recorded or used (whether on paper, databases, emails, CCTV or telephone records, or recorded by any other means). Viper Ltd follows the 7 data protection principles set out in the General Data Protection Regulations 2018, and understands its obligations to ensure that personal data is managed fairly, lawfully, accurately and securely. These principles require that personal data, including that of its employees and third parties must be:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Viper Ltd holds Personal Data which is directly relevant to its employees. That data will be held and processed in accordance with the data protection principles above and with this Policy. The following data may be collected, held and processed by Viper Ltd:

  • Identification information relating to employees including, but not limited to, names and contact details
  • Equal opportunities monitoring information including age, gender, race, nationality and religion
  • Health records including details of sick leave, medical conditions, disabilities and prescribed medication
  • Employment records including, but not limited to, interview notes, curricula vitae, application forms, assessments, performance reviews and similar documents
  • Details of salaries including increases, bonuses, commission, overtime, benefits and expenses
  • Records of disciplinary matters including reports and warnings, both formal and informal
  • Details of grievances including documentary evidence, notes from interviews, procedures followed and outcomes

Implementation of the Data Protection Principles will be achieved by Viper Ltd ensuring that:

  • Internal and external individuals are available to provide advice and assistance on issues arising under the DPA
  • Everyone managing and handling personal information understands they are responsible for following good data protection practice and is appropriately trained and supervised
  • Personal data will only be accessed by those authorised to do so this will be monitored through Azure and Microsoft 365. To allow the right softwares to be deployed on all Company assets.
  • Specific firewalls and virus scanning software will be installed and issued to all with each of their assets as above.
  • Appropriate efforts will be made to ensure that all stored data is accurate and updated as necessary, password protected and that data which is obsolete or no longer required is destroyed with appropriate regard paid to the confidentiality of that information
  • A regular review is made of the way personal information is managed

NEOM IT Security Requirements

  • Personal data will only be accessed by those authorised to do so this will be monitored through Azure and Microsoft 365. To allow the right softwares to be deployed on all Company assets.
  • Specific firewalls and virus scanning software will be installed and issued to all with each of their assets as above
  • Hardware and software inventory — Routine inventories will help find security holes and other system vulnerabilities.
  • Hardware and software baselining — Establishing a standard baseline.
  • Change and access auditing — Regular monitoring of activity in our work environment will help our teams detect suspicious behavior in time to respond before it causes real damage.
  • Remote access control — Employees working from home or in the field need access to internal data, but that access must be secure. There is two factor Authentication required when logging in to Laptops this has been set for each time the connection to the server is closed from each asset. This will also be controlled from the central function who will be able to review which asset is logged in at any one time. The IT department will be able to close a laptop from the server remotely in the case of an emergency.
  • Data discovery and classification — Assessing the types of data that we hold and classifying them accordingly will help Viper Ltd relate back to making sure the relevant controls are in place.
  • Malware and virus protection — Viper Ltd use Mcfee Antivirus software which will be deployed across all Viper Ltd
  • Backup and recovery — Viper Ltd hold all documentation on the Viper Ltd Server however in the case of an emergency Viper Ltd will back up all files monthly.

Training and Awareness

  • Training and awareness is essential for Viper Ltd to be in a position to meet its obligations under the Act.
  • The Operations Director has primary responsibility for ensuring that adequate and appropriate training and awareness exist within the Company, working closely with the Director of Human Resources and the Director of IT Services.
  • All employees, upon obtaining employment, will receive general information on the Act and the Institution’s obligations thereunder as a component of the induction documentation and process.
  • The Operations Director has overarching responsibility for the creation and maintenance of web-based and print material for reference and awareness. This post is also responsible for ensuring that scheduled training is available to staff and providing ad hoc training where appropriate.
  • Viper Ltd, in conjunction with the Operations Director, will identify those roles requiring training and awareness of data protection responsibilities and will work with the relevant department to ensure that adequate and appropriate training is provided.
  • Monitoring of the effectiveness of training and awareness activities should be undertaken and maintained consistently.

The responsibility for compliance primarily rests with Viper Ltd However, every employee has an individual responsibility to ensure compliance and can be held legally accountable

Further to the above the policy will be briefed to all Staff during the induction process so that they fully understand the requirements at Viper Ltd There will be Data Protection available to all staff and will be a mandatory requirement to be completed by all who work for Viper Ltd.