Privacy Policy

PROCEDURE:

Use of Personal Data‍
In the course of day-to-day business operations, authorized individuals within the Company may from time-to-time utilize and/or transfer Personal Data among various locations within the PTD premises in UAE. These transfers of Personal Data are necessary in order to carry out the Company's General Business Purposes.
Specifically, Personal Data may be used as follows:
a. To identify a Data Subject personally;
b. To communicate with a Data Subject;
c. To comply with human resource requirements; work permits issuance, residence visa, payroll, benefits administration.
d. To comply with government regulations;
e. To provide associate benefits;
f. To manage the business.
‍
Integrity of Personal Data
The Company will take reasonable steps that Personal Data and Sensitive Data are:
a. Obtained, where possible, directly from the Data Subject to whom the Personal Data relates;
b. Obtained and processed fairly and lawfully by the Company for General Business Purposes;
c. Relevant to and no more revealing than is necessary for General Business Purposes; and
d. Kept up-to-date to maintain data accuracy, while data is under control of the Company, and kept only for so long as is reasonably necessary.

Notice
The Company informs Data Subjects about the purposes for which Personal Data is collected and used. In certain situations, Personal Data may be rendered anonymous so that the names of the Data Subjects are not known by Processors. In these cases, Data Subjects do not need to be notified.
The Data Privacy Consent form -attached at the end of policy- is acknowledged by all employees and new joiners on annual basis.
The Data Privacy Notice form - attached at the end of the policy, to be used when there is an information that is to be disclosed and kept confidential.

Access to Personal Data
Pharmatrade Group takes steps to make sure that the Personal Data it uses is correct. Pharmatrade Group takes steps to make sure that the Personal Data it uses is correct.
The Company will allow Data Subjects reasonable access to Personal Data about themselves during normal working hours and upon reasonable request and will be allowed to update and/or correct any inaccurate information.

Procedure for Accessing Personal Data
Questions about Personal Data and/or authorization to access such Personal Data are to be directed to Approvals of the Respective Dept Manager, Group HR Manager, Hardware/Network Manager and ERP Manager. Subject to approval of all the concerned authorities, access shall be provided.

Security or Personal Data
Pharmatrade Group will take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction. We protect your personal information by using data security technology and using tools such as firewalls and data encryption. We restrict access to personal information at our offices so that only officers and/or employees with a legitimate business purpose can access it.

Electronic Data Storage:
· Electronic files that include Information must be stored securely. Contact IT Dept if you have questions relating to the storage of Information.
o Access to electronic files that include Information should only be granted to those with a need to know, not more than is needed and only for the time required (least privilege). Access should be reviewed commensurate with the level of sensitivity. This includes storage locations you manage as well as those managed by your sub-contractors.
o Deactivation should occur timely after an exit from the company or when individuals no longer have a business need to access information.

· Information must NOT be stored in the following locations without approval from IT
o Any removable storage device such as external hard drive, USB, etc.
o Employees' personal devices such as laptops, iPad etc.
o External storage services or sites such as Google Docs, DropBox, SkyDrive, etc.

Transfer of Personal Data
Subject to this Policy, the Company may from time-to-time transfer Personal Data within and between its various locations for General Business Purposes, in compliance with country of origin regulations, UAE law, and this Policy.
‍
· Electronic files that include Information must be transferred using only company assigned email address for communication. Contact IT Dept to establish the preferred method to transfer Information.
· Information must NOT be transferred via:
· Unsecured e-mail.
· External storage devices such as external hard drive or USB (without approval from IT Dept).
· Personal e-mail.
· GigaFile, WeTransfer, SlideShare.

Physical Security
· Maintain a secure workspace
· Lock out access to your computer ANY time you step away from it.
· Laptops and iPads are either placed in a lockable cabinet, cable locked or taken with you when you leave for the day, are away for business travel or on vacation.
· Lock your desk, cabinets and locker/office when you leave for the day, are away for business travel or on vacation.
· Do not leave hard copies on printers.

Choice
Any Associate whose Personal Data is to be transferred to Third Parties as described in this Policy may choose not have his or her Personal Data transferred. A Data Subject must communicate his or her desire to "opt-out" as outlined below. Data Subjects who exercise their right to opt-out are to be informed of the impact such opt-out will have on their employment within the Company (e.g., inability to process benefits or payroll data in a timely or appropriate fashion). A Data Subject may not opt out of transfer of Personal Data which is transferred by the Company to a Third Party for the following purposes:
a. Meeting applicable legal requirements;
b. Permitting the legitimate interests of the Company in making promotions, appointments, preparing succession planning and other employment decisions.
‍
Accountability
The Company expects its associates, independent contractors, subcontractors, and partners to maintain the trust placed in the Company by those Data Subjects who provide personal information to the Company. The Company may periodically audit privacy compliance, and where necessary, will extend by contract its privacy policies and data protection practices to the Company supplier and partner relationships.

Procedure for Inquiries, Complaints and Opt-Out
A Data Subject may contact their Dept Head, Group Division Manager and Human resources manager with inquiries or complaints regarding the Company's processing of Personal Data or to opt out of the transfer of Personal Data.
‍
Information Security Incident Reporting:
If there is an Information security incident, please contact your reporting manager or HR Manager AND Report an Incident Ticket via the HelpDesk Portal → Report Data Breach/Cyber Incident. The incident report shall be notified to IT Dept and Compliance committee. Incidents can include but are not limited to:
· Email containing Information was accidentally sent to an unintended recipient.
· Lost or stolen laptop, hard drive or removable storage device that contains Information.
· A sub-contractor with access to Information alerts your company to an incident.
· Ransomware attack - performing the following steps may help to reduce risk:
o Unplug the network cable or disable WiFi
o Hibernate
‍
Enforcement
The Company uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. The Company encourages interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. In addition, training on the data privacy policy is delivered annually by IT department as refresher for all the employees.
‍
Amendments
This Privacy Policy may be amended from time to time consistent with the requirements of the UAE Cybercrime law. Revisions will be updated as required.
‍
Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information.
However, certain information is subject to policies of Company that may differ in some respects from the general policies set forth in this Privacy Policy.
‍
Contact Information
Questions or comments concerning this Policy should be directed to company via mail or email as follows:
‍
Compliance Committee
PHARMATRADE Group
DIP1, Dubai, PO Box: 11397