At MK Hotel Four Seasons, we are committed to protecting the personal and sensitive information of our guests, employees, and partners. This Data Security Policy outlines our procedures and guidelines for ensuring the confidentiality, integrity, and availability of our data.
Scope
This policy applies to all employees, contractors, vendors, and partners who handle or have access to our data.
Data Classification
We classify our data into three categories:
- Public: Data that is publicly available and does not require protection.
- Internal: Data that is sensitive but not confidential, such as employee information.
- Confidential: Data that is highly sensitive and requires strict protection, such as guest personal and financial information.
Data Protection Measures
We implement the following measures to protect our data:
- Access Control: Access to our data is restricted to authorized personnel only.
- Encryption: We use industry-standard encryption protocols to protect our data in transit and at rest.
- Firewalls and Intrusion Detection: Our systems are protected by firewalls and intrusion detection systems to prevent unauthorized access.
- Regular Backups: We perform regular backups of our data to ensure business continuity in case of a disaster.
- Secure Payment Processing: We use a secure payment gateway to process transactions, ensuring that sensitive financial information is protected.
Data Breach Response
In the event of a data breach, we will:
- Notify Affected Parties: Notify guests, employees, and partners whose data may have been compromised.
- Conduct an Investigation: Conduct a thorough investigation to determine the cause and scope of the breach.
- Take Corrective Action: Take corrective action to prevent similar breaches from occurring in the future.
Compliance
We comply with all applicable data protection laws and regulations, including:
- Information Technology Act, 2000
- Payment Card Industry Data Security Standard (PCI DSS)
Review and Revision
This policy will be reviewed and revised annually or as needed to ensure it remains effective and compliant with changing regulations.
By implementing this Data Security Policy, we aim to protect our data and maintain the trust of our guests, employees, and partners.
