Purpose

This policy describes Dinex's approach to good data ethics and the principles that apply to how Dinex treats data ethically correct, responsible and transparent.

Dinex takes its responsibility as data controller seriously, as we want to be perceived as a respected, competent and proper business partner who complies with current legislation and follows developments in good data ethics. This policy for data ethics must ensure this.

Audience

An ethically correct handling of data and personal data is a common concern for all areas of Dinex. The policy for data ethics is based on the personal data we store and process, but the policy also applies to other data that Dinex processes. The policy applies throughout the group and obliges all employees.

Policy Detail

The 3 principles of the Dinex policy on data ethics and responsible handling of personal data.

1. Respect for the privacy of grant recipients, applicants and employees is a fundamental value.
2. All Dinex employees who access personal data, proprietary knowledge, trade secrets etc., have signed a declaration of confidentiality. Any such data is always kept to a minimum in order to fulfil the purpose, is stored securely, kept accurate, retained for no longer than necessary, and is only used for a specific and legitimate business.
3. Dinex only discloses the applicants’ data to authorities if there is an obligation to do so according to legislation and authority decisions.

Use of computer programs, artificial intelligence and algorithms

• We use computer programs, artificial intelligence and algorithms in analysis and evaluations aimed solely at supporting our work to become a better business.
• Artificial intelligence and similar technologies are widely used by consumers, businesses and authorities. We use these technologies to improve the business decision-making processes.
• We will use new technologies, databases and research methods to help the Dinex’s business, by reduced processing time, and tailormade solutions.

Utilization of data

Dinex only collects business-critical data that is considered crucial for the responsible conduct of the business activities. The data collected is considered to be deeply confidential and is treated in full compliance with applicable rules, including the GDPR. Collected data is never passed on to third parties without specific approval from the data provider. General guidelines for Dinex's data ethics:

• Dinex perceives data ethics considerations in compliance with the law
• Dinex strives to develop a "positive error culture" among employees, where openness about errors and problems leads to improvement.
• Employees who access customers' personal data have signed a declaration of confidentiality as well as guidelines for the processing of personal data
• Dinex safeguards the security of the processing of personal data and ensures that these are not stored for a longer period of time than is necessary for the purposes for which the information in question is processed.
• Dinex has a whistle-blower scheme where employees can draw attention to violations of legislation or - internal procedures
• Dinex prioritises that, employees are well-informed about data ethics, data security and correct handling of personal data, among other things through ongoing training, education and in-service training of employees.

Responsibility and validity of data ethics policy

The IT Governance board is responsible for approving Dinex's policy for data ethics. The day-to-day management of data policy is anchored in the IT Governance board. Decisions on the use of data and new technology are also anchored in the IT Governance board, which continuously evaluates the business efforts and ensures that data ethics dilemmas are discussed at management levels and with the involvement of relevant employees.

The policy for data ethics is generally valid for a 3-year period, after which it is revised by the IT Governance board. Should it be deemed necessary, the policy for data ethics may be revised more frequently at the request of the Executive Board or the Board of Directors. An audit must be submitted and approved at an IT Governance board meeting to be valid.

Statement of policy for data ethics must be included in the management's report in the annual accounts or on the Dinex website, Dinex must account for policies on the data ethics, for the first time in connection with the presentation of the annual report for 2021. The IT Governance board is responsible for preparing the material, however it is made by the IT director.