Inmark, LLC and each affiliate and subsidiary thereof (collectively referred to as Inmark) conducts every business transaction (including without limitation, operations, negotiations and marketing) with integrity and complies with the laws and regulations of the United States, as well as the laws and regulations of each foreign country in which Inmark operates or is looking to operate.
All Inmark personnel are expected to conduct Inmark business legally and ethically and with respect to maintaining privacy in communication.
Inmark values the confidence of its customers and vendors and respects individual privacy, including personal data of employees, clients, affiliates, customers, business partners, consultants, contractors, subcontractors and investors. Not only does Inmark strive to collect use and disclose personal data in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.
Inmark intends to apply this policy to all transfers of personal data, whether in electronic, paper or verbal format, received or made by Inmark. The provisions and the uses of this policy apply to all employees, contractors, subcontractors, agents and consultants working with, or on behalf of, Inmark.
This Policy sets forth the basic principles by which the Company processes the personal data of customers, clients, vendors, business partners, employees, contractors, and other individuals and indicates the responsibilities of its business departments and employees while processing personal data.
Questions about this policy, or requests for further information, should be directed to Inmark at firstname.lastname@example.org
For purposes of this policy, the following definitions shall apply:
Agent: Any third party that uses personal information provided to it by or on behalf of Inmark to perform tasks on behalf of and under the instructions of Inmark.
Inmark: Inmark, LLC., together with its successors, affiliates, subsidiaries, divisions and groups in the United States and other countries worldwide.
Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject") who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data: Personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, criminal records or trade union membership, or that concerns health or sexual orientation.
Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.
Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
Inmark intends to process personal data in accordance with the data protection privacy principles of any and all applicable international laws and regulations, including but not limited to the GDPR Principles.
Inmark also commits to subject to the Privacy Shield Principles all personal data received from the EU and Personal Data Protection Act2012 (PDPA)The GDPR Principles are set forth below:
Lawfulness, Fairness and Transparency Inmark processes personal data lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose Limitation Inmark collects personal data for specified, explicit and legitimate purposes and does not further process the data in a manner that is incompatible with those purposes.
Data Minimization Inmark collects personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. Inmark strives to collect the least amount of personal data possible. With the increasing number of countries restricting or disallowing the use of subjects’ initials as an identifier, Inmark will no longer collect subjects’ initials, except where the sponsor requires such and the Sponsor is compliant with the applicable national laws.
Accuracy Inmark keeps personal data accurate and, where necessary, up to date and takes reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
Storage Period Limitation Inmark keeps personal data for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality Inmark uses appropriate technical or organizational measures to process personal data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure.
In order to demonstrate compliance with the principles of data protection, Inmark has built data protection into its business activities.
When Inmark learns of a suspected or actual personal data breach, the Data Protection Officer must perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Response and Notification Procedure. Where there is any risk to the rights and freedoms of data subjects, Inmark shall notify the relevant data protection authorities without undue delay and, when possible, within 72 hours.
The responsibility for ensuring appropriate personal data processing lies with everyone who works for or with Inmark and has access to personal data processed by Inmark.
The key areas of responsibilities for processing personal data lie with the following organizational roles:
Chief Executive Officer (CEO)
Makes decisions about and approves, Inmark´s general strategies on personal data protection and ensures enforcement of this Policy.
Chief Financial Officer (CFO)
Manages the personal data protection program and is responsible for the development and promotion of end-to-end personal data protection policies. Monitors and analyses personal data laws and changes to regulations, develops compliance requirements and assists business departments in achieving their personal data goals.
Director of Information Technology (DIO)
Ensures all systems, services and equipment used for storing data meet required security standards. Performs regular checks and scans to ensure security hardware and software is functioning properly.
Approves any data protection statements attached to communications, such as emails and letters. Addresses any data protection queries from journalists or media outlets like newspapers. Where necessary, works with the DPO to ensure marketing initiatives abide by data protection principles.
Improves all employees' awareness of user personal data protection. Ensures end-to-end employee personal data protection. Ensures that employees' personal data is processed based on the employer's legitimate business purposes and necessity. Communicates the policy to employees and contractors as part of the induction process, and at regular intervals thereafter. Organizes additional training to individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, to help them understand their duties and how to comply with them.
Director of Purchasing
Passes on personal data protection responsibilities to vendors by ensuring Data Processing Agreements are signed. Improves vendors' awareness levels of personal data protection, as well as the flow down of personal data requirements to any third party a vendor is using. The Vendor Manager must ensure that Inmark reserves a right to audit vendors.
Manager, Quality Assurance
Ensures audits are conducted on how well business departments implement this Policy.
Any employee that Inmark determines to be in violation of this policy will be subject to disciplinary action and this may result in termination of their employment with Inmark. The employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
Inmark reserves the right to amend this policy from time to time to ensure it remains consistent with the Principles.
Inmark reserves the right to share individuals’ personal data as required by law or duly authorized data request of governmental authorities.
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which Inmark operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.