I. Purpose
This policy explains how the HR department at SEIF Pharmacies collects, uses, stores, and protects employee data and email communications.
It follows the Egyptian Personal Data Protection Law (Law 151/2020), the Constitution, the Labour Law, and other relevant regulations.
II. Legal Basis
Constitution (Article 57): Protects the confidentiality of communications, including emails.
Personal Data Protection Law (Law 151/2020):
Personal data may only be processed with consent, a legal obligation, or contractual necessity.
Sensitive data (health, religion, biometrics, financial, or children’s data) requires explicit consent and special authorization.
Companies must appoint and register a Data Protection Officer (DPO).
Data must not be stored longer than necessary.
International data transfers require approval unless the destination has equivalent protections.
Breaches must be reported to the authority within 72 hours and to affected individuals within 3 working days.
Penalties include fines up to EGP 5 million and possible imprisonment.
Labour Law: Employers may only collect data directly related to employment. Private employee communications may not be monitored.
III. Key Terms
Personal Data: Any information that identifies a person (e.g., name, ID, contact details).
Sensitive Data: Health, biometric, financial, religious, or children’s data.
Processing: Any action taken with data (collecting, storing, sharing, deleting).
Controller: SEIF Pharmacies HR Department.
Processor: A third party handling data under HR’s instructions.
DPO: The appointed Data Protection Officer.
IV. Collection & Use
Only information required for HR functions (recruitment, payroll, benefits, contracts, compliance) is collected.
Employees and applicants will be informed why their data is collected, how it is used, and how long it is kept.
Consent is mandatory for sensitive data.
Data will only be retained for legally required or necessary periods.
V. Email Use
HR email systems are for official business only.
Personal or private emails are not accessed or monitored unless legally required.
Emails containing personal data must be encrypted and securely stored.
Only authorized HR staff may access official email records.
VI. Security Measures
Data access is restricted to authorized personnel only.
Encryption, secure backups, and regular security checks are mandatory.
HR conducts audits to confirm compliance with legal standards.
VII. Data Transfers
Personal data cannot be sent outside Egypt without approval, unless the receiving country offers equivalent protection.
Explicit employee consent is required before any cross-border transfer.
VIII. Data Breaches
HR must report breaches to the Data Protection Center within 72 hours.
Affected individuals must be notified within 3 working days, with details of the incident and corrective measures.
IX. Employee Rights
Employees and applicants have the right to:
Know what data is collected and why.
Access, correct, or delete their personal data.
Limit or object to data processing.
Withdraw consent at any time.
Request portability of their data, where applicable.
X. Responsibilities
HR Department: Ensures lawful collection and processing.
DPO: Oversees compliance, manages rights requests, and coordinates breach responses.
Employees: Must handle data responsibly and report concerns.
XI. Enforcement
Any violation may result in disciplinary action, up to dismissal.
Serious breaches may trigger legal and financial penalties under Egyptian law.
XII. Policy Review
This policy will be reviewed annually, or sooner if laws or regulations change, to ensure compliance and best practice.