top of page

Data Protection Policy

Studio Connect is committed to responsibly collecting, managing, safeguarding, and protecting personal and sensitive information of our clients, employees, and stakeholders. 

Procedures and Controls
 
Collection of Personal and Sensitive Information

  • Collect personal information lawfully, fairly, transparently, and only to the extent necessary for our business activities.

  • Clearly inform individuals of the purpose, usage, storage, and sharing practices at the point of data collection.

  • Obtain explicit consent for collection and processing, especially for sensitive information.

 
Storage and Security

  • Store personal information securely with robust cybersecurity controls, including secure passwords, and access management protocols.

  • Limit access to personal and sensitive information strictly to authorised personnel on a need-to-know basis.

  • Regularly review and update security systems to maintain compliance with evolving security standards.

 
Data Usage

  • Personal information will only be used for the specific purpose for which it was collected unless explicit consent is obtained for any other use.

  • Ensure regular training and awareness programs for all employees handling personal data.

 
Data Accuracy and Maintenance

  • Regularly review and update personal information to maintain accuracy and completeness.

  • Facilitate prompt correction or deletion of inaccurate or outdated personal data upon request.

 

Data Retention and Disposal

  • Retain personal information only as long as necessary for the purpose it was collected or as required by law.

  • Securely dispose of personal data when no longer required.

 
Reporting of Data Breaches

  • Establish a clear procedure for rapid response to suspected or confirmed data breaches, ensuring compliance with the Australian Notifiable Data Breach Scheme.

  • Immediately assess and contain any breach, minimise potential harm, and mitigate further risks.

  • Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) promptly as required by law.

  • Document all breaches comprehensively, including actions taken and measures implemented to prevent future incidents.

 
Accountability and Review

  • Regularly audit privacy procedures and controls to ensure ongoing compliance and effectiveness.

  • Provide clear channels for inquiries and complaints related to personal data handling, privacy concerns, and breaches.

bottom of page