Data Privacy and Data Management Policy
1. Purpose
This Data Privacy and Data Management Policy outlines WiseGold Advisory LLC’s commitment to protecting the privacy of personal and confidential information in compliance with Florida’s Florida Information Protection Act (FIPA) and applicable federal laws. This policy provides guidance on collecting, using, managing, and securing data to ensure the confidentiality, integrity, and availability of personal information.
2. Scope
This policy applies to all employees, contractors, consultants, temporary staff, and any other personnel who handle data within WiseGold Advisory LLC. It covers all data collected, processed, stored, or transferred, regardless of its medium (physical or digital).
3. Data Collection and Use
WiseGold Advisory LLC collects only the minimum amount of personal information necessary to achieve its business objectives. Personal information may include, but is not limited to:
• Names
• Addresses
• Social Security Numbers (SSNs)
• Financial data
• Health information
• Payment details
Data is collected lawfully, with the explicit or implied consent of the individual, and used solely for its intended business purposes.
4. Data Management
4.1 Data Access
Access to personal and confidential data is limited to authorized personnel on a need-to-know basis. Access rights are reviewed periodically to ensure that only appropriate staff has access to sensitive information.
4.2 Data Storage and Encryption
All personal data is stored securely, and encryption is used for data at rest and in transit wherever possible. Physical access to storage locations is restricted and monitored.
4.3 Data Minimization and Retention
Data is retained only as long as necessary to fulfill its purpose, comply with legal requirements, or as required by contractual obligations. A periodic review of stored data will ensure that any obsolete or redundant data is securely deleted.
5. Data Security
5.1 Technical and Organizational Measures
We implement technical measures such as firewalls, antivirus software, intrusion detection systems, and data encryption. Organizational measures include staff training on data protection principles, data privacy practices, and incident response protocols.
5.2 Incident Response
In the event of a data breach, WiseGold Advisory LLC will activate its Data Breach Response Plan, which includes:
• Immediate containment and investigation of the breach.
• Notification to affected individuals if a risk of harm is identified.
• Reporting to the Florida Department of Legal Affairs within 30 days, as required by FIPA.
• Detailed documentation of the breach and mitigation steps.
5.3 Third-Party Vendors
All third-party vendors handling personal data on behalf of WiseGold Advisory LLC are required to comply with this policy and sign a Data Protection Agreement. Regular audits will be conducted to ensure compliance.
6. Individual Rights
6.1 Right to Access
Individuals may request access to their personal information held by WiseGold Advisory LLC. We will provide the information promptly and correct any inaccuracies identified.
6.2 Right to Erasure
Individuals may request the deletion of their personal data, subject to legal retention requirements.
6.3 Right to Restrict Processing
Upon request, individuals may restrict the processing of their personal data in cases where the data’s accuracy or the lawfulness of processing is contested.
7. Compliance and Monitoring
WiseGold Advisory LLC’s Data Privacy Officer (DPO) will oversee compliance with this policy, conduct regular audits, and provide reports on compliance status to senior management.
8. Employee Training and Awareness
All employees undergo data privacy and security training as part of their onboarding process and are required to attend annual refresher sessions. Training includes:
• Data protection laws and regulations.
• Company policies and procedures for data management.
• Incident response procedures.
9. Policy Review and Updates
This policy is reviewed annually or as necessary to reflect changes in laws, regulations, or business practices. Updates to the policy are communicated to all employees and relevant stakeholders.
This policy should be tailored to meet the specific needs of your organization. Consider consulting with a legal professional to ensure it meets all compliance obligations for your industry and operational practices.