GDPR Policy.

BoS Outsourcing GDPR Compliance Policy (USA)

Introduction

BoS Outsourcing ("we", "our", or "us") is committed to protecting and respecting the privacy of individuals and complying with the General Data Protection Regulation (GDPR) and any related U.S. data protection laws.

This policy outlines our GDPR compliance efforts, ensuring that the personal data of EU citizens we process is handled in accordance with GDPR standards.

1. Data Protection Principles

We adhere to the following data protection principles:

Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and transparently.

Purpose limitation: Personal data is only collected for specified, explicit, and legitimate purposes.

Data minimization: Only the necessary amount of personal data is processed.

Accuracy: Personal data must be accurate and kept up to date.

Storage limitation: Personal data is only kept as long as necessary.

Integrity and confidentiality: Personal data is processed securely.

2. Rights of the Data Subject

Any individual whose personal data we process has the right to:

Access their data

Correct inaccuracies in their data

Withdraw consent

Object to or limit processing

Erase or port their data

3. Data We Collect

We may collect and process personal data that includes, but is not limited to: name, address, email, phone number, IP address, and employment history.

4. Why We Process Data

We process data for purposes including:

Providing, maintaining, and improving our services.

Responding to requests or inquiries.

Complying with legal obligations.

5. Data Sharing

We may share personal data with third parties only in ways described in our privacy notice and will not sell personal data to third parties.

6. International Transfers

Though we are a U.S.-based entity, we recognize and uphold GDPR standards when transferring personal data from the EU to the U.S. We have measures in place to ensure an equivalent level of protection for this data.

7. Data Security

We have in place robust technical and organizational measures to ensure the security of the personal data we process, and to prevent unauthorized access, alteration, disclosure, or destruction.

8. Breach Notification

In case of a data breach, we have processes in place to ensure timely notification to the relevant supervisory authorities and to the affected data subjects when required.

9. Ongoing Compliance

We conduct regular assessments and audits of our data protection policies and procedures to ensure ongoing GDPR compliance.

10. Contact Us

If you have questions about our GDPR compliance efforts or wish to exercise any of your rights under the GDPR, please contact our Data Protection Officer at: [dpo@bosoutsourcing.com]

GDPR Policy (UK)

At BoS Outsourcing Conglomerate, we're committed to maintaining the trust and confidence of all our stakeholders. This includes job applicants, current and former employees, as well as temporary and agency workers, contractors, interns, volunteers, and apprentices. We collect, store and process your personal data in compliance with the General Data Protection Regulation (GDPR) guidelines for a number of lawful purposes.

Scope and Overview

This GDPR notice is provided on behalf of Aetheria Group and all its associated entities. A comprehensive list of our group companies and their trading names can be accessed [here]. Whenever the term "Aetheria Group" is used, it pertains to these companies. If you need a printed version of this privacy policy or a list of our group companies, kindly get in touch with us via the provided contact information.

Throughout this privacy policy, whenever we mention "we", "us", or "our", we refer to any company under the Aetheria Group that processes your personal data.

BoS Outsourcing Limited is the data controller for your personal data.

This policy governs your interaction with all our websites under the Aetheria Group umbrella.

Should you have questions or need more details about this privacy notice or the personal data we have about you, reach out to us:

Via email at: dpo@aetheriagroup.com

By writing to: Data Protection Officer, Aetheria Group, 85 Great Portland Street, London, England, W1W 7LT

Should you have reservations about how we handle your personal data, you can lodge a complaint with the Information Commissioner's Office (ICO), the UK body responsible for data protection, at www.ico.org.uk. We, however, hope you'd give us an opportunity to address your concerns before approaching the ICO.

This privacy notice is periodically reviewed and updated as required. Regularly reviewing it will ensure you are always informed. The last update was on 01/08/2023.

Data Protection Principles

In accordance with GDPR, our data processing principles ensure that:

• Personal data is processed lawfully, fairly, and transparently;

• Collection of personal data is done for specified, explicit and legitimate purposes only. Any processing outside these purposes will not be entertained;

• Only adequate, relevant and necessary personal data is processed for the intended purposes;

• All personal data is accurate and up-to-date. We take reasonable steps to promptly delete or correct any inaccurate personal data.

Sensitive Personal Information

Sensitive personal data, also known as 'special categories of personal data', may occasionally need to be processed. We will only do so if:

• We have a lawful basis for processing, such as necessity for performance of the employment contract, compliance with our legal obligations, or in pursuance of our legitimate interests;

• One of the special conditions for processing sensitive personal data applies. This includes explicit consent, necessity for employment law rights or obligations, protection of vital interests, if the data is publicly available, if it's necessary for legal claims, or substantial public interest.

Data Security

We are committed to ensuring the security of your personal data. We have implemented technical and organisational security measures to protect your personal data from accidental loss, alteration, and unauthorised access or disclosure. These measures are reviewed regularly and updated as necessary.

Data Sharing and Third-Party Transfers

We may share your personal data with trusted third parties for specific, legitimate purposes under strict data protection agreements. We ensure any data transferred outside of the European Economic Area adheres to the same data protection standards by implementing appropriate safeguards.

Data Retention

Your personal data will only be retained for as long as necessary to fulfill the purposes for which it was collected. After this period, your personal data will be securely deleted or archived in compliance with applicable laws.

Employee Rights

As data subjects, all members of our workforce have certain rights:

• To be informed about the how, why, and on what basis your information is processed;

• To confirm if your information is being processed and to access it along with certain other information through a subject access request;

• To request correction of your data if it is inaccurate or incomplete;

• To request erasure of your data if it is no longer necessary for the original purpose, or if there are no overriding legitimate grounds for processing. This is sometimes referred to as 'the right to be forgotten';

• To restrict the processing of your personal information in cases where its accuracy is contested, the processing is unlawful, or if the company no longer needs it, but you need it to establish, exercise or defend a legal claim;

• To temporarily restrict the processing of personal information if you contest its accuracy (and we are verifying it), or if you object to its processing (and we are considering if our organisation's legitimate grounds override your interests).

Contact Information

For any queries, requests, or complaints regarding personal data processing, you can contact our Data Protection Officer at dataprotection@bosoutsourcing.com. You also have the right to lodge a complaint with the relevant Data Protection Authority.

By acknowledging these principles and rights, BoS Outsourcing Conglomerate reasserts its commitment to protect your privacy and respect your rights as per the GDPR.

GDPR Policy (India)

1. Introduction At BoS Outsourcing, we are committed to maintaining the trust and confidence of our clients and visitors to our website. In this GDPR Policy, we detail why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.

2. Scope This policy applies to all our products, services, and websites.

3. Legal Framework Reference Our data protection practices are in alignment with:

• The European Union's General Data Protection Regulation (GDPR)
• The Indian Personal Data Protection Bill (once it's enacted and if relevant)

4. Data Collection and Use

• Personal Data: We collect personal data like names, addresses, phone numbers, email addresses, etc., when they are voluntarily provided by our clients or website visitors.
• Purpose Limitation: We will collect data for the purpose specified and will ensure it's relevant and limited to what's necessary.

5. Data Storage and Security

• All data collected is stored in secure environments. We have implemented stringent measures to ensure data breaches are prevented.
• Data transfers to third countries (outside India or the EU) are subject to rigorous scrutiny and are done in compliance with GDPR provisions.

6. Data Subject's Rights In accordance with GDPR and relevant Indian laws:

• Individuals have the right to access their data and know the purpose of its processing.
• They have the right to rectify incorrect data.
• They can request the deletion of their data ("right to be forgotten").
• They can request the restriction of data processing in certain circumstances.
• They can object to the processing of their data.

7. Cookies Our website uses cookies for enhancing the user experience and collecting data to analyze website performance. Clear consent will be taken from users before using cookies, as required by GDPR.

8. Third Parties BoS Outsourcing does not share or sell personal data to third parties. If there's a legitimate need to share data with service providers, we ensure they adhere to strict data protection standards.

9. Changes to the Policy This GDPR policy may change over time, and if it does, the updated policy will be posted on our website. Regular reviews of this policy will be conducted to ensure compliance with the existing legal framework.

10. Data Protection Officer We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. If you have any questions, you can reach out to [DPO's email or contact].

11. Grievance Redressal If you believe that your data protection rights have been violated, you can file a complaint with our DPO or approach relevant Indian regulatory authorities.

GDPR Policy (Pakistan)

1. Introduction

At BoS Outsourcing, we prioritize the security and privacy of our clients and website visitors. This GDPR Policy outlines our commitment to safeguarding personal data and delineates the principles we follow in line with international and Pakistani standards.

2. Scope

This policy extends to all services, products, and websites managed by BoS Outsourcing.

3. Legal Framework Reference

Our data management principles are consistent with:

• The European Union's General Data Protection Regulation (GDPR).
• The draft Personal Data Protection Bill of Pakistan (once it's enacted and if relevant).

4. Data Collection and Use

• Personal Data: Personal details such as names, addresses, phone numbers, and email addresses are accumulated when willingly given by our clients or website users.
• Purpose Limitation: Personal data will be utilized exclusively for the intent declared and will remain pertinent to the needs of the process.

5. Data Storage and Security

• Our commitment includes securely storing all gathered data. BoS Outsourcing takes extensive precautions to guard against potential data breaches.
• Transfers of data to countries outside of Pakistan or the EU are subject to strict evaluation and adhere to the GDPR's regulations.

6. Rights of the Data Subject

In alignment with GDPR and anticipated Pakistani legislation:

• Individuals have the authority to access their data and determine its processing purpose.
• They can request rectification of inaccurate data.
• A right to erasure ("right to be forgotten") allows individuals to ask for data deletion.
• In specific situations, individuals can ask for restrictions on data processing.
• They can also contest the handling of their data.

7. Cookies

To enhance user experience and gather data for website performance analysis, our website utilizes cookies. We will obtain transparent consent from users, adhering to GDPR stipulations.

8. Third-Party Affiliations

BoS Outsourcing refrains from trading or distributing personal data to third parties. When there is a valid reason to relay data to our service providers, we guarantee that they follow stringent data protection guidelines.

9. Policy Modifications

Changes might be introduced to this GDPR policy in the future. In such cases, the updated policy will be made accessible on our website. Regular assessments of this policy will be conducted to confirm its adherence to the prevailing legal framework.

10. Data Protection Officer

We have designated a Data Protection Officer (DPO) to oversee compliance with this GDPR policy. Questions or concerns can be addressed to the DPO at inquiries@bosoutsourcing.com

11. Addressing Grievances

If you feel your data protection rights have been violated, we encourage you to reach out to our DPO or the relevant Pakistani regulatory authorities.