Version: 1.0

Date: May 1, 2024

Review Date: May 3, 2025

Prepared by: Orpheus Lummis

Approved by: Orpheus Lummis

1. Introduction

This Data Protection and Security Policy outlines the commitment of Horizon Omega to protect the data of our clients, employees, and partners. As a non-profit organization federally registered in Canada, we adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) to ensure the privacy and security of personal information.

2. Scope

This policy applies to all forms of data, including electronic and paper-based, managed by Horizon Omega across all departments and projects.

3. Objectives

• To comply with the legal requirements under Canadian data protection laws.
• To protect personal information from unauthorized access, disclosure, alteration, and destruction.
• To ensure that our data handling practices are transparent and accountable.

4. Definitions

• Personal Information: Information about an identifiable individual that is recorded in any form.
• Data Breach: A security incident where personal information is accessed, disclosed, altered, or destroyed without authorization.

5. Data Protection Principles

Our organization adheres to the following principles of data protection:

• Lawfulness, Fairness, and Transparency: Data is processed legally, fairly, and in a transparent manner.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.