MAYi

1. Objective

MAYI is committed to protecting the privacy of all personal information and complying fully with applicable data protection laws. This policy ensures that all MAYI team members understand their responsibilities regarding the handling of personal and sensitive information collected and processed during operations.

2. Scope

This policy applies to all processes, operations, and activities conducted by MAYI, including virtual and in-person meeting data collection, analysis, storage, and retrieval within the scope of MAYI's Information Security Management System (ISMS).

3. Policy Statement

"Personal Data" includes any data related to an identified or identifiable individual. For MAYI, this specifically encompasses data such as meeting transcripts, participant information, customer business data, and organizational insights generated by our AI.

4. Principles for Processing Personal Data

MAYI ensures personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate business-related purposes
• Adequate, relevant, and strictly limited to what is necessary for delivering MAYI services
• Accurate, up-to-date, and rectifiable upon request
• Stored in an identifiable form no longer than necessary
• Protected with robust security measures

5. Security of Personal Data

MAYI uses industry-leading technical and organizational measures to protect personal data:

• Data encryption at rest and in transit
• Access restricted strictly to authorized personnel
• Regular security audits and penetration testing
• Advanced security measures such as Data Leak Prevention (DLP) tools and data masking, especially given the sensitivity of business insights and transcribed meetings

6. Data Subject Rights

MAYI respects and enforces the following rights:

• Right to information: Clear communication on data use
• Right of access: Individuals can access personal data stored by MAYI
• Right to data portability: Data provided in a machine-readable format
• Right to erasure ("right to be forgotten"): Deletion of personal data upon request
• Right to rectification: Correction of inaccurate or incomplete data
• Right to object: Ability to object to data processing
• Right to restrict processing: Limiting data processing per individual's wishes
• Rights related to automated decision-making and profiling: Human oversight provided upon request
• Right to non-discrimination: Protection against discrimination for exercising these rights

7. Staff Training

All MAYI employees must annually complete data protection training, emphasizing the handling of sensitive meeting data, organizational insights, and personal information related to customers and participants.

8. Data Protection Officer

MAYI's appointed Data Protection Officer (DPO) oversees all data protection initiatives and compliance efforts. Responsibilities are detailed in MAYI's Information Security Policy.

9. Document Security Classification

All documents and data under this policy fall within MAYI's internal "Confidential" classification, detailed in the Data Classification Policy.

10. Non-Compliance

Compliance with this policy is mandatory, monitored through audits, automated reporting, and feedback mechanisms. Non-compliance may result in disciplinary actions, including termination, depending on the severity and repercussions of the breach.

11. Responsibilities

The Data Protection Officer is responsible for policy approval and oversight. Each MAYI department and staff member is responsible for the implementation and adherence to data protection measures within their operational area.