Foretold

Asian Studies, Podcast

“Foretold” follows Paulina as she navigates the consequences of her decision to leave her community and redefine her identity.

Data Privacy and Retention Policy

Purpose-Driven Data Processing: Our organization solely processes personal data from our client engagements to deliver the contracted services. We do not use this data for any other purposes.
Data Minimization: We collect and retain only the minimum personal data necessary to fulfill our service obligations and remind our clients not to send unnecessary data. Our Data Protection Officer (DPO) conducts quarterly reviews to ensure we do not hold excessive data.
Data Accuracy: We implement measures to maintain data accuracy, including regular data validation checks and training staff on the importance of data accuracy. We require peer review of all analyses before reviewing with our clients.
Data Integrity and Confidentiality: To ensure data integrity and confidentiality, we assign each client a unique identifier and store data using the client’s unique identifier. Our employees are discouraged from working on client data in public places or discussing clients with colleagues in public settings.
Accountability: We demonstrate accountability by maintaining detailed records of data processing activities, conducting regular
internal audits, appointing a data protection officer, and implementing a data breach response plan.
Compliance Review: This policy is reviewed quarterly to ensure ongoing compliance with data protection regulations and the best
practices.
Data Retention: We will retain your personal data only for as long as the data is needed in connection with the purposes for which it is collected and used. After this, we will either delete the data or pseudonymize it, making sure that it is not directly attributable, and use it for data analytics, benchmarking, and statistical purposes only. The following criteria will be used to guide us when retaining your information:

We will retain personal data for as long as we maintain an active relationship with our client;

Once our relationship with the client has ended, the data (in a pseudonymized or anonymized form) may still be relevant to our current or future legitimate business purposes.

Incident Management and Response Plan- Data Breach Response Policy

Detection and Reporting: All employees must immediately report suspected data breaches to the firm’s senior partner. The senior partner will confirm and assess the breach within 24 hours.
Containment: We will immediately contain the breach and prevent further data loss. Affected systems may be isolated or taken offline if necessary.
Assessment: The Data Protection Officer (DPO) will lead an investigation to determine a) the Nature and extent of the breach, b)
the Data involved c) the Potential impact on individuals and the organization.
Notification: Within 72 hours of breach awareness, the DPO will a) Notify relevant authorities as required by law and b) Inform
affected individuals if there’s a high risk to their rights and freedoms.
Recovery: IT will implement necessary measures to restore systems and data. Security measures will be reviewed and enhanced
as needed.
Review: A post-incident review will be conducted to identify lessons learned and improve future responses.
Documentation: The DPO will maintain a record of all data breaches, including response actions. This policy will be reviewed and updated annually or after any significant data breach incident.