Nouriva Logo

Date: August 2025

This Data Protection and Security Policy outlines Nouriva Wellness Centre Limited's commitment to safeguarding both digital and physical client data. We are dedicated to ensuring the confidentiality, integrity, and availability of all information in compliance with applicable data protection laws and professional standards.

1. Purpose

The purpose of this policy is to establish clear guidelines for managing, storing, accessing, and protecting all forms of client and organizational data to prevent unauthorized access, loss, or misuse.

2. Scope

This policy applies to all staff, contractors, and volunteers of Nouriva Wellness Centre Limited who handle, store, process, or transmit client or organizational data, whether in physical or electronic form.

3. Data Collection and Use

Data is collected solely for the purpose of delivering high-quality care, treatment, and support services. Clients will be informed of the purpose and lawful basis for processing their data, and consent will be obtained where required.

4. Data Storage and Security

a) Digital data shall be stored in secure, password-protected systems with appropriate encryption.

b) Physical records shall be stored in locked filing cabinets with controlled access.

c) Access to data is limited to authorized personnel only.

d) Data backups shall be conducted regularly and stored securely.

5. Confidentiality

All staff must sign a confidentiality agreement before accessing client data. Disclosure of client data to unauthorized persons is strictly prohibited and may lead to disciplinary action.

6. Data Retention and Disposal

Client records will be retained for the legally required period. Upon expiry, data will be securely destroyed, whether in paper form (shredding) or digital form (permanent deletion).

7. Data Breach Response

In the event of a data breach, the Data Protection Officer (or designated lead) will be informed immediately.

  • An investigation will be conducted
  • Affected individuals will be notified as required by law
  • Corrective measures will be implemented

8. Staff Training

All staff will receive regular training on data protection laws, confidentiality, and secure handling of both digital and physical data.

9. Compliance

Failure to comply with this policy may result in disciplinary action, including termination of employment, and potential legal consequences.

10. Approval and Review

This policy will be reviewed annually or as needed to reflect changes in legal, technological, or operational requirements.