a) what constitutes the Data Subject’s consent;
b) description of collectable personal information;
c) purpose of collection of personal data;
d) technical methods used to collect and store personal information, cookies,
JWT, web tokens etc.;
e) access (if any) of third parties to personal data and purpose of access;
f) a highlight of the principles stated in section 5;
g) available remedies in the event of violation of the privacy policy;
h) the time frame for remedy and
i) any limitation clause, provided that no limitation clause shall avail any Data
Controller who acts in breach of the principles set out in Section 6.
2.6 DATA SECURITY
Anyone involved in data processing or the control of data shall develop security
measures to protect data; such measures include but not limited to protecting
systems from hackers, setting up firewalls, storing data securely with access to
specific authorized individuals, employing data encryption technologies, developing
organizational policy for handling personal data (and other sensitive or confidential
data), protection of emailing systems and continuous capacity building for staff.
2.7 THIRD PARTY DATA PROCESSING CONTRACTS
Data processing by a third party shall be governed by a written contract between the
third party and the Data Controller. Accordingly, any person engaging a third party to
process the data obtained from Data Subjects shall ensure adherence to this
Regulation.
2.8 OBJECTIONS BY THE DATA SUBJECT
The right of a Data Subject to object to the processing of his data shall be
safeguarded at all times. Accordingly, a Data Subject shall have the option to:
a) object to the processing of personal data relating to him which the Data
Controller intend to process for the purposes of marketing;
b) be expressly and manifestly offered the mechanism for objection to any form
of data processing free of charge .
10