Information Security Policy for BREADX PAY (BC) Limited

Effective Date: 20-04-2024

1. Purpose

This Information Security Policy outlines the measures BREADX PAY (BC) Limited employs to protect the security, confidentiality, and integrity of the personal information collected through our website, www.breadxpay.com, in compliance with the Personal Information Protection Act (PIPA) of British Columbia and other applicable laws.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of BREADX PAY (BC) Limited who have access to our systems and data.

3. Information Security Objectives

  • Confidentiality: Ensure that personal information is accessible only to authorized individuals.

  • Integrity: Maintain the accuracy and completeness of information and processing methods.

  • Availability: Ensure that authorized users have access to relevant information when needed.

4. Data Collection and Handling Procedures

  • Personal information will be collected lawfully and fairly, with the individual’s knowledge and consent.

  • Data will be relevant to the purposes for which it is to be used, and to the extent necessary for those purposes, should be accurate, complete, and up-to-date.

5. Data Protection Measures

  • Encryption: Use encryption technologies to protect data transmitted over the internet or stored on our servers.

  • Access Control: Implement strict access controls to restrict who can view personal information.

  • Network Security: Utilize firewalls, intrusion detection systems, and regular security audits to protect against unauthorized access to our networks.

  • Physical Security: Secure physical access to our systems and storage areas.

6. Incident Response Plan

  • In the event of a security breach, BREADX PAY (BC) Limited will implement an incident response plan to contain, assess, and mitigate any damages. This includes notifying affected individuals and regulatory bodies as required by law.

7. Third-Party Service Providers

  • Ensure that all third-party service providers with access to personal information comply with this policy and PIPA. Contracts with service providers will include clauses that guarantee the same level of information security as provided in-house.

8. Training and Awareness

  • Regularly train employees on the importance of information security and the specific measures required by this policy.

  • Update training materials to reflect new security practices and technologies.

9. Policy Review and Update

  • This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with applicable laws and regulations.

10. Compliance Monitoring

  • Regular audits will be conducted to ensure compliance with this policy and relevant legal requirements.

11. Contact Information

For any questions or concerns regarding this policy, please contact us at:

Email: support@breadxpay.com