top of page
Bestar Personal Data Protection Standard Framework

 

The Bestar Personal Data Protection Standard is a comprehensive internal compliance regime designed to govern the lifecycle of personal data. This framework balances the individual's right to privacy with Bestar’s operational necessity to process data for legitimate business purposes.

 

By adhering to these standards, Bestar ensures legal compliance, mitigates the risk of data breaches, and fosters a culture of transparency and trust.

1. Core Principles of the Framework

The framework is built upon three foundational pillars:

  • Consent: Individuals must be aware of and agree to the processing of their data.

  • Purpose: Data must only be collected for specified, reasonable business needs.

  • Accountability: Bestar takes full responsibility for the data in its possession, including data processed by third-party vendors.

2. The Ten Data Protection Obligations

To maintain a robust standard of protection, Bestar adheres to the following mandatory obligations:

A. Governance and Accountability

 

  • The Consent Obligation: Bestar shall not collect, use, or disclose personal data unless the individual gives (or is deemed to give) consent. Individuals may withdraw consent at any time with reasonable notice.

  • The Purpose Limitation Obligation: Data may only be processed for purposes that a reasonable person would consider appropriate in the circumstances and for which consent has been obtained.

  • The Notification Obligation: Bestar must inform individuals of the purposes for which their data is being handled on or before the point of collection.

 

B. Data Quality and Access

  • The Accuracy Obligation: Bestar will make a reasonable effort to ensure that personal data collected is accurate and complete, especially if it is likely to be used to make a decision affecting the individual.

 

  • The Access and Correction Obligation: Upon request, Bestar must provide individuals with access to their personal data and information about how it has been used/disclosed within the past year. Individuals may also request corrections to errors or omissions.

 

C. Care and Retention

 

  • The Protection Obligation: Bestar must implement "reasonable security arrangements" to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal.

 

  • The Retention Limitation Obligation: Bestar must cease to retain documents containing personal data as soon as the purpose for which it was collected is no longer served and retention is no longer necessary for legal or business purposes.

 

D. Movement and Security

 

  • The Transfer Limitation Obligation: If personal data is transferred outside of the primary jurisdiction, Bestar ensures the receiving party provides a standard of protection comparable to our internal framework.

 

  • The Data Breach Notification Obligation: In the event of a data breach that causes (or is likely to cause) significant harm, Bestar will notify the relevant regulatory authorities and affected individuals promptly.

 

  • The Accountability Obligation: Bestar must appoint a Data Protection Officer (DPO) and make information about its data protection policies and practices available to the public.

 

3. Data Handling Lifecycle

 

Bestar manages personal data through a structured four-stage process:

 

Stage & Action Requirements

Collection

Verify identity, provide notice of purpose, and obtain explicit or deemed consent.

 

Usage

Limit data access to authorized personnel only; use data strictly for approved business functions.

 

Disclosure

Ensure third parties sign Non-Disclosure Agreements (NDAs) and meet Bestar’s protection standards.

 

Disposal

Use secure shredding for physical documents and permanent erasure (overwriting) for digital files.

4. Implementation and Compliance


To ensure this framework is more than just a policy, Bestar mandates:

 

  1. Staff Training: Regular privacy awareness workshops for all employees.​

  2. Risk Assessment: Annual Data Protection Impact Assessments (DPIA) for new projects or software.

  3. Audit Trails: Maintaining logs of data access and disclosures to ensure transparency.

  4. Incident Response: A dedicated team ready to execute the Data Breach Management Plan if a security lapse occurs.

Standard Statement: Bestar is committed to protecting the privacy of our stakeholders. This framework serves as the definitive guide for all data-related activities, ensuring that every piece of information we hold is treated with the highest degree of care and legal rigor.

© 2026 by Bestar

  • Bestar Facebook Icon
  • Twitter
  • Bestar LinkedIn Icon
bottom of page