Gatsby Data Protection and Confidentiality Policy

Introduction

Gatsby is committed to safeguarding the privacy and security of the information we collect, use, store, and disclose. This policy outlines our practices and the responsibilities of our interns regarding data protection, confidentiality, and non-disclosure.

Scope

This policy applies to all interns of Gatsby, across all departments and locations, pertaining to all forms of data, including but not limited to electronic data, documents, and verbal communication.

Data Protection

  1. Data Handling: Interns must handle all company-related data in accordance with Gatsby's Data Protection Procedures and any applicable data protection laws (e.g., GDPR, CCPA).

  2. Data Access: Access to sensitive or personal data is granted on a need-to-know basis. Interns are required to use such data solely for the purpose for which it was disclosed.

  3. Data Storage and Transmission: Secure methods must be used for storing and transmitting data, including encryption of electronic files and the use of secure file transfer methods.

Confidentiality

  1. Confidential Information Definition: Confidential information includes, but is not limited to, trade secrets, business plans, strategies, customer lists, proprietary software, research and development, and any non-public business-related information.

  2. Obligation: Interns must not disclose any confidential information obtained during their internship to any third party without prior written consent from Gatsby.

  3. Protection of Confidential Information: Interns are expected to take all reasonable precautions to protect the confidentiality of company information, including securing electronic devices and physical documents.

Non-Disclosure Agreement (NDA)

  1. Agreement to Non-Disclosure: As part of the onboarding process, interns are required to sign a Non-Disclosure Agreement (NDA) which legally binds them to confidentiality and data protection obligations.

  2. Duration of Obligation: The obligation to not disclose confidential information remains in effect during and after the termination of the internship, for a period defined in the NDA.

  3. Breach of Agreement: Any breach of the NDA or this policy may result in disciplinary action, including termination of the internship and potential legal action.

Reporting and Compliance

  1. Incident Reporting: Interns must immediately report any suspected or actual breaches of data protection or confidentiality to their supervisor or the Designated Compliance Officer.

  2. Compliance Training: All interns are required to complete data protection and confidentiality training as part of their onboarding process.

  3. Policy Review and Acknowledgment: Interns are required to review and acknowledge this policy, confirming their understanding and agreement to comply.

Amendments

Gatsby reserves the right to amend this policy at any time. Interns will be notified of any changes and required to comply with the updated policy terms.