1: Introduction

1.1 Policy Purpose
This Data Protection and Privacy Policy outlines the commitments and obligations of Origin Payroll in managing, protecting, and using personal and financial data responsibly. The policy is designed to ensure compliance with applicable data protection laws and to foster trust with clients, employees, and partners by demonstrating transparency and accountability in data handling practices.

1.2 Scope of Policy
This policy applies to all employees, contractors, and third-party service providers of Origin Payroll who may have access to personal or financial data in the course of their work. It encompasses all data processing activities performed by Origin Payroll, including the collection, use, processing, storage, and destruction of personal data.

2: Definitions and Key Terms

2.1 Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.

2.2 Processing
Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

2.3 Data Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

3: Data Protection Principles

3.1 Lawfulness, Fairness, and Transparency
Origin Payroll commits to processing all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

3.2 Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3.3 Data Minimisation
Origin Payroll ensures that personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

3.4 Accuracy
Every reasonable step must be taken to ensure that personal data processed is accurate, up-to-date, and, where necessary, kept up to date.

3.5 Storage Limitation
Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

3.6 Integrity and Confidentiality
Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage by using appropriate technical or organisational measures.

4: Rights of the Data Subject

4.1 Right to Information
Data subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

4.2 Right of Access
Data subjects have the right to access their personal data and supplementary information.

4.3 Right to Rectification
Data subjects have the right to have inaccurate personal data rectified, or completed if it is incomplete.

4.4 Right to Erasure
Data subjects have the right to have personal data erased, also known as ‘the right to be forgotten’.

4.5 Right to Restrict Processing
Data subjects have the right to request the restriction or suppression of their personal data processing.

4.6 Right to Data Portability
Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.

4.7 Right to Object
Data subjects have the right to object to the processing of their personal data in certain circumstances.

4.8 Rights Related to Automated Decision Making and Profiling
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

5: Data Protection Measures

5.1 Technical Measures
Origin Payroll implements robust technological solutions to ensure the security of data, including encryption, firewalls, secure server facilities, and data minimisation techniques.

5.2 Organisational Measures
Training and awareness programs are regularly conducted for all employees handling personal data. Access to personal data is limited to authorized personnel based on the need-to-know principle, and strict performance and confidentiality agreements are in place.

5.3 Data Breach Response
A data breach response protocol is established to promptly address any security incidents. The protocol includes immediate containment and assessment, followed by a regulatory notification if required.

6: Policy Review

6.1 Regular Review
This policy will be reviewed biennially to ensure its continuing suitability, adequacy, and effectiveness in relation to compliance with evolving data protection regulations and best practices.

6.2 Amendment Procedure
Any amendments to this policy will be approved by the Data Protection Officer and communicated to all affected parties without delay.

7: Compliance

7.1 Monitoring and Enforcement
The Data Protection Officer is responsible for the ongoing monitoring and enforcement of this policy, ensuring that Origin Payroll complies with its data protection obligations.

7.2 Training and Awareness
Regular training on data protection and privacy laws will be provided to all employees to ensure widespread understanding and implementation of this policy.

This comprehensive policy serves as the foundation for Origin Payroll’s commitment to data protection and privacy, ensuring that all stakeholders, including clients and employees, can trust in the company’s handling of their personal and sensitive information.