1. Respecting Privacy. In ALK, we respect the privacy and the rights of individuals in all areas of our business.
2. Individual rights, adequate information and access. Individuals need to be adequately informed about the processing of their personal data, their rights, and be allowed to access such data.
3. Care and diligence when handling requests and complaints. Any requests or complaints made by the individuals need to be handled with care and diligence.
4. Being fair and just in what we do. Processing of personal data not only needs to be legal, it also needs to be fair in the given circumstances and we need to be open about such practices.
5. Clearly defined purposes. Personal data may only be collected and used for clearly defined purposes.
6. Reasonable scope. The least amount of data sufficient for the given purposes must be collected, used and retained.
7. Quality of data is important. High quality/accuracy of data must be maintained and, as soon as no longer needed, data need to be deleted.
8. Reasonable protection. Personal data require reasonable protection and must be treated as confidential.
9. Life-cycle perspective. Full life-cycle protection, including transfers, need to be maintained.
10. Privacy is part of our DNA. Data protection should be embedded in the core settings and design of every product, process or service and not treated as an afterthought.
11. Sensitive data. Sensitive data merit special protection.
12. Special care in using technology in the decision-making process. Profiling and automated decision-making require very careful analysis before being allowed to be implemented.
13. International transfers. International transfers of personal data may be subject to specific requirements and limitations.
14. Privacy follows the data. Both internal and external transfers of personal data may be needed for our business operations, but the personal data must still be adequately protected.
15. Privacy standards when using third party processors. Entities processing data on our behalf must meet sufficient standards and appropriate contracts need to be in place.
16. Keeping track of what we do to protect your privacy. Our compliance efforts must be documented, so we can demonstrate where we stand on privacy.
17. Privacy is our joint responsibility. To protect personal data all departments and affiliates need to cooperate.
18. Being serious about possible breaches. Any breach must be reported immediately.
19. Keeping adequate records. Sufficient records of our operations must be kept.
20. Compliance program. Audits, reviews, and assessments are required to ensure that a high level of data protection is being met.
21. Training and awareness. ALK staff processing personal data must be adequately trained.
22. Reporting misconducts. Reasonable efforts to prevent any breaches need to be taken and misconducts reported.