General Privacy Policy Statements

1. COMPASS adheres to the general principles of transparency, legitimate purpose and proportionality in the collection, processing, securing, retention and disposal of personal information.
2. The trainees, employees or third parties whose personal information is being collected shall be considered as data subjects for purposes of these policies.
3. Data subjects shall be informed the reason or purpose of collecting and processing of personal data.
4. The data subjects shall have the right to correct the information especially in cases of erroneous or outdated data, and to object to collection of personal information within the bounds allowed by privacy and education laws.
5. The data subject has the right to file a complaint in case of breach or unauthorized access of his personal information.
6. COMPASS shall secure the personal information of trainees, employees and third parties from whom personal information is collected and shall take adequate measures to secure both physical and digital copies of the information.
7. COMPASS shall ensure that personal information is collected and processed only by authorized personnel for legitimate purposes of the company.
8. Any information that is declared obsolete on the internal privacy and retention procedures of the company shall be disposed of in a secure and legal manner.
9. Any suspected or actual breach of the COMPASS Data Privacy Policy must be reported to any member of the Data Privacy Response Team in accordance with the procedure provided in Article IX (iii) of this Manual.
10. Data subjects may inquire or request for information from the Data Privacy Response Team, regarding any matter relating to the processing of their personal data under the custody of COMPASS, including the data privacy and security policies implemented to ensure the protection of their personal data pursuant to Article IX (i) of this Manual.