The purpose of this policy is to establish and communicate Camis' commitment and approach to employment accommodations for individuals with disabilities in the workplace.

 

Policy Statement

This policy outlines the principles and practices that Camis will follow with respect to the collection, storage, and dissemination of confidential information.

This policy has been designed to ensure that all personal information, as well as general information of a confidential nature, is handled appropriately and is in compliance with all applicable privacy acts.

Camis is fully committed to protecting the privacy and security of its employees, suppliers, contractors, customers, and confidential business information. Employees are obligated to ensure that personal information, to which they have access remains confidential, is only used for the purposes for which it was collected, and is not disclosed to third parties, vendors, outside organizations, or peers without authorization or used for personal gain. Employees are required to follow all procedures regarding collection, use and disclosure of personal information outlined in this policy.  Personal information is to be used only for the intended purposes for which it was collected. Personal information which is no longer retained will be anonymized, disposed of, or destroyed. Instances of noncompliance against the privacy policy will be documented and reported, and corrective and disciplinary actions taken where appropriate.

Employees who disclose personal information, contrary to this policy will be subject to disciplinary measures, up to and including termination with just cause.

Personalized information collected on behalf of our clients as part of Camis services is stored in a secure manner compliant with PCI-DSS.  The types of information collected and stored that are available for reporting, transfer, modification, restricting further processing and destruction are identified here - Personalized Data Retained.  Any request from a customer for access to or destruction of this data will be received and validated by Camis clients that are the owner of that data.  Upon request from a client, the Client Care Department of Camis will respond accordingly.  Each of the various Camis support teams will address the data activity requested that their department is responsible for.  In the event that a breach of personal or private information is suspected or reported, this will be classified as a Significant Issue and the process described in IT Incident Response Plan will be followed.

Data subjects visiting Camis hosted websites will be informed and required to acknowledge, the types of personal information that will be collected and used during the data subjects interaction with the website.

In the event of changes to the personal information that Camis collects on our client's reservation websites, Camis will request and validate that client's privacy policies reflect these changes and are available for review by data subjects.  In the event that changes to the personal information that Camis collects for Camis purposes, all affected data subjects will be notified of this change.

Responsibility

Employees are responsible for:

  • Being familiar with, and following policies regarding personal and confidential information
  • Managing their own personal information and ensuring the information in their personnel file is up-to-date and accurate.
  • Ensuring that in the normal course of their work they do not release any personal information about an employee to any other employee or outside third party.
  • Immediately reporting any breaches of confidentiality to their supervisor
  • Ensuring passwords and access to personal, privileged, and confidential data is kept private.
  • Ensuring that any personal information released is done so with the expressed written consent of that individual.

Managers/Supervisors are responsible for:

  • Ensuring that all personal information they are in possession of is properly stored, secured, and maintained in a locked area.
  • Ensuring they do not distribute any personal information about any employee without the expressed written permission of the employee.
  • Ensuring any documentation resulting from a formal meeting with an employee is provided with both to the employee and to Human Resources.
  • Obtaining; personal, privileged, and confidential or client information from terminated employees

Human Resources are responsible for:

  • Ensuring all employee files are stored and secured in a responsible manner.
  • Ensuring that no personal information is ever released to another party without the expressed written consent of the employee.
  • Responding to employee requests to access their files.
  • Ensuring proper disposal of unnecessary files and/or information
  • Providing appropriate personal information to payroll staff in order to get the employee registered on the payroll system.

Camis Personnel Information

Data pertaining to employment will be stored online in an HR Management solution (bamboohr.com) and in official personnel files within the Human Resources offices. The confidentiality and security of personnel files is extremely important. An employee’s supervisor, high-level managers, human resources and payroll will have access to an employee’s record without the consent of the employee. Personal information required by law, court order and a subpoena or for legitimate business purposes, including the administration of benefit plans, will be disclosed with specific consent.

Employees may request access to their own personnel file by making an arrangement with Human Resources. Employees must provide at least 24 hours written notice of this request and may obtain a copy of any previously signed document in their file. Visual access to an employees personnel file must be done with a member of the Human Resources department present. No material from the file may be removed.

Camis Personnel Benefit Administration

Data pertaining to benefits will be placed in an official personnel file in Human Resources. In order to maintain and authorize the payment and research of benefits providers, we may disclose your personal information to benefit providers or brokers. If we use the expertise of an outside company to do work involving your personal information, we will select only those companies whose privacy policies are comparable to our Code.

Foreign Demand Notices – Client Information

In the case of government surveillance, Camis has taken steps to ensure that there are no “back doors” and no direct or unfettered government access to customer data. We impose carefully defined requirements for government and law enforcement requests for customer data.

  • We will not disclose data hosted on Camis servers to a government agency unless required by law.
  • If we are compelled by law to disclose customer data, we will promptly notify the customer and provide a copy of the request, unless we are legally prohibited from doing so.

Data Sovereignty – Client Information        

Camis take strong measures to help protect customer data from inappropriate access or use by unauthorized persons, either external or internal and to isolate each customer’s data from one another. The operational processes that govern access to customer data on Camis servers are protected by strong controls and authentication.  Customer data is stored within the country requested by each client which is typically the country the client resides in.  Camis staff with direct access to all data for support purposes are not to store data outside of that country.  Network and domain segmentation for each country has been implemented to help ensure that customer data resides within that country.