DiversityWorks Group Team
Our Behaviors
We will:
- Love our families, and enjoy our work, so we will focus on the right balance that brings us maximum joy.
- Value transparency, so we communicate honestly and thoughtfully with our clients and each other.
- Have trust in ourselves, each other, and our clients.
- Recognize and embrace the vulnerability trust requires.
- Be authentic, and will act with integrity, no matter what headwinds we face.
We will not:
- Simply be tolerant. Tolerance comes with conditions, and it doesn’t carry us far enough.
- Only offer respect for others. We strive to be more empathetic and understanding.
- Appear condescending. Our team members are learning and living experiences daily that help us learn humility and compassion.
- Actively exclude or intentionally offend. If we get something wrong, we ask for understanding while we learn and grow.
We value the lessons we learn from failure and believe that we are not flawless. We will make mistakes and learn from them. We welcome constructive and honest feedback as well as a dialog about our behaviors as we strive to incorporate them into our professional and personal lives. We listen well, and we want to hear from you. We invite you to share your feedback about what you see above and share the values you hold.
Data Privacy and Retention Policy
Purpose-Driven Data Processing: Our organization solely processes personal data from our client engagements to deliver the contracted services. We do not use this data for any other purposes.
Data Minimization: We collect and retain only the minimum personal data necessary to fulfill our service obligations and remind our clients not to send unnecessary data. Our Data Protection Officer (DPO) conducts quarterly reviews to ensure we do not hold excessive data.
Data Accuracy: We implement measures to maintain data accuracy, including regular data validation checks and training staff on the importance of data accuracy. We require peer review of all analyses before reviewing with our clients.
Data Integrity and Confidentiality: To ensure data integrity and confidentiality, we assign each client a unique identifier and store data using the client’s unique identifier. Our employees are discouraged from working on client data in public places or discussing clients with colleagues in public settings.
Accountability: We demonstrate accountability by maintaining detailed records of data processing activities, conducting regular internal audits, appointing a data protection officer, and implementing a data breach response plan.
Compliance Review: This policy is reviewed quarterly to ensure ongoing compliance with data protection regulations and the best practices.
Data Retention: We will retain your personal data only for as long as the data is needed in connection with the purposes for which it is collected and used. After this, we will either delete the data or pseudonymize it, making sure that it is not directly attributable, and use it for data analytics, benchmarking, and statistical purposes only. The following criteria will be used to guide us when retaining your information:
We will retain personal data for as long as we maintain an active relationship with our client; Once our relationship with the client has ended, the data (in a pseudonymized or anonymized form) may still be relevant to our current or future legitimate business purposes.
Incident Management and Response Plan- Data Breach Response Policy
Detection and Reporting: All employees must immediately report suspected data breaches to the firm’s senior partner. The senior partner will confirm and assess the breach within 24 hours.
Containment: We will immediately contain the breach and prevent further data loss. Affected systems may be isolated or taken offline if necessary.
Assessment: The Data Protection Officer (DPO) will lead an investigation to determine a) the Nature and extent of the breach, b)
the Data involved c) the Potential impact on individuals and the organization.
Notification: Within 72 hours of breach awareness, the DPO will a) Notify relevant authorities as required by law and b) Inform
affected individuals if there’s a high risk to their rights and freedoms.
Recovery: IT will implement necessary measures to restore systems and data. Security measures will be reviewed and enhanced
as needed.
Review: A post-incident review will be conducted to identify lessons learned and improve future responses.
Documentation: The DPO will maintain a record of all data breaches, including response actions. This policy will be reviewed and updated annually or after any significant data breach incident.