Table of Contents
Objective
The objective of this policy is to outline the principles and practices for protecting the privacy of
personal information in the design, development, and delivery of Obox Solution Ltd. products and
services. Privacy by Design is to proactively protect the privacy of individuals by minimizing the
amount of personal data collected, ensuring that the data collected is used only for the intended
purpose, and implementing strong security measures to prevent unauthorized access or disclosure.
Scope
This policy applies to all employees, contractors, and third-party service providers who handle
personal information in the course of their work for our organization.
Policy Statement
At Obox Solution Ltd., we are committed to safeguarding the privacy and security of personal
information. We believe in integrating privacy considerations into our products, services, and
business processes from the earliest stages of development. This Privacy by Design policy outlines
our commitment to protecting personal information and our approach to embedding privacy
protections into our operations.
Principles
Our organization is committed to the following Privacy by Design principles:
- Proactive, not Reactive: Privacy considerations are integrated into all aspects of our products and services, from the initial design phase through to end-of-life.
- Privacy as the Default Setting: Our products and services are designed to minimize the collection and use of personal information and to make privacy the default setting.
- Privacy Embedded into Design: Privacy considerations are incorporated into the design and architecture of our products and services, including security measures to protect personal information from unauthorized access, use, and disclosure.
- End-to-End Security: Our products and services are designed to ensure end-to-end security of personal information, from collection to storage, use, and disposal.
- Transparency and User Control: We provide clear and concise information about our privacy practices, including how personal information is collected, used, and disclosed, and give individuals control over their personal information.
- Respect for User Privacy: We respect the privacy of individuals and do not use personal information for any purpose other than the intended purpose.
Procedures
To implement these principles, Obox Solution Ltd. will:
- Conduct privacy impact assessments (PIAs) to identify and mitigate privacy risks associated with our products and services.
- Implement data minimization practices to limit the collection, use, and retention of personal
information to only what is necessary to provide the intended product or service and in accordance with Data Protection Policy. - Provide clear and concise privacy notices that explain our collection, use, and disclosure practices to individuals.
- Obtain the appropriate consent from individuals before collecting or using their personal information, where required by law.
- Implement appropriate technical and organizational security measures to protect personal information from unauthorized access, use, and disclosure.
- Regularly review and update our Privacy by Design Policy and related procedures to ensure ongoing compliance with applicable laws and regulations.
Training and Accountability
Obox Solution Ltd. will provide training and resources to employees, contractors, and third-party
service providers to ensure they understand their roles and responsibilities under this policy. We
will also hold individuals accountable for complying with this policy and related procedures and take
appropriate disciplinary action for non-compliance.
Document Security Classification
Company Internal (please refer to the Data Classification policy for details)
Non-Compliance
Compliance with this policy shall be verified through various methods, including but not limited to
automated reporting, audits, and feedback to the policy owner. Any staff member found to be in
violation of this policy may be subject to disciplinary action, up to and including termination of
employment or contractual agreement. The disciplinary action shall depend on the extent, intent,
and repercussions of the specific violation.
Responsibilities
The Privacy Officer is responsible for approving and reviewing policy and related procedures.
Supporting functions, departments, and staff members shall be responsible for implementing the
relevant sections of the policy in their area of operation.
Schedule
This document shall be reviewed annually and whenever significant changes occur in the
organization.
Version history
2 Current Policy version approved by Fazeel Javed 14 Jul, 2025
2 New policy version created 14 Jul, 2025
1 Policy version approved by Fazeel Javed 28 Aug, 2024
1 New policy version created 16 May, 2024