This Data Protection Policy defines Tawzef’s commitment to safeguarding personal, client, and employee data. It applies to:
Tawzef for Recruitment LLC and Tawzef for Business Consultancy LLC (collectively “Tawzef”).
All Tawzef employees, contractors, consultants, and third parties processing data on Tawzef’s behalf.
All forms of data (electronic, paper, verbal).
The policy ensures compliance with:
Egyptian Personal Data Protection Law No. 151 of 2020.
GDPR principles (for international clients).
Applicable ISO and international best practices.
Tawzef commits to the following principles of data protection:
Lawfulness, Fairness & Transparency: Data is collected and processed only for legitimate business purposes and communicated clearly to data subjects.
Purpose Limitation: Data is processed solely for the purpose for which it was collected.
Data Minimization: Only essential data is collected and retained.
Accuracy: Data is regularly updated and corrected when inaccuracies are identified.
Storage Limitation: Data is retained only for as long as legally or contractually necessary.
Integrity & Confidentiality: Data is secured against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Management: Ensure compliance with this policy and provide resources for enforcement.
IT & Security Team: Maintain technical safeguards, monitor threats, and ensure resilience.
HR Department: Oversee employee training, NDAs, and awareness.
Employees: Follow confidentiality requirements, report incidents, and handle data responsibly.
All employees sign Non-Disclosure Agreements (NDAs).
Role-based access rights restrict data access to authorized personnel only.
Visitors and third parties are restricted from sensitive data areas.
Zoho One (HRIS): Operates on ISO/IEC 27001, 27017, 27018, 27701, 9001, and 22301 certified platforms.
Microsoft 365: Provides encryption in transit and at rest, Multi-Factor Authentication (MFA), Data Loss Prevention (DLP), Advanced Threat Protection (ATP), and secure cloud backups.
Corporate network protected by firewalls, intrusion detection, and monitoring.
Annual data protection and cybersecurity training is mandatory for all staff.
Refresher sessions are provided in line with regulatory or system updates.
All data breaches or suspected incidents must be reported immediately to the IT & HR teams.
A documented escalation and notification procedure ensures rapid containment and communication with affected parties.
Employee and client records are retained only for statutory or contractual periods.
Upon expiry, records are securely destroyed through shredding (paper) or certified digital wiping (electronic).
Tawzef respects the rights of individuals to:
Access their personal data.
Request correction of inaccurate data.
Request deletion when legally permissible.
Object to unlawful processing.
Requests are handled promptly by the HR department, with escalation to management as needed.
This policy is reviewed annually and updated in line with regulatory changes.
Compliance is monitored through internal audits and management reviews.
Violations may result in disciplinary action, up to and including termination of employment.
Employees and stakeholders can report suspected breaches or violations confidentially through:
This Data Protection Policy has been approved by Tawzef’s senior management and applies across all business units and entities. It is reviewed annually, or sooner if required by law or business changes.