Data Protection

Policy Statement

This policy affirms Evercam’s commitment to protecting personal data and upholding individuals' rights across all jurisdictions in which we operate. Evercam complies with applicable data protection and privacy laws including, but not limited to:

  • European Union: General Data Protection Regulation (GDPR)

  • Ireland: Data Protection Act 2018

  • United Kingdom: UK GDPR and the Data Protection Act 2018

  • United States: Applicable state-level laws including:

    • California Consumer Privacy Act 

    • Virginia Consumer Data Protection Act 

    • Colorado Privacy Act

    • Connecticut Data Privacy Act

    • Other state laws as they come into effect

  • Australia: Privacy Act 1988 and the Australian Privacy Principles

  • Singapore: Personal Data Protection Act 2012

Evercam is committed to applying the applicable data protection standards depending on the jurisdiction, the data subject’s location, and the nature of data processing.

Purpose

Evercam collects and uses personal data relating to individuals such as customers, suppliers, employees and others with whom the company interacts. This policy outlines how such personal data must be collected, processed, and stored in a secure and lawful manner, in line with Evercam’s data protection standards and all applicable privacy laws.

Individual Responsibilities

All Evercam staff are responsible for ensuring that personal data is handled in accordance with applicable data protection laws and company standards. All Evercam staff must ensure that personal data is:

  • Collected and processed lawfully, fairly, and transparently

  • Used only for specified, legitimate purposes

  • Accurate, complete, and up-to-date

  • Adequate, relevant, and limited to what is necessary

  • Retained no longer than required

  • Protected through appropriate technical and organizational safeguards

  • Handled in a way that enables data subject rights under applicable laws

Any Data Subject Access Requests or jurisdiction-specific rights requests can be sent to support@evercam.io. Evercam does not charge fees for access requests unless permitted under law or when requests are considered excessive.

Legal Basis for Processing

To ensure lawful processing, Evercam relies on one or more legal bases depending on the specific context, the applicable jurisdiction, and the type of individual whose data is being handled—such as customers, suppliers, employees, or other stakeholders. Evercam relies on one or more of the following legal bases, depending on the jurisdiction:

  • Consent 

  • Performance of a contract

  • Legal obligation

  • Legitimate interests

Core Data Protection Principles

Evercam applies the following principles globally to the data it collects and processes:

  1. Lawfulness, Fairness & Transparency

  2. Purpose Limitation

  3. Data Minimization

  4. Accuracy

  5. Storage Limitation

  6. Integrity & Confidentiality (Security)

  7. Accountability

These principles are modelled in line with the GDPR but aligned with international frameworks such as the OECD Privacy Guidelines, Australian Privacy Principles, Personal Data Protection Act 2012.

Data Security & Breach Management

Evercam uses physical, technical, and administrative controls, including:

  • Data encryption (at rest and in transit)

  • Access controls and authentication

  • Network security monitoring

  • Regular penetration testing

  • Secure development lifecycle

  • Security awareness training

Data breaches will be handled per jurisdictional laws:

  • GDPR/UK GDPR: Notify authorities within 72 hours

  • CCPA/US States: Notify affected individuals without unreasonable delay

  • PDPA (SG): Mandatory notification for significant harm

  • APP 11 (AU): Follow Notifiable Data Breaches scheme

Roles & Governance

Evercam holds overall responsibility for ensuring compliance with applicable data protection laws in all regions where it operates. However, all employees who collect, access, or process personal data also share responsibility for complying with these obligations. Evercam will provide the necessary support, guidance, training, and resources to ensure that staff across all departments can fulfil their responsibilities and uphold the company’s commitment to data protection.

Evercam appoints a Data Protection Officer (DPO) in all regions where required or appropriate. The designated DPO for Ireland (EU), the United Kingdom, Australia and Singapore can be contacted through compliance@evercam.io

The DPO in Evercam is responsible for:

  • Advising Evercam and its employees on data protection obligations

  • Monitoring compliance with data protection laws

  • Overseeing Data Protection Impact Assessments (DPIAs)

  • Serving as the point of contact for data subjects and supervisory authorities

Evercam ensures that the DPO operates with full independence and has access to all necessary resources and leadership support. Local department heads and privacy leads are responsible for enforcing data protection practices in their teams. All staff receive regular training to ensure they understand and fulfill their data protection responsibilities. Evercam also maintains detailed documentation, including Records of Processing Activities (ROPAs), and conducts internal audits to assess and improve compliance.

Procedures and Guidelines

Evercam supports this policy through a set of internal procedures and guidelines designed to ensure consistent and compliant data handling practices across the organization.

  • Consent mechanisms

  • Cookie and tracking disclosures

  • Retention and disposal schedules

  • Vendor due diligence

  • Staff onboarding/offboarding

  • Incident response protocols

Review & Monitoring

This policy is reviewed annually or earlier if required by:

  • Legislative changes 

  • Regulatory guidance

  • Operational or technical shifts

—————————————————————

Created by: Compliance Manager (ISMS team)

Creation date: 01.12.2022

Last modification date: 10.07.2025

Document approver: DPO