Internal Personal Data Protection

Governing the processing and security of employee and contractor personal data.

1. Objective & Scope

The objective of this policy is to ensure that Lowmips.com, LLC (the "Company") handles internal personal data with the utmost care, ensuring privacy rights are respected and data is secured against unauthorized access. This policy applies to all personal data relating to:

  • Current and former employees.
  • Independent contractors and consultants.
  • Job applicants.

2. Data Collection & Purpose

We collect and process internal personal data only for specific, legitimate business purposes, including:

  • Human Resources Administration: Recruitment, payroll processing, benefits administration, and tax reporting.
  • Operational Security: Creating user accounts, managing access controls, and monitoring system usage for security threats.
  • Legal Compliance: Meeting obligations under labor laws and tax regulations.

Data collected may include names, contact details, identification numbers (SSN/Passport), banking details for direct deposit, and emergency contact information.

3. Data Security Measures

Internal personal data is classified as Confidential or Restricted. The Company implements the following measures to protect this data:

  • Access Control: Access is restricted to HR personnel and management on a strictly "need-to-know" basis.
  • Encryption: Digital records are encrypted at rest (AES-256) and in transit.
  • Physical Security: Physical personnel files are kept in locked storage environments with limited key access.

4. Data Retention

Internal personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws (e.g., tax records retained for 7 years). Once the retention period expires, data is securely destroyed via digital shredding or physical pulping.

5. Employee & Contractor Rights

Subject to applicable local laws, individuals covered by this policy have the right to:

  • Request access to their personal data held by the Company.
  • Request correction of inaccurate or incomplete data.
  • Object to the processing of their data where applicable.
  • Request erasure of data (Right to be Forgotten) when no longer legally required to be retained.
← Back to Security Policies