Confidentiality Procedure

Confidentiality

v  PDCA and the related personnel in respective programs shall maintain confidentiality with respect to information gathered while executing any service through maintaining the PDCA Code of Conduct and Confidentiality Procedure

v  PDCA and the related personnel in respective programs shall take reasonable steps to prevent unauthorized access to information collected during or relating to respective programs. This includes information available on the respective platform/portal/template or other appropriate means through access control and role definition in the respective portal.

v  PDCA International Ltd. is committed to protecting the privacy and confidentiality of information related to clients, auditors, staff, shareholders, and stakeholders. This policy guides legal, standard all schemes, clients or approval, and ethical obligations regarding privacy and confidentiality.

v  PDCA shall retain all social compliance audit documents in an audit database for a minimum of ten (10) years, available for review by the internal team, schemes, vendors, retailers, client requirements, and local laws (if applicable), or any contractual agreements (if any). Personally identifiable information shall not be disclosed.

Confidentiality Measures

PDCA International Ltd. safeguards the confidentiality of information obtained during audit/certification activities across all organizational levels, including external representatives.

The policy includes:

v  Protection of proprietary client information against misuse and unauthorized disclosure.

v  Authorized information exchange with other certification bodies, accreditation bodies, and standard owners for verification purposes.

v  Employee prohibition on disclosing confidential information to third parties without client consent.

v  Confidential information includes audit reports, non-conformities, and financial data.

Exclusions:

v  Clients are pre-informed about any intended public disclosure of information.

v  Disclosure is required to complete the report/service/ obtain legal or ethical advice according to the standards, customer, client/retailer, and regulatory requirements.

v  Legal or contractual obligations to release information will be followed, with client notification unless prohibited by law.

v  Exclusions in the audit/verification/certification contract include safeguarding standard integrity, client transitions to different certification agencies, and agreed public disclosures on standard owners' websites.