Customer Data

CUSTOMER DATA MANAGEMENT POLICY

1. INTRODUCTION

At Head Above Water, we understand the importance of protecting our customers' data and maintaining their privacy. This Customer Data Management Policy outlines our commitment to managing customer data responsibly and provides guidelines for handling, storing, and protecting customer information.

2. SCOPE

This policy applies to all employees, contractors, and third parties who have access to customer data in the course of their work at Head Above Water. It covers all forms of customer data, including personal and sensitive information, collected through various channels such as our website, applications, customer interactions, and other sources.

3. DATA COLLECTION AND USE

3.1. Consent and Purpose

We collect customer data only with their consent and for specified, legitimate purposes. We will clearly communicate the purpose of data collection to customers and obtain their explicit consent before collecting any personal information.

3.2. Data Minimization

We will collect only the minimum amount of customer data necessary to fulfill the stated purpose. We will avoid collecting unnecessary or excessive information.

3.3. Lawful Basis

Customer data will be collected and processed on lawful grounds, such as the necessity of fulfilling contractual obligations, compliance with legal requirements, or legitimate interests pursued by Head Above Water. When required, we will seek explicit consent as a lawful basis for processing personal data.

3.4. Notification

We will provide customers with clear and concise information about the types of data collected, the purpose of collection, and any third parties involved in data processing. This information will be easily accessible and available to customers at the time of data collection.

4. DATA STORAGE AND SECURITY

4.1. Data Storage

Customer data will be stored securely in a controlled environment that provides appropriate safeguards against unauthorized access, disclosure, alteration, or destruction. We will regularly assess and update our data storage practices to maintain the highest standards of security.

4.2. Access Control

Access to customer data will be restricted to authorized personnel who require it to perform their job duties. Access privileges will be granted on a need-to-know basis, and employees will undergo training to ensure they understand their responsibilities regarding customer data protection.

4.3. Data Retention

We will retain customer data only for as long as necessary to fulfill the purposes for which it was collected, unless longer retention is required by law or for legitimate business purposes. We will establish retention periods for different types of data and regularly review and delete data that is no longer needed.

5. DATA SUBJECT RIGHTS

We recognize and respect the rights of customers regarding their personal data. We will provide mechanisms for customers to exercise their rights, including the right to access, rectify, erase, restrict processing, and object to the processing of their personal data. Requests from data subjects will be promptly addressed in accordance with applicable laws.

6. TRAINING AND COMPLIANCE

We will provide regular training and awareness programs to employees to ensure they understand their responsibilities under this policy. Compliance with this policy and applicable data protection laws will be regularly monitored, and appropriate measures will be taken to address any non-compliance or breaches.

7. POLICY REVIEW

This policy will be reviewed periodically to ensure its ongoing relevance and effectiveness. Changes to the policy will be communicated to employees and relevant stakeholders, and appropriate training and guidance will be provided to ensure compliance with the updated policy.

8. CONCLUSION

At Head Above Water, we are committed to protecting our customers' data and maintaining their privacy. This Customer Data Management Policy provides a framework for managing customer data responsibly, ensuring compliance.

UPDATED JUNE 2023