Home Data Protection Policy

Our Data Protection Policy

    Data Protection Policy for Andersen Tax
    Last Updated: 12 December 2024
    1. Introduction
    1.1 Purpose
    The purpose of this Data Protection Policy is to outline the principles and procedures that Andersen Tax follows to ensure the confidentiality, integrity, and availability of client data, specifically KYC information, tax details, financial information, and related data.
    1.2 Scope
    This policy applies to all employees, contractors, and third-party service providers who have access to client data within Andersen Tax. It encompasses all branches nationwide.
    2. Data Classification and Handling
    2.1 Data Classification
    Client data will be classified into categories based on sensitivity, such as:
    • Confidential (High Sensitivity): KYC information, tax details, financial reports.
    • Internal Use (Medium Sensitivity): Internal reports and communications.
    • Public (Low Sensitivity): Non-sensitive public information.
    2.2 Handling Procedures
    • Access to confidential data is restricted to authorized personnel only.
    • Internal use data may be shared among employees on a need-to-know basis.
    • Public data can be shared externally following appropriate guidelines.
    3. Data Collection and Processing
    3.1 Consent
    Client consent will be obtained before collecting and processing any personal or sensitive information.
    3.2 Purpose Limitation
    Client data will only be collected for specified and legitimate purposes, as outlined in the client agreement.
    3.3 Data Accuracy
    Efforts will be made to ensure the accuracy of client data, and updates will be requested as necessary.
    4. Data Security
    4.1 Physical Security
    Physical access to areas storing client data will be restricted and monitored.
    4.2 Electronic Security
    • Client data will be stored on secure servers with access controls.
    • Encryption protocols will be employed for data transmission and storage.
    5. Data Retention and Disposal
    Client data will be retained only for the duration necessary for the intended purpose. Data that is no longer needed will be securely disposed of.
    6. Data Breach Response
    In the event of a data breach, Andersen Tax will follow the necessary steps to mitigate the impact and promptly notify affected parties as required by law.
    7. Approved Systems and Third-Party Software
    In our commitment to ensuring the highest standards of data protection, we carefully evaluate and select systems and third-party software providers that demonstrate robust security measures, compliance with regulatory standards, and a strong track record of protecting sensitive information.
    8. Evaluation and Monitoring of Third-Party Providers
    All third-party providers are subject to an initial evaluation and ongoing monitoring to ensure continued compliance with industry standards. Key considerations include:
    1. Compliance with International Standards: All providers must demonstrate adherence to regulations such as GDPR, CCPA, HIPAA, ISO 27001, or other relevant frameworks.
    2. Proven Security Protocols: Providers must use state-of-the-art encryption, access controls, and threat protection measures.
    3. Transparency: Clear privacy policies, regular audit reports, and a commitment to safeguarding data integrity.
    4. Reputation and Track Record: We select providers with a history of excellence in security, reliability, and customer trust.
    By relying on these trusted systems and providers, our organization ensures that your data is handled with the utmost care and in compliance with relevant laws and regulations.
    9. Compliance
    This policy will be regularly reviewed and updated to ensure compliance with relevant data protection laws in Botswana.
    10. Contact Information
    For any questions or concerns regarding this policy, please contact info@bw.andersen.com