Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
ShortURL | Playbook | Assistant
This section contains the list of Policies that guide The IO Foundation as an organization in order to achieve its Mission and realize its Vision.
The IO Foundation’s policy framework is a tapestry woven with the threads of European Enlightenment, a period marked by the burgeoning of reason, individualism and a pursuit for knowledge. Our policies are constructed upon a foundation of timeless values that have been pivotal in shaping modern societies.
Humanism and the Value of human life: We emphasize the importance of each individual's dignity and worth by cherishing the intrinsic value of human life, human rights and equality of opportunity.
Individual Liberties and Autonomy: We respect individual autonomy, fostering freedom of expression, promoting freedom of thought and upholding the presumption of innocence to reflect our commitment to personal freedoms and civil liberties.
Rationality and Empiricism: We uphold objective reality by embracing the scientific method and the encouragement of empirical evidence. We highlight a focus on reason, scientific inquiry and evidence-based understanding as foundations for knowledge and policy.
These cornerstone values underpin our commitment to devising solutions that are effective and human-centric as much as technically robust and anchored in the bedrock of objective reality.
The following is a list of the existing policies guiding The IO Foundation. Each policy is described in its own separate document.
The IO Foundation operates as a global network, guided by a cohesive framework of policies designed to uphold our standards, mission and vision across all regions in which we operate. These policies serve as the backbone of our governance, ensuring consistency, accountability and integrity throughout the organization.
Taking into account that the international landscape is complex, with various jurisdictions imposing their own legal and regulatory requirements, there are circumstances where our policies might require adaptations with local regulations. As a result, specific policies may partially be overridden or modified in order to achieve compliance with the applicable laws and regulations.
The IO Foundation is dedicated to not only maintaining compliance but also to providing a clear understanding of how its policies apply within different legal contexts. Whenever such customizations may be necessary, they will be clearly documented. These exceptions will be noted directly within the text of the corresponding organization's policy documents.
TIOF's Policies are implemented through corresponding Handbooks, which are referenced in their text.
The IO Foundation is committed to implement the following improvements on its policies:
Optimizing them to be reusable by other organizations
Expanding their documentation with process-driven diagrams
Making them machine-readable
Global Policy | Summary |
---|---|
Outlines The IO Foundation's zero-tolerance policy towards bribery and corruption, specifying definitions, scope, procedures and guidelines for reporting and handling such incidents.
Outlines The IO Foundation's policies and procedures against harassment and bullying, including definitions, scope, reporting mechanisms and disciplinary actions for violations.
Outlines The IO Foundation's policy on identifying, disclosing, and managing conflicts of interest among its directors, officers and other members.
Outlines The IO Foundation's commitment to equal opportunities and non-discrimination in all aspects of employment, including recruitment, training and promotion.
Outlines The IO Foundation's commitment to health and safety, detailing responsibilities, procedures and guidelines for ensuring a safe working environment for all TIOF Members and Contributors.
Outlines The IO Foundation's stance on sickness absence, including procedures for reporting, evidence of incapacity, sick pay arrangements and handling long-term or persistent absence.
Outlines the procedures and protections for reporting suspected wrongdoing within The IO Foundation, emphasizing confidentiality, standards and the safeguarding of whistleblowers against retaliation.
🚧 [Final list in progress]
Version 1.1 | This Dhatham House Rule was published on 01 January 2019.
ShortURL | Playbook | Assistant
The DHATHAM v0.5 House Rule, which is an evolution from the CHATHAM House Rule in response to the new digital realities, stipulates:
When a digital interaction, or part of thereof, is held under the DHATHAM House Rule, participants are free to use the information received and to produce digital materials (audio, photos, video) yet neither the identity nor the affiliation of contributors or participants may be revealed, tagged or implied without their expressed consent.
In other words, be considerate and ask for permission before capturing a digital representation of others or posting about them on social media or any other digital medium.
The Dhatam House Rule is a live statement that is open for adaptation and improvements.
To participate in the next iteration of the rule, check the Dhatam House Rule live discussion.
Version 1.0 | This Policy was approved on 01 March 2022.
Namespace: TIOF.Policy.ACAB | ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to conducting its advocacy and all of its initiatives in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, transparently, fairly, with integrity and under the observance of the law in our advocacy, operations, financial management and relationships.
"Bribe" means a financial or other inducement or reward for action which is illegal, unethical, a breach of trust or improper in any way. Bribes can take the form of (although not limited to) money, gifts, loans, fees, hospitality, services, discounts, the award of a contract or any other advantage or benefit.
"Bribery" includes offering, promising, giving, accepting or seeking a bribe.
All forms of bribery are strictly prohibited.
If you are unsure about whether a particular act constitutes bribery, raise it with your corresponding Team Human Resources Coordinator.
Specifically, you must not:
give or offer any payment, gift, hospitality or other benefit in the expectation that a transaction advantage will be received in return or to reward any support received;
accept any offer from a third party that you know or suspect is made with the expectation that we will provide a transaction advantage for them or anyone else;
give or offer any payment (sometimes called a facilitation payment) to a government official in any country to facilitate or speed up a routine or necessary procedure.
You must not threaten or retaliate against another person who has refused to offer or accept a bribe or who has raised concerns about possible bribery or corruption.
This Policy does not prohibit the giving or accepting of reasonable and appropriate hospitality for legitimate purposes such as building relationships, maintaining our image or reputation or marketing our advocacy, initiatives and services.
A gift or hospitality will not be appropriate if it is unduly lavish or extravagant, or could be seen as an inducement or reward for any preferential treatment (for example, during contractual negotiations or a tender process). All such tokens of appreciation are to be notified to your corresponding Team Human Resources Coordinator.
Gifts must be of an appropriate type and value depending on the circumstances and taking account of the reason for the gift. Gifts must not include cash or cash equivalent (such as vouchers) and in any case be given in secret.
Gifts must be given in the organization's name, not your name.
Promotional gifts of low value such as branded stationery may be given to or accepted from existing contributors, suppliers and partners.
You must declare and keep a written record of all hospitality or gifts given or received. You must also submit all expenses claims relating to hospitality, gifts or payments to third parties in accordance with our Financial procedures and record the reason for expenditure.
All accounts, invoices and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness.
Accounts must not be kept "off-book" to facilitate or conceal improper payments.
If you are offered a bribe, or are asked to make one, or if you suspect that any bribery, corruption or other breach of this policy has occurred or may occur, you must report it in accordance with our Whistleblowing Policy as soon as possible.
We do not seek to interfere with the personal lives or conduct of our Members. However, some times certain conducts outside of work can interfere with our legitimate advocacy and/or initiatives' interests.
You are expected to conduct your personal affairs in a manner that doesn't adversely affect the integrity, reputation or credibility of yourself and/or The IO Foundation.
Illegal or immoral conduct outside of work by any Member that adversely affects our legitimate advocacy and/or business interests, or other TIOF Member's ability to perform their responsibilities, will not be tolerated.
Version 1.5 | This Code of Conduct was approved on 01 January 2021.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
The IO Foundation encourages you to reuse this Code of Conduct if you find it useful.
This Code of Conduct applies to:
All TIOF Members
It also applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events as well as when representing the TIOF in public spaces.
Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event.
We as members and contributors, pledge to make the participation in our community a harassment-free experience for everyone, regardless of any personal characteristic dimension that essentially amplifies differences among people instead of embracing their similarities.
By participating in this activity, we pledge to act and interact in ways that contribute to an open, welcoming and healthy community.
We likewise pledge to strive to achieve TIOF's mission and vision by embracing its values, which will inform our decisions at all times. Finally, we will be observant of the Dhatham House Rule in all of our digital interactions.
As an international organization that heavily relies in the free exchange of ideas, we pledge that:
We will never discipline or fire employees, dismiss volunteers or any other member associated with TIOF on the basis of pressure from online activism or other shapes of public & private pressure and/or shaming. We respect and adhere to both the principles of intent and of presumption of innocence and will always proceed with due diligence to investigate and resolve conflict under the framework provided by the Law.
We have no interest in our members' political opinions and how they choose to express themselves outside the workplace is by no means up to TIOF to judge or act upon.
We will not probe into our members' thoughts with “unconscious bias training” (or any such similar initiatives) or force them to undertake workshops that presuppose the existence of “systemic injustice” in any form or shape.
TIOF will always circumscribe its statements and work strictly towards advancing its Data-Centric Digital Rights advocacy, unburdened by fealty to any other causes, political or ideological, or claims to promote certain “values”. Our sole aim is to make a positive impact to promote better and safer technology under the guidance of the DCDR Principles.
While we won't engage and waste time and resources in such public debates, we will not tolerate the public shaming of either members or contributors should they cause offense (even perceived), either through a joke or poor phrasing, and will instead seek to resolve internally the disputes that naturally occur when human beings work together. We recognize that absolutely everyone is a person in constant evolution and change and therefore care about intentions just as much as consequences.
Examples of behavior that contributes to a positive environment for our community include:
Acting rationally
Demonstrating empathy and kindness towards other people
Being respectful of differing opinions, viewpoints and experiences
Giving and gracefully accepting constructive feedback
Accepting responsibility and apologizing to those affected by our mistakes and learning from the experience
Refusing to weaponize others' mistakes
Focusing on what is best, not just for us as individuals but for the overall community and project
Always remember: We have far more in common than that which divides us.
Jo Cox
Examples of unacceptable behavior include:
The use of sexualized language or imagery and sexual attention or advances of any kind
Note: There is nothing wrong with the above, there are simply other places for it
Trolling, insulting or otherwise derogatory comments and personal or political attacks
Public or private harassment
Publishing others' private information, such as (although not limited to) a physical or email address, without their explicit permission
Please refer the Dhatham House Rule.
Other conduct which could reasonably be considered inappropriate in a professional setting
TIOF leaders are responsible for clarifying and enforcing the standards of acceptable behavior described in this Code of Conduct and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive or otherwise harmful.
TIOF leaders have the right and responsibility to remove, edit or reject comments, commits, code, issues and other contributions that are not aligned to this Code of Conduct and will communicate reasons for those moderations when appropriate.
Instances of abusive, harassing or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at Contact@TheIOFoundation.org. All complaints will be reviewed and investigated promptly and fairly.
All members are obligated to respect the privacy and security of the all the parties involved in any incident.
TIOF leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested and/or required.
Impact: A violation through a single incident or series of actions.
Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in TIOF spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
Impact: A serious violation of community standards, including sustained inappropriate behavior.
Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
Consequence: A permanent ban from any sort of public interaction within the community.
This Code of Conduct is adapted from the Contributor Covenant, version 2.0.
Other sources of inspiration are:
Version 1.0 | This Policy was approved on 01 December 2023.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Conflicts of Interest that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to maintaining the highest standards of integrity and transparency. Because conflicts of interest can compromise the efficacy of our organization, erode public trust and contradict our core values the organizations maintains a proactive avoidance of conflicts of interest among its members.
Any director, principal officer, or member of a committee with the board of director’s delegated powers, who has a direct or indirect financial interest, as defined below, is an interested person.
A person has a financial interest if the person has, directly or indirectly, through business, investment, or family:
An ownership or investment interest in any entity with which the Organization has a transaction or arrangement;
compensation arrangement with the Organization or with any entity or individual with which the Organization has a transaction or arrangement; or
A potential ownership or investment interest in, or compensation arrangement with, any entity or individual with which the Organization is negotiating a transaction or arrangement.
Compensation includes direct and indirect remuneration as well as gifts or favors that are not insubstantial.
A financial interest is not necessarily a conflict of interest. Under Article III, Section 2, a person who has a financial interest may have a conflict of interest only if the board of directors or the appropriate governing committee decides that a conflict of interest exists.
In connection with any actual or possible conflict of interest, an interested person must disclose the existence of the financial interest and be given the opportunity to disclose all material facts to the directors and members of committees with board of directors delegated powers considering the proposed transaction or arrangement.
After disclosure of the financial interest and all material facts, and after any discussion with the interested person, he/she shall leave the board of directors or committee meeting while the determination of a conflict of interest is discussed and voted upon. The remaining board or committee members shall decide if a conflict of interest exists.
An interested person may make a presentation at the board of directors or committee meeting, but after the presentation, he/she shall leave the meeting during the discussion of, and the vote on, the transaction or arrangement involving the possible conflict of interest.
The chairperson of the board of directors or committee shall, if appropriate, appoint a disinterested person or committee to investigate alternatives to the proposed transaction or arrangement.
After exercising due diligence, the board of directors or committee shall determine whether the Organization can obtain with reasonable efforts a more advantageous transaction or arrangement from a person or entity that would not give rise to a conflict of interest.
If a more advantageous transaction or arrangement is not reasonably possible under circumstances not producing a conflict of interest, the board of directors or committee shall determine by a majority vote of the disinterested directors whether the transaction or arrangement is in the Organization’s best interest, for its own benefit, and whether it is fair and reasonable. In conformity with the above determination, it shall make its decision as to whether to enter into the transaction or arrangement.
If the board of directors or committee has reasonable cause to believe a member has failed to disclose actual or possible conflicts of interest, it shall inform the member of the basis for such belief and afford the member an opportunity to explain the alleged failure to disclose.
If, after hearing the member’s response and after making further investigation as warranted by the circumstances, the board of directors or committee determines the member has failed to disclose an actual or possible conflict of interest, it shall take appropriate disciplinary and corrective action.
The minutes of the board of directors and all committees with board delegated powers shall contain:
The names of the persons who disclosed or otherwise were found to have a financial interest in connection with an actual or possible conflict of interest, the nature of the financial interest, any action taken to determine whether a conflict of interest was present, and the board of directors’ or committee’s decision as to whether a conflict of interest in fact existed.
The names of the persons who were present for discussions and votes relating to the transaction or arrangement, the content of the discussion, including any alternatives to the proposed transaction or arrangement, and a record of any votes taken in connection with the proceedings.
A voting member of the board of directors who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member’s compensation.
A voting member of any committee whose jurisdiction includes compensation matters and who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member’s compensation.
No voting member of the board of directors or any committee whose jurisdiction includes compensation matters and who receives compensation, directly or indirectly, from the Organization, either individually or collectively, is prohibited from providing information to any committee regarding compensation.
Each director, principal officer and member of a committee with board of directors’ delegated powers shall annually sign a statement which affirms such person:
Has received a copy of the conflicts of interest policy;
Has read and understands the policy;
Has agreed to comply with the policy; and
Understands the Organization is charitable and in order to maintain its federal tax exemption it must engage primarily in activities which accomplish one or more of its tax-exempt purposes.
To ensure the Organization operates in a manner consistent with charitable purposes and does not engage in activities that could jeopardize its tax-exempt status, periodic reviews shall be conducted. The periodic reviews shall, at a minimum, include the following subjects:
Whether compensation arrangements and benefits are reasonable, based on competent survey information and the result of arm’s length bargaining.
Whether partnerships, joint ventures, and arrangements with management organizations conform to the Organization’s written policies, are properly recorded, reflect reasonable investment or payments for goods and services, further charitable purposes and do not result in inurement, impermissible private benefit or in an excess benefit transaction.
When conducting the periodic reviews as provided for in Article VII, the Organization may, but need not, use outside advisors. If outside experts are used, their use shall not relieve the board of directors of its responsibility for ensuring periodic reviews are conducted.
Version 1.0 | This Policy was approved on 01 March 2022.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-harassment and Anti-bullying that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy covers harassment or bullying which occurs in or out of TIOF Spaces, including at TIOF-related events or social functions. It covers bullying and harassment by TIOF Members and also by Contributors, such as customers, suppliers or visitors to our premises.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to providing an advocacy environment free from harassment and bullying and ensuring all Members are treated, and treat others, with dignity and respect.
Harassment is any unwanted physical, verbal or non-verbal conduct that has the purpose of violating a person's dignity or creating an intimidating, hostile, degrading, humiliating or otherwise offensive environment for them. A single incident can amount to harassment.
Harassment also includes treating someone less favorably because they have submitted or refused to submit to such behavior in the past.
Unlawful harassment may involve conduct of a sexual nature (sexual harassment) or may be related to any given personal, immutable characteristic dimension.
Harassment is unacceptable even if it does not fall within any of these categories.
Harassment may include, for example:
Unwanted physical conduct or "horseplay", including assault, touching, pinching, pushing, grabbing and intentionally blocking normal movement or interfering with work;
unwelcomed sexual advances, suggestive behavior or invitations;
offensive e-mails, text messages or otherwise content;
mocking, mimicking or belittling a person's disability;
visual displays such as derogatory or sexually-oriented imagery, photography, cartoons, drawings or gestures.
It is important to note that while all complains of this nature will be examined rigorously, TIOF is a firm defender of both the principles of intent and of presumption of innocence and will always proceed with due diligence to investigate and resolve conflict under the framework provided by the applicable law.
Bullying is purposely offensive, intimidating, malicious or insulting behavior involving the misuse of power that can make a person feel vulnerable, upset, humiliated, undermined or threatened. Power does not always mean being in a position of authority, it can include both personal strength and the power to coerce through fear or intimidation as well as the ability to reassign resources at will.
Bullying can take the form of physical, verbal and non-verbal conduct.
Bullying may include, by way of example:
physical or psychological threats;
overbearing and intimidating levels of supervision;
inappropriate derogatory remarks about someone's performance.
Legitimate, reasonable and constructive criticism of a Member's performance or behavior, as well as reasonable instructions given to them in the course of their responsibilities, will not amount to bullying on their own.
If you are being harassed or bullied, consider whether you feel able to raise the problem informally with the person responsible. You should explain clearly to them that their behavior is not welcome or makes you uncomfortable. If this is too difficult or embarrassing, we encourage you to reach out to your respect Team Human Resources Manager, who can and will provide confidential advice and assistance in resolving the issue either formally or informally.
If informal steps are not possible or appropriate, or have not been successful, you should raise the matter formally under our Grievance Procedures. The complain will be investigated in a timely and confidential manner and will be conducted by someone with appropriate experience and no prior involvement in the complaint, where possible.
Details of the investigation and the names of the person making the complaint and the person accused must only be disclosed on a need to know basis.
We will consider whether any steps are necessary to manage any ongoing relationship between you and the person accused during the investigation.
Once the investigation is complete, we will inform you of our decision. If we consider you have been harassed or bullied by an employee the matter will be dealt with under the Disciplinary Procedures as a case of possible misconduct or gross misconduct. If the perpetrator is a Contributor or any other third party, we will consider what action would be appropriate to deal with the problem.
Whether or not your complaint is upheld, we will consider how best to manage any ongoing working relationship between all the parties concerned.
Members who make complaints or who participate in good faith in any investigation must not suffer any form of retaliation or victimization as a result.
Anyone found to have retaliated against someone in this way, or made accusations under this policy in bad faith, will be subject to disciplinary action under our Disciplinary Procedures
We take false accusations just as seriously as the alleged misconduct.
Should the investigation conclude that the accusation was false, the matter will be dealt with under the Disciplinary Procedures as a case of possible misconduct or gross misconduct.
Information about a complaint by or about a Member may be placed on the Member's personnel file, along with a record of the outcome and of any notes or other documents compiled during the process.
These will be processed in accordance with our Data Protection Policy.
Members are always welcome to request access to their personnel file by requesting it to their corresponding Team Human Resources Manager.
Version 1.0 | This Policy was approved on 01 March 2022.
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Equality of Opportunities that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to equal opportunities and the avoidance of discrimination at work. It applies to all aspects of employment with us, including (although not limited to) recruitment, pay and conditions, training, appraisals, promotion, conduct at work, disciplinary and grievance procedures and termination of employment.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to promoting equal opportunities for all individuals to become TIOF Members.
You and any other applicants, irrespective of the position or type of engagement, will receive equal treatment regardless of any personal immutable characteristic dimension that essentially amplifies differences among people instead of embracing their similarities.
Members must not unlawfully discriminate against or harass other people including current and former TIOF Members or Contributors.
This applies in the workplace, outside the workplace (when dealing with customers, suppliers or other work-related contacts) and on work-related trips or events, including social events.
The following forms of discrimination are prohibited under this Policy and are unlawful:
Direct discrimination: treating someone less favorably because of a given personal characteristic dimension.
Indirect discrimination: a provision, criterion or practice that applies to everyone but adversely affects people with a particular personal characteristic dimension more than others and is not justified.
Recruitment, promotion and other selection exercises such as redundancy selection will be conducted exclusively on the basis of merit and strictly following objective criteria that avoid discrimination. Shortlisting should be done by more than one person if possible.
Applicants should not be asked questions which might suggest an intention to discriminate on the grounds of any given personal characteristic dimension. Should the question be unavoidable, it must be done on the grounds of examining options to overcome observed difficulties.
Applicants should not be asked about health or disability before a position offer is made, except in the very limited circumstances allowed by law: for example, to check that the applicant could perform an intrinsic part of the position (taking account of any reasonable adjustments) or to see if any adjustments might be needed at the interview because of a disability.
Where necessary, position offers can be made conditional on a satisfactory medical check.
Health or disability questions may be included in equal opportunities monitoring forms, which must not be used for selection or decision-making purposes.
If you are disabled or become disabled, we encourage you to tell us about your condition so that we can consider what reasonable adjustments or support may be appropriate.
Part-time and fixed-term Members should be treated the same as comparable full-time or permanent Members and enjoy no less favorable terms and conditions (on a pro-rata basis where appropriate), unless different treatment is (and must be) justified.
Serious cases of deliberate discrimination may amount to gross misconduct resulting in dismissal.
Complaints will be treated in confidence and investigated as appropriate.
Version 1.0 | This Policy was approved on 30 May 2022.
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the necessary arrangements for ensuring The IO Foundation meets its health and safety obligations towards TIOF Members and anyone visiting its premises, or in any way involved with its advocacy and initiatives, that you will need to be aware of while being a Member for TIOF.
You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation values, above anything, the wellbeing of its Members.
Health is a critical matter and the organization will always strive to ensure a healthy and safe environment for its Members and Contributors. Likewise, the organization expects its Members to actively participate in such commitment.
The organization will not tolerate deliberate actions make use of their absences in a judicious manner and will not tolerate abuses.
Health and Safety is a collective effort
All TIOF Members share responsibility for achieving safe working conditions.
You must take care of your own health and safety and that of others, observe applicable safety rules and follow instructions for the safe use of equipment. You must cooperate with Management on health and safety matters, including the investigation of any incident.
The position of Health and Safety Officer, or HSO, unless otherwise specified, falls on the [TIOF] Team Human Resources Manager.
You should report any health and safety concerns immediately to the HSO.
The HSO is expected to make himself/herself available to the Board of Directors and Management to report in matters of Health and Safety any time necessary.
The time invested by the HSO position computes as working hours and shall never represent extra hours on top of the Working Period as described in the corresponding engagement document.
The organization will put in place a Health and Safety Team, or THS, to support the HSO in evaluating, designing, implementing and disseminating training for required Health and Safety protocols.
Team Health and Safety is a part of [TIOF] Team Human Resources.
The organization will inform and consult the Health and Safety Officer or directly with all staff regarding health and safety matters.
The HST will convene at least once during the General Meeting to determine if specific steps are to be implemented in the coming Season.
Other Status Meetings as well as Emergency Meetings can be conveyed and initiated by:
The Health and Safety Officer
Management
Board of Directors
The organization will ensure that all TIOF Members are given adequate training and supervision to perform their responsibilities competently and safely. TIOF Members will be given a Health and Safety Induction during their Onboarding. Further training will be provided as needs arise.
TIOF Members must use TIOF equipment in accordance with any instructions given by the organization. Any equipment fault or damage must immediately be reported to the Health and Safety Officer.
TIOF Members shall not attempt to repair equipment unless trained to do so.
All accidents and injuries at work, however minor, should be reported to
the Health and Safety Officer or,
your corresponding Team Manager or,
your corresponding Team Human Resources Manager.
All TIOF Members should familiarize themselves with the fire safety instructions in their physical offices (when applicable), which are displayed on notice boards and near fire exits in the workplace.
This should also be considered should the Member perform duties remotely, for instance from a co-working space, an event they are attending or from their own residence.
At the hearing of a fire alarm, TIOF Members are to leave the building immediately by the nearest fire exit and go to the fire assembly point outside of the premises.
RULE OF THE 60 SECONDS
Fire alarm tests as well as false alarms are not unusual. To ensure that an alarm is in fact real and requires evacuation, you can use the following rule:
Time of alarm < 60 seconds: Be ready and remain alert, observing the situation from where you are. If the alarm stops, resume your activities.
For physical offices, fire drills will be held at least every 12 months and must be taken seriously.
TIOF will also carry out regular fire risk assessments and regular checks of fire extinguishers, fire alarms, escape routes and emergency lighting whenever applicable.
The organization carries out general workplace risk assessments periodically, both in physical offices and remotely. The purpose of these assessments is to identify potential risks to health and safety of TIOF Members, visitors and other third parties as a result of TIOF's activities and to identify any measures that need to be taken to control those risks.
Version 1.0 | This Policy was approved on 03 May 2022.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Sickness Absence that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to the necessary arrangements for sick pay and for reporting and managing sickness absence.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation values, above anything, the wellbeing of its Members (as well as its Contributors).
Health is a critical matter and will always be treated with respect and consideration.
Likewise, the organization expects its Members to make use of their absences in a judicious manner and will not tolerate abuses.
If you cannot attend work because you are sick or injured you should communicate it as early as possible and no later than 30 minutes after the time when you are normally expected to start work to:
your corresponding Team Manager, or
your corresponding Team Human Resources Manager, or
a fellow TIOF Member who will be able to forward the communication to any of the above.
The Channels to communicate must be:
Telephone
TIOF's Slack workspace
You must complete a self-certification form for sickness absence of up to seven calendar days.
For any absence of more than a week you must obtain a certificate from your doctor stating that you are not fit for work; said certificate will have to clearly indicate the reason for such decision. You must also complete a self-certification form to cover the first seven days. If absence continues beyond the expiry of a certificate, a further certificate must be provided.
If your doctor provides a certificate stating that you "may be fit for work" you must inform us immediately. We will hold a discussion with you about how to facilitate your return to work, taking into account of your doctor's advice. If appropriate measures cannot be taken, you will remain on sick leave and we will set a date for a review.
You may be entitled to Statutory Sick Pay (SSP) if you satisfy the relevant statutory requirements. Qualifying days for SSP are Monday to Friday, or as set out in your Engagement Document. The rate of SSP is set by the government in April each year. No SSP is payable for the first three consecutive days of absence, it starts on the fourth day of absence and may be payable for up to 28 weeks.
This section will be updated as we gather the necessary information for missing jurisdictions.
After a period of sick leave we may hold a return-to-work interview with you. The purposes may include:
ensuring you are fit for work and agreeing any actions necessary to facilitate your return;
confirming you have submitted the necessary certificates;
updating you on anything that may have happened during your absence;
raising any other concerns regarding your absence record or your return to work.
The following paragraphs set out our procedure for dealing with long-term absence or where your level or frequency of short-term absence has given us cause for concern. The purpose of the procedure is to investigate and discuss the reasons for your absence, whether it is likely to continue or recur, and whether there are any measures that could improve your health and/or attendance. We may decide that medical evidence, or further medical evidence, is required before deciding on a course of action.
We will notify you in writing of the time, date and place of any meeting, and why it is being held. We will usually give you a week's notice of the meeting.
You may bring a companion to any meeting or appeal meeting under this procedure. Your companion may be either a trade union representative or a colleague, who will be allowed reasonable paid time off from duties to act as your companion.
If you or your companion cannot attend at the time specified you should let us know as soon as possible and we will try, within reason, to agree an alternative time.
If you have a disability, we will consider whether reasonable adjustments may need to be made to the sickness absence meetings procedure, or to your role or working arrangements.
We may ask you to consent to a medical examination by a doctor or occupational health professional or other specialist nominated by us (at the organization's expense).
The purposes of a sickness absence meeting (or meetings, should it be deemed necessary) will be to
discuss the reasons for your absence,
how long it is likely to continue,
whether it is likely to recur,
whether to obtain a medical report and
whether there are any measures that could improve your health and/or attendance.
In cases of long-term absence, we may seek to agree a return-to-work programme, possibly on a phased basis.
In cases of short-term, intermittent absence, we may set a target for improved attendance within a certain timescale.
If, after a reasonable time, you have not been able to return to work or if your attendance has not improved within the agreed timescale, we will hold a further meeting (or meetings, should it be deemed necessary). The organization will seek to establish whether the situation is likely to change, and may consider redeployment opportunities at that stage. If it is considered unlikely that you will return to work or that your attendance will improve within a short time, we may give you a written warning that you are at risk of dismissal. We may also set a further date for review.
Where you have been warned that you are at risk of dismissal, and the situation has not changed significantly, we will hold a meeting to consider the possible termination of your employment.
Before we make a decision, we will consider any matters you wish to raise and whether there have been any changes since the last meeting.
You may appeal against the outcome of any stage of this procedure. If you wish to appeal you should set out your appeal in writing to your corresponding Team Human Resources Manager, stating your grounds of appeal, within one week of the date on which the decision was sent or given to you.
If you are appealing against a decision to dismiss you, we will hold an appeal meeting, normally within two weeks of receiving the appeal. This will be dealt with impartially and, where possible, by someone who has not previously been involved in the case.
We will confirm our final decision in writing, usually within one week of the appeal hearing.
Once the final decision is communicated there will be no further right of appeal.
The date that any dismissal takes effect will not be delayed pending the outcome of an appeal. However, if the appeal is successful, the decision to dismiss will be revoked with no loss of continuity or pay.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Whistleblowing that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to the necessary arrangements for sick pay and for reporting and managing sickness absence.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to conducting its advocacy and all of its business in an honest and Rights & Obligations manner and expects all TIOF Members and Contributors to maintain high standards in this regard. Any suspected wrongdoing should be reported as soon as possible and will be investigated with the outmost confidentiality.
It is crucial to understand that a whistleblowing scenario is never desired. Should the concerns raised be proven to be true, it is not the whistleblower's fault, rather the organization's.
In other words, whistleblowing can only happen if the organization hasn't done its job properly.
Please remember that presumption of innocence applies to everyone.
This applies to both the whistleblower and the organization alike.
Whistleblowing is the reporting of suspected wrongdoing or dangers in relation to our activities. This includes, although not limited to, bribery, facilitation of tax evasion, fraud or other criminal activity, miscarriages of justice, health and safety risks, damage to the environment and any breach of legal or professional obligations.
When judging if a wrongdoing may have occurred, it is important to evaluate the intention behind it.
If you have any whistleblowing concerns, you should contact your corresponding Team Human Resources Manager.
We will arrange a meeting with you as soon as possible to discuss your concern. You may bring a colleague or union representative to any meetings under this Policy.
Your companion must respect the confidentiality of your disclosure and any subsequent investigation.
We hope that Members will feel able to voice whistleblowing concerns openly under this Policy. Completely anonymous disclosures are difficult to investigate. If you want to raise your concern confidentially, we will make every effort to keep your identity secret and only reveal it where necessary to those involved in investigating your concern.
The aim of this Policy is to provide an internal mechanism for reporting, investigating and remedying any wrongdoing in the workplace. In most cases you should not find it necessary to alert anyone externally.
We aim to encourage openness and will support whistleblowers who raise genuine concerns under this policy, even if they turn out to be mistaken.
You, or any other TIOF Member or Contributor, must not threaten or retaliate against whistleblowers in any way. If you are involved in such conduct you may be subject to disciplinary action. We wish to note that in some cases the whistleblower could have a right to sue personally for compensation in an employment tribunal.
The following is a non exhaustive list of external organizations to which you could reach out to seek advise on whistleblowing.
Should you wish to suggest additional external organizations to be added to the list, please reach out to your corresponding Team Human Resources Manager.
This section will be updated as we gather the necessary information for missing jurisdictions.
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Retaliation: treating someone that has complained or has supported someone else's complaint about discrimination or harassment less favorably. Harassment is dealt with further in our .
Vacancies should always be advertised in all official and ensure avoid using any wording that may discourage particular citizens from applying.
In any case, this is not mandatory unless the disability affects your ability to perform your responsibilities as described in your .
The IO Foundation takes a strict approach to breaches of this Policy, which will be dealt with in accordance with our .
If you believe that you have suffered discrimination you can raise the matter through our .
You shall not be retaliated against for complaining about discrimination. However, making a false allegation deliberately and in bad faith will be treated as misconduct and dealt with under our with the same determination as the allegation.
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Failure to comply with this policy may be treated as misconduct and dealt with under our .
Details of first aid facilities are listed in the .
The list of trained first aiders are made available on our .
All incidents are to be recorded in the .
Time of alarm > 60 seconds: Proceed to evacuate calmly, following the .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, abuse of sickness absence, including failing to report absence or falsely claiming sick pay will be treated as misconduct under our . Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
You will be asked to agree that any medical report produced may be disclosed to us and that we may discuss the contents of the report with the specialist and with our advisers. All medical reports will be kept confidential and held in accordance with our .
Once a TIOF Member has been notified of a dismissal, an Offboarding procedure will be triggered as described in .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, failure to protect a whistleblower or interfere with any such related ongoing investigation will be treated as misconduct under our . Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
The law recognizes however that in some circumstances it may be appropriate for you to report your concerns to an external body such as a regulator. We strongly encourage you to seek advice before reporting a concern to anyone external. Some organizations specialize in such advice. You can find some at the end of this Policy.
Whistleblowers must not suffer any detrimental treatment as a result of raising a genuine concern. If you believe that you have suffered any such treatment, you should inform your corresponding Team Human Resources Manager immediately. If the matter is not remedied you should raise it formally using as stated in the .
Should we conclude that a whistleblower has made false allegations or acted in an otherwise malicious intention, the whistleblower may be subject to disciplinary action according to our .
Protect Helpline: 0203 117 2520 | E-mail: | Website:
######Donation Anything that is not human-related In particular - Objects (In kind) - Monetary instruments - - Fiat - - Crypto Therefore we consider time given (voluntarism) as NOT a donation although for financial calculations it may be accounted for. - What are the Tiers to be used? Tier 1 from 0 to 4999 Tier 2 from 5000 to above TIERS DEPENDENT ON APPLICABLE REGULATION PER JURISIDICTION PER FINANCIAL INSTRUMENT Ex Fiat Tiers > Check AMLA Crypto? Crypto: Valuation based on the value of the coin vs EUR on the day of the donation. Further fluctuations on the price shall not be considered. https://coinmarketcap.com/ Reference >> Use Portfolio to record transactions.
Auditors for each jurisdiction are to be appointed and given access to the organization's accounts.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Article 7: Types of Donations 7.1 TIOF accepts donations in various forms to provide flexibility to our supporters. These include:
Fiat currency through legal tender
Cryptocurrency in accordance with regulatory compliance measures
In-kind donations, which may consist of goods or services valuable to our operations
All TIOF Policies are to be implemented through their corresponding Handbook.
Always natural year.
1st January to 31st December
The organization shall clearly establish a yearly timeline that reflects all relevant activities, processes and deadlines in accordance to their corresponding jurisdictions and must be strictly followed.
The Finance Handbook will specify the details for each organization.
Second Friday of the month
Any pending per diems or other expenses to be refunded: 1 week before FYE
Otherwise the funds will be donated to TIOF.
Any reimbursement claims must be submitted latest 3rd day of next payment cycle month
Roles for each position are to be defined with precision. Overlapping of roles that may lead to financial mismanagement are to be made not possible.
(Maybe put this under Contracted Parties?)
Auditors must comply with the following:
Be external to the organization
Do not have a conflict of interest with any Board or managerial members of the organization
Sign an SoI upon contracting
The organization must contract the necessary external auditors
As required by legislation
To fully implement the organizations' accountability and transparency commitments
To implement project evaluations, when necessary
The organization will ensure that Auditors:
Are provided with a clear definition of their auditing mandate
Are provided with all the information they require to fulfill their mandates
Are provided with all the tools the organization has available to perform their mandate
All payments require at least one approval.
Conversions needs to be approved by the Board.
To be extracted quarterly and stored on TIOF's Team Finance Storage.
For activities Type A
Transportation
For activities Type B
Transportation
Accommodation
Per Diem
Communications (SIM)
>> Make a table
Per Diems & Cost of Accommodation shall be clearly stipulated in the Financial Handbook.
Cash Advances for Activities and Payments
Liquidation of Cash Advances\
Honoraria
Per Diem Regulations; Maximum Amount
Guidelines to per diem and hotel accommodation may change when the project partner requires otherwise. Subsequent consultation and agreement shall be made with the Executive Secretariat. Additionally, in the period of its initial years, expenses for logistics i.e. accommodation, travel and board, shall be negotiated with the staff as needed.
Hotel Accommodation
Travel Regulation
Procurement
Expenses shall be implemented based on the approved project budget.
All purchases – goods or services – must undergo a respective procurement process using the TIOF procurement form.
Minimum of 3 quotations must be presented in procuring goods and services greater than $5000.
#Procurement Purchases online (Appsumo, Kualo, etc.) should be acquired by an assigned person (label to be provided) and reimbursed on a quarterly basis.
Must have an enabled email address.
Procurement@TheIOFoundation.org
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Funding that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is an independent entity, making decisions and operating without undue influence from external parties. All funding strategies and acceptance of funds will always be determined by its own internal mechanisms and align with its Mission, Vision, values and organizational goals. The IO Foundation unequivocally asserts that it does not, and shall not, welcome nor accept any form of external influence in its funding matters.
The provisions described in this policy must comply at all times with The IO Foundation's Finance Policy.
The IO Foundation firmly upholds a policy of non-interference, ensuring that external influence is categorically unwelcome and will not be entertained.
The IO Foundation will accept only currencies listed in its Financial Policy.
The IO Foundation accepts funding from a variety of sources, or streams, consistent with its mission and values. The following are recognized types of funding:
FUNDING POLICY OF THE IO FOUNDATION (TIOF)
I. Introduction The IO Foundation (TIOF) is an independent organization that values transparency, integrity, and the pursuit of excellence in all its activities. This Funding Policy outlines the principles and procedures that govern the acquisition and management of funds by TIOF.
II. Independence TIOF reiterates its status as an independent entity. The organization's strategic direction, operational decisions, and governance are determined by its own internal policies, bylaws, and guiding principles, without external influence.
III.
To preserve TIOF's independence and to align with our ethical standards:
No Strings Attached: All donations and grants are received on the basis that they come without strings attached. Funding will not dictate TIOF's activities, research outcomes, or advocacy positions.
Background Checks: TIOF reserves the right to conduct due diligence and background checks on the sources of funding to ensure alignment with our values and to prevent reputational risk.
Compliance with Laws: All donations and funding arrangements are subject to the strict respect of applicable local and international laws. TIOF will not engage in or endorse activities that contravene such legal requirements.
V. Income Declaration TIOF is committed to full compliance with fiscal responsibilities. All income, irrespective of its nature, shall be declared to the corresponding authorities in accordance with relevant tax laws and financial regulations.
VI.
By adhering to this Funding Policy, TIOF ensures that its financial practices remain beyond reproach, supporting a sustainable and principled approach to achieving its long-term objectives.
INDEPENDENCE
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Funding Policy of The IO Foundation (TIOF)
Version 1.0
1. Introduction
This Funding Policy outlines the principles and practices of The IO Foundation (TIOF) regarding the acquisition and management of funds. TIOF is an independent organization committed to transparency, legal compliance, and ethical standards in all its funding activities.
2. Independence
TIOF is an independent entity, making decisions and operating without undue influence from external parties. Our funding strategies and acceptance of funds align with our mission, values, and organizational goals.
4. Donations Without Strings Attached
All donations received by TIOF come with no strings attached. Donors do not gain influence over TIOF's decision-making processes, policies, or operations. TIOF maintains full autonomy in its use of donated funds, ensuring alignment with its mission and objectives.
5. Background Checks on Donations
TIOF reserves the right to conduct background checks on significant donations to ensure alignment with our ethical standards and values. This process is to safeguard TIOF from associations that might compromise its integrity, reputation, or values.
6. Compliance with Applicable Laws
All donations and funding sources are accepted under the strict respect and adherence to applicable laws and regulations. TIOF is committed to legal compliance in all jurisdictions where it operates.
7. Declaration of Income
TIOF declares all income to the corresponding authorities as required by law. This includes, but is not limited to, income from donations, grants, sales of services and products, and any other funding sources. TIOF is committed to financial transparency and accountability.
8. Review and Amendments
This policy is subject to periodic review and may be amended as necessary to reflect changes in legal requirements, funding environment, or organizational priorities.
All funding will have to comply with:
Not being in conflict with TIOF's Mission & Vision
Not being in conflict with any provision in its Code of Conduct
Not being in conflict with any provisions in this policy
Minimum grant amounts:
Minimum of grant amount vs time to be invested
All funding opportunities need to be evaluated according to the Funding Evaluation Form.
See Resource Allocation Handbook.
All payment gateway platforms are to include
Terms and Conditions
Privacy Policy
TIOF receives funds through grants, donations, registration fees during activities and income from services.
Grant Application
All grant applications must be entered into only by the Chief Executive Officer deliberated in the Executive Secretariat and in the Board of Directors.
Projects must be responsive to TIOF’s key focus which is Digital Rights and leads to the Foundation’s vision.
Funding Source
TIOF refuses to receive grants from organizations, companies or individuals who are directly linked to businesses involving alcohol, illegal drugs, tobacco and extractive industries that are harmful to the environment. As well as any other activities declared as illegal in each of the country networks.
Funds Management
Projects must be adequately funded to ensure effective implementation.
To ensure efficient funds management, refer to TIOF Financial Control Guidelines.
Organization Bank Account
TIOF shall maintain an organization bank account for the safekeeping of TIOF funds.
The signatory for this bank account shall be any two of the following:
Chairman of the Board + BoD Treasurer; President + Chairman of the Board; or BoD + President
All fund disbursement must be validated by the Finance Manager based on the project plan prepared by the Project Manager / Officer as approved by the Program Manager and further signed off by the Chief Executive Officer.
In the absence of a Board of Directors, as it is now for TIOF, a newly founded organization by a single visionary, the current CEO and founder, Jean F. Queralt shall be the single signatory of the bank account. The respective accounting procedure based on project management shall still apply.
TIOF shall maintain a revolving fund of not less than 1000 USD equivalent in local currency which shall be under the responsibility of the CEO and shall be reviewed quarterly by the Finance Manager.
Project Bank Account
A separate bank account shall be opened for specific projects if required by the donor.
Each project will have a corresponding petty cash allocation of not greater than 250 USD equivalent in local currency or unless otherwise approved by the CEO. Petty Cash will be under the accountability of the Project Officer or the Project Assistant.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Transparency and Accountability that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to ensure that the organization maintains the highest available levels of transparency and accountability in its operations, both at an institutional and initiatives activities.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Accountability is critical to ensure that the organization acts in a respectful fashion towards TIOF Members, its supporters and TIOF's advocacy's beneficiaries.
The organization expects its Members to uphold these values at all given times.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
For a structure of The IO Foundation, please visit
Back to top
This document sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a Member for TIOF. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Coordinator.
The IO Foundation is committed to conducting its advocacy and all of its business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly, with integrity and under the observance of the law in all our operations, business dealings and relationships.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
Back to top
This document directly applies to:
This document indirectly applies to:
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top
This policy is guided by TIOF's Organization Taxonomy. https://TIOF.Click/OrgTaxonomy
Back to top
https://TIOF.Click/TIOFOrgChart
Back to top
Salary Matrix document: https://TIOF.Click/TIOFSalaryMatrix
The document has an About tab describing its components and with instructions on how to use it.
Salaries are calculated to provide for a decent living in the context of the European zone.
Under no circumstance the resulting salary is to be under the minimum wage of the applicable jurisdiction.
Note: It is noted that cost of living disparities across the European zone exist. For the purpose of simplifying management the organization has decided to base the final number on the tax-applicable jurisdiction of the Member.
Back to top
For TIOF Members
Bank same provider than TIOF.
For non TIOF Members
Any other bank.
On 15th day of the month or immediately previous working day.
12 unless specified in the corresponding jurisdiction.
Coefficient to be extracted from OANDA 1 January of fiscal year.
WE REQUIRE A CORRECTION COEFFICIENT BASED ON COST OF LIVING ON SITE. Numbeo / Payscale / Others
Purchasing Parity Power http://salaryconverter.nigelb.me/
Under no circumstance the resulting salary is to be under the minimum wage of the applicable jurisdiction.
Back to top
Add Estonian inflation? / Year Add to policy: At any given time, Highest and Lowest are never beyond x7
Back to top
Back to top
Staff payment
Organizational staff are paid in full or partial from project funds. The percentage breakdown can be monitored via TIOF’s Labour Distribution Matrix.
TIOF staff is free to donate part of their salary back to the organization, at their sole discretion.
Internal Control
To ensure internal control in finances, each project must have:
a project concept and corresponding project budget following TIOF Fiscal Calendar (31 December)
the project budget must have been approved by the CEO and the funding partner before implementation
the Finance Manager verifies expenses based on the approved project budget and monitor burn rate using the Fund Monitoring System
All honoraria shall be paid once a month only and every 20th of the month. All payments shall be in US Dollars.
Q >> Has expenses
Q + 1
1 Week Finance to receive notification to list pending receipts
2 Week Deadline for final list of pending receipts Teams to receive notification
3 Week Teams to receive reminder
4 Week Deadline for all TIOF members to provide pending receipts
For a structure of The IO Foundation, please visit
The IO Foundation's IT and communications systems are intended to promote effective communication, working practices and an effective way to advance its advocacy.
This Policy does not form part of any Engagement Document and we may amend it at any time.
This document directly applies to:
All [TIOF Members] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#member)
This document does not apply to:
All [TIOF Contributors] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#contributors)
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Interpretation Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The UK GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing. Automated Processing: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing. Company name: The IO Foundation MTU. Company Personnel: all employees, workers contractors, agency workers, consultants, directors, volunteers and others. Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them. Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the UK GDPR. We are the Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes. Criminal Convictions Data: means personal data relating to criminal convictions and offences and includes personal data relating to criminal allegations and proceedings. Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data. Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programmes involving the Processing of Personal Data. Data Protection Officer (DPO): the person required to be appointed in specific circumstances under the UK GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance. EEA: the 28 countries in the EU, and Iceland, Liechtenstein and Norway. Explicit Consent: consent which requires a very clear and specific statement (that is, not just action). UK General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679) as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018. Personal Data is subject to the legal safeguards specified in the UK GDPR. Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of Personal Data is a Personal Data Breach. Privacy by Design: implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the UK GDPR. Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose. Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties. Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure. Special Categories of Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data. INTRODUCTION The Data Protection Policy sets out how The IO Foundation MTU ("we", "our", "us", "the Company") handle the Personal Data of our customers, suppliers, employees, workers and other third parties. This Data Protection Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, website users or any other Data Subject. This Data Protection Policy applies to all Company Personnel ("you", "your"). You must read, understand and comply with this Data Protection Policy when Processing Personal Data on our behalf and attend training on its requirements. This Data Protection Policy sets out what we expect from you for the Company to comply with applicable law. Your compliance with this Data Protection Policy is mandatory. Any breach of this Data Protection Policy may result in disciplinary action. This Data Protection Policy is an internal document and cannot be shared with third parties, clients or regulators without prior authorisation from the DPO. Scope We recognise that the correct and lawful treatment of Personal Data will maintain confidence in the organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Company is exposed to potential fines of up to EUR20 million or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the provisions of the UK GDPR. All departments are responsible for ensuring all Company Personnel comply with this Data Protection Policy and need to implement appropriate practices, processes, controls and training to ensure that compliance. The DPO is responsible for overseeing this Data Protection Policy. That post is held by [insert name]. Please contact the DPO with any questions about the operation of this Data Protection Policy or the UK GDPR or if you have any concerns that this Data Protection Policy is not being or has not been followed. In particular, you must always contact the DPO in the following circumstances: if you are unsure of the lawful basis which you are relying on to process Personal Data (including the legitimate interests used by the Company) (see paragraph 5.1); if you need to rely on Consent and/or need to capture Explicit Consent (see paragraph 6); if you need to draft Privacy Notices (see paragraph 7); if you are unsure about the retention period for the Personal Data being Processed (see paragraph 11); if you are unsure about what security or other measures you need to implement to protect Personal Data (see paragraph 12.1); if there has been a Personal Data Breach (see paragraph 13); if you are unsure on what basis to transfer Personal Data outside the EEA (see paragraph 14); if you need any assistance dealing with any rights invoked by a Data Subject (see paragraph 15); whenever you are engaging in a significant new, or change in, Processing activity which is likely to require a DPIA (see paragraph 19) or plan to use Personal Data for purposes other than what it was collected for; if you plan to undertake any activities involving Automated Processing including profiling or Automated Decision-Making (see paragraph 20); if you need help complying with applicable law when carrying out direct marketing activities (see paragraph 21); or if you need help with any contracts or other areas in relation to sharing Personal Data with third parties (including our vendors) (see paragraph 22). Personal data protection principles We adhere to the principles relating to Processing of Personal Data set out in the UK GDPR which require Personal Data to be: processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency); collected only for specified, explicit and legitimate purposes (Purpose Limitation); adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation); accurate and where necessary kept up to date (Accuracy); not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation); processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality); not transferred to another country without appropriate safeguards being in place (Transfer Limitation); and made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests). We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability). Lawfulness, fairness, transparency Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject. You may only collect, Process and share Personal Data fairly and lawfully and for specified purposes. The UK GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing, but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject. The UK GDPR allows Processing for specific purposes, some of which are set out below: the Data Subject has given his or her Consent; the Processing is necessary for the performance of a contract with the Data Subject; to meet our legal compliance obligations; to protect the Data Subject's vital interests; to pursue our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which we process Personal Data for legitimate interests need to be set out in applicable Privacy Notices; or [insert other UK GDPR processing grounds]. You must identify and document the legal ground being relied on for each Processing activity in accordance with any Company guidelines on Lawful Basis for Processing Personal Data, in force from time to time. Consent A Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the UK GDPR, which include Consent. A Data Subject consents to Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters. Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented. When processing Special Category Data or Criminal Convictions Data, we will usually rely on a legal basis for processing other than Explicit Consent or Consent if possible. Where Explicit Consent is relied on, you must issue a Privacy Notice to the Data Subject to capture Explicit Consent. You will need to evidence Consent captured and keep records of all Consents so that the Company can demonstrate compliance with Consent requirements. Transparency (notifying Data Subjects) The UK GDPR requires Data Controllers to provide detailed, specific information to Data Subjects depending on whether the information was collected directly from Data Subjects or from elsewhere. The information must be provided through appropriate Privacy Notices which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them. Whenever we collect Personal Data directly from Data Subjects, including for human resources or employment purposes, we must provide the Data Subject with all the information required by the UK GDPR including the identity of the Controller and DPO, how and why we will use, Process, disclose, protect and retain that Personal Data through a Privacy Notice which must be presented when the Data Subject first provides the Personal Data. When Personal Data is collected indirectly (for example, from a third party or publicly available source), we must provide the Data Subject with all the information required by the UK GDPR as soon as possible after collecting or receiving the data. We must also check that the Personal Data was collected by the third party in accordance with the UK GDPR and on a basis which contemplates our proposed Processing of that Personal Data. If you are collecting Personal Data from Data Subjects, directly or indirectly, then you must provide Data Subjects with a Privacy Notice. You must comply with any Company guidelines on drafting Privacy Notices, in force from time to time. Purpose limitation Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes. You cannot use Personal Data for new, different or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have provided Consent where necessary. Data minimisation Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed. You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties. You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes. You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the Company's data retention guidelines. Accuracy Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate. You will ensure that the Personal Data we use and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. You must take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data. Storage limitation Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed. The Company will maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires that data to be kept for a minimum time. You must comply with any Company guidelines on data retention in force from time to time. You must not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements. You will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require in accordance with all the Company's applicable records retention schedules and policies. This includes requiring third parties to delete that data where applicable. You will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable Privacy Notice. Security integrity and confidentiality Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Special Categories of Personal Data and Criminal Convictions Data from loss and unauthorised access, use or disclosure. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested. You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows: Confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it; Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed; and Availability means that authorised users are able to access the Personal Data when they need it for authorised purposes. You must comply with and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the UK GDPR and relevant standards to protect Personal Data. Reporting a Personal Data Breach The UK GDPR requires Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject. We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so. If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the DPO. You should preserve all evidence relating to the potential Personal Data Breach. Transfer limitation The UK GDPR restricts data transfers to countries outside the EEA to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined. You transfer Personal Data originating in one country across borders when you transmit, send, view or access that data in or to a different country. You may only transfer Personal Data outside the EEA if one of the following conditions applies: the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subject's rights and freedoms; appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO; the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or the transfer is necessary for one of the other reasons set out in the UK GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest. You must comply with any Company guidelines on cross-border data transfers in force from time to time. Data Subject's rights and requests Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to: withdraw Consent to Processing at any time; receive certain information about the Data Controller's Processing activities; request access to their Personal Data that we hold; prevent our use of their Personal Data for direct marketing purposes; ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data; restrict Processing in specific circumstances; challenge Processing which has been justified on the basis of our legitimate interests or in the public interest; request a copy of an agreement under which Personal Data is transferred outside of the EEA; object to decisions based solely on Automated Processing, including profiling (ADM); prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else; be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms; make a complaint to the supervisory authority; and in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format. You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation). You must immediately forward any Data Subject request you receive to DPO and comply with any Company Data Subject response process in force from time to time. Accountability The Controller must implement appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles. The Controller is responsible for, and must be able to demonstrate, compliance with the data protection principles. The Company must have adequate resources and controls in place to ensure and to document UK GDPR compliance including: appointing a suitably qualified DPO (where necessary) and an executive accountable for data privacy; implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects; integrating data protection into internal documents including this Data Protection Policy or Privacy Notices; regularly training Company Personnel on the UK GDPR, this Data Protection Policy and data protection matters including, for example, Data Subject's rights, Consent, legal bases, DPIA and Personal Data Breaches. The Company must maintain a record of training attendance by Company Personnel; and regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort. Record-keeping The UK GDPR requires us to keep full and accurate records of all our data Processing activities. You must keep and maintain accurate corporate records reflecting our Processing including records of Data Subjects' Consents and procedures for obtaining Consents in accordance with any Company record-keeping guidelines in force from time to time. These records should include, at a minimum, the name and contact details of the Controller and the DPO, clear descriptions of the Personal Data types, Data Subject types, Processing activities, Processing purposes, third-party recipients of the Personal Data, Personal Data storage locations, Personal Data transfers, the Personal Data's retention period and a description of the security measures in place. To create the records, data maps should be created which should include the detail set out above together with appropriate data flows. Training and audit We are required to ensure all Company Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance. You must undergo all mandatory data privacy related training and ensure your team undergo similar mandatory training [in accordance with any Company mandatory training guidelines in force from time to time. You must regularly review all the systems and processes under your control to ensure they comply with this Data Protection Policy and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data. Privacy By Design and Data Protection Impact Assessment (DPIA) We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles. You must assess what Privacy by Design measures can be implemented on all programmes, systems or processes that Process Personal Data by taking into account the following: the state of the art; the cost of implementation; the nature, scope, context and purposes of Processing; and the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing. Data controllers must also conduct DPIAs in respect to high-risk Processing. You should conduct a DPIA (and discuss your findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including: use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes); automated Processing including profiling and ADM; large-scale Processing of Special Categories of Personal Data or Criminal Convictions Data; and large scale, systematic monitoring of a publicly accessible area. A DPIA must include: a description of the Processing, its purposes and the Data Controller's legitimate interests if appropriate; an assessment of the necessity and proportionality of the Processing in relation to its purpose; an assessment of the risk to individuals; and the risk mitigation measures in place and demonstration of compliance. You must comply with any Company guidelines on DPIA and Privacy by Design in force from time to time. Automated Processing (including profiling) and Automated Decision-Making Generally, ADM is prohibited when a decision has a legal or similar significant effect on an individual unless: a Data Subject has given Explicit Consent; the Processing is authorised by law; or the Processing is necessary for the performance of or entering into a contract. If certain types of Special Categories of Personal Data or Criminal Convictions Data are being processed, then grounds (b) or (c) will not be allowed but the Special Categories of Personal Data and Criminal Convictions Data can be Processed where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention. If a decision is to be based solely on Automated Processing (including profiling), then Data Subjects must be informed when you first communicate with them of their right to object. This right must be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard the Data Subject's rights and freedoms and legitimate interests. We must also inform the Data Subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the Data Subject the right to request human intervention, express their point of view or challenge the decision. A DPIA must be carried out before any Automated Processing (including profiling) or ADM activities are undertaken. Where you are involved in any data Processing activity that involves profiling or ADM, you must comply with any Company guidelines on profiling or ADM in force from time to time. Direct marketing We are subject to certain rules and privacy laws when marketing to our customers. For example, a Data Subject's prior consent is required for electronic direct marketing (for example, by email, text or automated calls). The limited exception for existing customers known as "soft opt in" allows organisations to send marketing texts or emails if they have obtained contact details in the course of a sale to that person, they are marketing similar products or services, and they gave the person an opportunity to opt out of marketing when first collecting the details and in every subsequent message. The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information. A Data Subject's objection to direct marketing must be promptly honoured. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future. You must comply with any Company guidelines on direct marketing to customers in force from time to time. Sharing Personal Data Generally we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place. You may only share the Personal Data we hold with another employee, agent or representative of our group (which includes our subsidiaries and our ultimate holding company along with its subsidiaries) if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions. You may only share the Personal Data we hold with third parties if: they have a need to know the information for the purposes of providing the contracted services; sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject's Consent has been obtained; the third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place; the transfer complies with any applicable cross border transfer restrictions; and a fully executed written contract that contains UK GDPR-approved third party clauses has been obtained. You must comply with any Company guidelines on sharing data with third parties in force from time to time. Changes to this Data Protection Policy We keep this Data Protection Policy under regular review. This version was last updated in [January] 2021. This Data Protection Policy does not override any applicable national data privacy laws and regulations in countries where the Company operates. Acknowledgement of receipt and review I, [insert name], acknowledge that on [insert date], I received and read a copy of the Company's Data Protection Policy and understand that I am responsible for knowing and abiding by its terms. I understand that the information in this Data Protection Policy is intended to help Company Personnel work together effectively on assigned job responsibilities and assist in the use and protection of Personal Data. This Data Protection Policy does not set terms or conditions of employment or form part of an employment contract. Signed ………………………………………………………. Printed Name ………………………………………………. Date ………………………………………………………….
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Human Resources that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to elements such as engaging with TIOF Members.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Equally, the organization will do all in its capacity to provide capacity building and enable opportunities to its Members.
The organization will uphold
Enlightenment values
Civil Rights
UDHR
UDDR
Merit-based selection processes
The organization will be guided by its Code of Conduct at all given times.
The following TIOF Policies are directly related to this Policy and must be uphold at all times:
The IO Foundation engages with TIOF Members through engagement documents. These documents are otherwise known as
contracts
Terms of Reference
All TIOF's Engagement documents must be as specific as possible and will include, at a very minimum, the following information:
All necessary identifiable information from the TIOF Member
Signature fields for all involved parties
Clear information about the period of application and probation
Complete description of attributions and responsibilities
Complete description of the title held by the position
Complete description of commitments from TIOF
Explicit information on remuneration (when applicable)
Explicit information on taxation (when applicable)
Explicit information on leaves (when applicable)
Clear information on the applicable policies and procedures
Explicit mention of the applicable jurisdiction
Clear notification of the obligation for both an onboarding and offboarding sessions
TIOF Teams must be defined in the most comprehensive way as possible.
The IO Foundation will ensure the availability of a recruitment platform that will:
Provide a comprehensive list of open positions
Allow integral management candidates and their submissions
The Organizational Chart must be made publicly available
The following are the different stages through which all engagements are to be conducted.
This stage involves the identification of potential candidates from TIOF, who will be approached to explore their interest in the available position.
This stage involves potential candidates that have applied to an existing open position.
This stage involves the evaluation of the candidate for a given open position.
This stage involves performing an interview with candidates in order to evaluate their suitability for a given open position.
Exploration, if ever necessary, to customize the terms of the open position may be had at this stage.
Negotiations, while not discouraged, will be kept to the minimum possible in order to minimize time and resource consumption.
Any amendments to the terms require the supervision from
The corresponding Team Management
The corresponding Team Finance
The corresponding Team Legal
The organization will ensure the availability of a booking platform to arrange for the interview.
This stage involves submitting a proposed engagement document to formalize the acceptance of the open position.
Negotiations, if ever necessary, to modify the engagement document may be had at this stage.
Negotiations, while not discouraged, will be kept to the minimum possible in order to minimize time and resource consumption.
Any amendments to the terms require the final approval from
The corresponding Team Management
The corresponding Team Finance
The corresponding Team Legal
Unless otherwise specified, any Offer will have a validity of 15 natural days.
The organization will ensure the availability of a digital signature platform to handle the signature of the engagement document.
This stage involves confirming to all parties, as well as the corresponding Team Manager, that the candidate has started its engagement period in the organization or initiative.
This stage involves providing the TIOF Member with all the necessary induction, training and support to enable the Member to incorporate in the position and perform the attributions and responsibilities as described in the engagement
A TIOF Member failing to attend the Onboarding session, or otherwise showing a lack of interest in its contents, are to be be kept On Probation stage regardless of said probation time having expired.
The contents of the Onboarding session will be composed of
Common information
Tailored information relative to the corresponding Team to which the Member will belong to
All of the Onboarding information must be
decided by the corresponding Team Manager
approved by the CEO
comprehensively described in the relevant Team Guide by the corresponding Team Docs
communicated to the corresponding Team HR Manager
This stage involves establishing the TIOF Member under the probation described in the engagement document for the position.
This stage involves recognizing the TIOF Member under the status of a Full Member.
This stage may activate benefits described in the engagement document or otherwise necessary to pursue the Member's attributions and responsibilities.
This stage involves establishing the TIOF Member under a state of leave, during which no activities are to be expected or obligated from the Member.
A TIOF Member will enter a state of leave under the following circumstances:
leave period as described in the engagement document
The TIOF Member, prior to start the leave, must ensure proper handover of ongoing tasks in order to ensure continuity of operations.
This stage involves entering the TIOF Member under a state of suspension.
This stage may arise upon
an express request by the TIOF Member
This stage involves terminating the TIOF Member's engagement with the organization.
This stage may arise upon
the natural conclusion of the period of engagement
The termination will enter into effect
automatically at the end of the last working day indicated in the engagement document
immediately after the communicating the Member of the decision
Upon entering this stage, the corresponding Team Finance shall held any pending payments to the TIOF member until such time where the Offboarding session has been successfully conducted.
This stage involves performing an offboarding session in order to ensure a proper transition in operations and the return of organization's assets when applicable.
During the offboarding
the TIOF Member will
provide an accurate state and a proper handover of ongoing operations
return all assets, physical, digital or otherwise that may have been confided
sign a release form
optionally provide feedback concerning the experience during the engagement
the organization will
ensure that all of the above are complied properly
perform a performance assessment
if requested, provide feedback concerning the experience during the engagement
Upon the satisfactory execution of the offboarding session, the organization shall release any pending payments to the TIOF Member.
Following the offboarding, the TIOF Member is entitled to request the organization to issue one or more of the following recognition documents:
Letter of recommendation
Certificate of volunteering or internship
The document will reflect an accurate, non embellished depiction of the Member's performance under the ceasing engagement.
When applicable and necessary, the organization will issue a performance report should it be required by a 3rd party institution.
This stage involves placing the Member under an irrevocable condition from occupying any position in the organization at any time and under any circumstance.
The organization is committed to no request from the TIOF Member to perform tasks outside of the working periods herein defined.
Exceptions to the stipulations in this policy will be considered under
applicable jurisdictional regulations
personal beliefs
Such exceptions must be reflected in the TIOF's Member engagement document.
The standard working days are Monday to Friday.
In any case the working days per week shall not exceed 5 natural days.
The standard working hours are 09:00 to 18:00.
A break of 1 hour per day is available for breaks such as
lunch
relax
In any case the working hours per week shall not exceed 40 natural hours.
Should the TIOF Member require extra off time for reasons based on personal beliefs, said time will not compute in the working hours.
As part of their attributions, TIOF Members must observe and attend a number of meetings.
All TIOF Members are entitled to a work leave in the terms reflected in the engagement document.
The standard work leave period is 30 natural days per annum, calculated proportionally to the time of engagement.
Leaves will be paid unless otherwise indicated in the engagement document.
The organization is committed to no request from the TIOF Member to perform tasks during the leave.
Work leave days need be cleared every year and cannot be carried over the following year.
In addition to the above leave, all TIOF Members are entitled to the applicable national holidays according to the applicable jurisdiction indicated engagement document.
The organization will establish during the annual General Meeting the corresponding dates for those national holidays.
All TIOF Members are entitled to emergency leaves for reasons such as
family passing
emergency procedures
A priori, emergency leaves shall be approved immediately. Supporting documents will be required to justify the absence.
Used days under properly documented emergency leave shall not discount the available days in the work leave.
>> Add it to the lifecycle
TIOF Members are
Equal opportunities policy
The organization commits to providing regular training to its Members.
Can happen when:
Non compliance with the Onboarding Session
Icon | Stream | Description |
---|---|---|
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, intentional and malicious disregard of this policy will be treated as misconduct under our . Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
The IO Foundation is fully committed to providing as much transparency in its operations and to be hold accountable for all possible actions that do not reflect it's .
Transparency is paramount to gain the necessary trust among TIOF Members and its supporters in order to ensure maximum impact in its .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements TIOF's
This document does not form part of any and we may amend it at any time.
All
All
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all and will be used as part of the selection criteria when engaging with them.
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This Policy outlines the standards you must observe when using these systems, when we will monitor their use, and the action we will take if you breach these standards that you will need to be aware of while being a Member for TIOF. You should familiarize yourself with it and comply with it at all times. Any breach of this Policy may be dealt with under our and, in serious cases, may be treated as gross misconduct leading to summary dismissal. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team HR Coordinator.
This Policy complements TIOF's
The policies and procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all and will be used as part of the selection criteria when engaging with them.
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
Any other non TIOF Member engagements are covered under
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, engagement that is not compliant with the terms described in this Policy will be treated as misconduct under our . Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
The IO Foundation is committed to engage with TIOF Members who uphold and are fully committed to further advance
All information collected from any TIOF Member is to be treated with outmost confidentiality when necessary and in any case in compliance with both TIOF's and policies.
The IO Foundation defines its positions in both its organization network and initiatives through its .
Any changes in this taxonomy must follow the procedures laid out in .
The organization organizes its structure around a number of that perform the necessary institutional and operational activities to further its and the implementation of its .
All active TIOF Members must be properly reflected in the organization's .
Changes in the Stage of any TIOF Member must be automatically communicated to both the Member and the relevant Managers as described in .
This stage will imply a number of preparatory operations across tools that will be utilized by the TIOF Member in the performing of attributions and responsibilities as described in the engagement document. These are to be described in detail in the .
The non remediation of this circumstance on the part of the Member may be grounds for dismissal as laid out in this policy's .
The induction to this stage will trigger the incorporation of the TIOF Member in the organization's .
This stage will imply a number of updates across tools utilized by the TIOF Member to ensure continuity in operations. These are to be described in detail in the .
sickness (in accordance to )
forced leave (in accordance to this policy's )
This stage will imply a number of updates across tools utilized by the TIOF Member to ensure continuity in operations. These are to be described in detail in the .
a misconduct from the TIOF Member (in accordance to this policy's )
Due to the critical nature of this stage, the decision to suspend a TIOF Member must be properly articulated and follow the procedures laid out in this policy's .
This stage will imply a number of updates across tools utilized by the TIOF Member to ensure continuity in operations. These are to be described in detail in the .
a misconduct from the TIOF Member (in accordance to this policy's )
Regardless on the nature of the dismissal, the TIOF Member is bound to respect and attend the mandatory .
Due to the potentially critical nature of this stage, the decision to dismiss a TIOF Member must be properly articulated and follow the procedures laid out in this policy's .
Due to the definitive nature of this stage, the decision to ban a TIOF Member must be properly articulated and follow the procedures laid out in this policy's .
For more information on Meetings, please refer to the .
All TIOF Members can choose to use at will up to 5 natural days, or their proportional amount, of their corresponding . Voluntary leave days must be communicated with at least 15 days in advance and requires prior approval from their corresponding Team Manager.
All TIOF Members are entitled to sick leaves in accordance to the provisions laid out in .
📰
Grants
Financial support received from foundations, government entities or other organizations typically designated for specific projects or initiatives.
💶
Donations
Monetary or in-kind contributions provided voluntarily by individuals, corporations or institutions without expectation of direct return.
💷
Crowdfunding
Raising small amounts of money from a large number of people, typically via the Internet.
🎫
Products & Services
Revenue generated from the provision of services and products that align with the organization's mission and expertise.
🌗
Matching
Funds matched by another party, often in response to funds raised through other means.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Children Protection that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
This Policy sets out TIOF's approach to the necessary steps to ensure proper and reliable protection of our most vulnerable citizens: children.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, failure to protect a whistleblower or interfere with any such related ongoing investigation will be treated as misconduct under our Disciplinary Procedures. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to protecting children at all times and by any means necessary in accordance to the United Nation's Convention on the Rights of the Child.
The organization expects all TIOF Members and Contributors to maintain high standards in this regard. Any suspected wrongdoing should be reported as soon as possible and will be investigated with the outmost care towards the potential victims.
Please remember that presumption of innocence applies to everyone.
This applies to both the alleged infractor and the organization alike.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the necessary arrangements to define The IO Foundation's Disciplinary and Capability procedures involving TIOF Members and anyone visiting its premises, or in any way involved with its advocacy and initiatives, that you will need to be aware of while being a Member for TIOF.
You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
(Disciplinary and capability procedure)
About this procedure
This procedure is intended to help maintain standards of conduct and performance and to ensure fairness and consistency when dealing with allegations of misconduct or poor performance.
Minor conduct or performance issues can usually be resolved informally. This procedure sets out formal steps to be taken if the matter is more serious or cannot be resolved informally.
This procedure applies to all employees regardless of length of service. It does not apply to agency workers or self-employed contractors.
This procedure does not form part of any employee's contract of employment and we may amend it at any time.
Investigations
Before any disciplinary hearing is held, the matter will be investigated. Any meetings and discussions as part of an investigation are solely for the purpose of fact-finding and no disciplinary action will be taken without a disciplinary hearing.
In some cases of alleged misconduct, we may need to suspend you from work while we carry out the investigation or disciplinary procedure (or both). While suspended, you should not visit our premises or contact any of our clients, customers, suppliers, contractors or staff, unless authorised to do so. Suspension is not considered to be disciplinary action.
The hearing
We will give you written notice of the hearing, including sufficient information about the alleged misconduct or poor performance and its possible consequences to enable you to prepare. You will normally be given copies of relevant documents and witness statements.
You may be accompanied at the hearing by a trade union representative or a colleague, who will be allowed reasonable paid time off to act as your companion.
You should let us know as early as possible if there are any relevant witnesses you would like to attend the hearing or any documents or other evidence you wish to be considered.
We will inform you in writing of our decision as soon as reasonably practicable after the hearing.
Disciplinary action and dismissal
The usual penalties for misconduct or poor performance are:
Stage 1: First written warning or improvement note. Where there are no other active written warnings or improvement notes on your disciplinary record, you will usually receive a first written warning or improvement note. It will usually remain active for six months.
Stage 2: Final written warning. In case of further misconduct or failure to improve where there is an active first written warning or improvement note on your record, you will usually receive a final written warning. This may also be used without a first written warning or improvement note for serious cases of misconduct or poor performance. The warning will usually remain active for 12 months.
Stage 3: Dismissal or other action. You may be dismissed for further misconduct or failure to improve where there is an active final written warning on your record, or for any act of gross misconduct. Examples of gross misconduct are given below (paragraph 6). You may also be dismissed without a warning for any act of misconduct or unsatisfactory performance during your probationary period.
We may consider other sanctions short of dismissal, including demotion or redeployment to another role (where permitted by your contract), and/or extension of a final written warning with a further review period.
Appeals
You may appeal in writing within one week of being told of the decision.
The appeal hearing will, where possible, be held by someone other than the person who held the original hearing. You may bring a colleague or trade union representative with you to the appeal hearing.
We will inform you in writing of our final decision as soon as possible, usually within one week of the appeal hearing. There is no further right of appeal.
Gross misconduct
Gross misconduct will usually result in dismissal without warning, with no notice or payment in lieu of notice (summary dismissal).
The following are examples of matters that are normally regarded as gross misconduct:
theft or fraud;
physical violence or bullying;
deliberate and serious damage to property;
serious misuse of the organisation's property or name;
deliberately accessing internet sites containing pornographic, offensive or obscene material;
serious insubordination;
unlawful discrimination, victimisation or harassment;
bringing the organisation into serious disrepute;
serious incapability at work brought on by alcohol or illegal drugs;
causing loss, damage or injury through serious negligence;
a serious breach of health and safety rules;
a serious breach of confidence.
This list is intended as a guide and is not exhaustive.
About this procedure
Most grievances can be resolved quickly and informally through discussion. If this does not resolve the problem you should initiate the formal procedure set out below.
This procedure applies to all employees regardless of length of service. It does not apply to agency workers or self-employed contractors.
This procedure does not form part of any employee's contract of employment. It may be amended at any time and we may depart from it depending on the circumstances of any case.
Step 1: written grievance
You should put your grievance in writing and submit it to [insert name].
The written grievance should set out the nature of the complaint, including any relevant facts, dates, and names of individuals involved so that we can investigate it.
Step 2: meeting
We will arrange a grievance meeting, normally within one week of receiving your written grievance. You should make every effort to attend.
You may bring a companion to the grievance meeting if you make a reasonable request in advance and tell us the name of your chosen companion. The companion may be either a trade union representative or a colleague, who will be allowed reasonable paid time off from duties to act as your companion.
If you or your companion cannot attend at the time specified you should let us know as soon as possible and we will try, within reason, to agree an alternative time.
We may adjourn the meeting if we need to carry out further investigations, after which the meeting will usually be reconvened.
We will write to you as soon as reasonably practicable after the last grievance meeting, to confirm our decision and notify you of any further action that we intend to take to resolve the grievance. We will also advise you of your right of appeal.
Step 3: appeals
If the grievance has not been resolved to your satisfaction you may appeal in writing to [insert name], stating your full grounds of appeal, within one week of the date on which the decision was sent or given to you.
We will hold an appeal meeting, normally within two weeks of receiving the appeal. This will be dealt with impartially by someone who has not previously been involved in the case. You will have a right to bring a companion (see paragraph 3.2).
We will confirm our final decision in writing as soon as reasonably practicable after the appeal hearing. There is no further right of appeal.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to conducting its advocacy and all of its initiatives in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, transparently, fairly, with integrity and under the observance of the law in our advocacy, operations, financial management and relationships.
First day of the week: Monday
Time format: HH:MM (Military format)
Time zone: UTC+0
Examples
Calendars (Organization + Team wide)
Deadlines
Data
Working week is from Monday to Friday.
Months follow solar cycle.
Reference days
Winter Time: 1st January
Summer Time: 1st Jul7
In certain cases, the proper Time Zone to be used is different from the Organization's standard.
All deadlines are to be established based on 00:00:00 UTC+0 of the day immediately after the last day.
Format: DD/MM/YYYY or dddd mmmm yyyy
All regular meetings need to be set latest 1 week before the beginning of a new month.
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Any contractual / agreement relationships not involving TIOF Members.
PARTNERSHIPS
Organizations who desire to collaborate with TIOF on specific activities or projects can be considered as partners. When necessary a partnership agreement can be drawn out to formalize such partnerships and to clarify various roles in implementing activities related to such partnership.
Any member from TIOF can be approached for partnership. The person must immediately report such a request or idea to the CEO. The CEO responds to the partnership and assigns the necessary next steps.
It has to be noted that partnerships must be beneficial to TIOF and does not put the organization into a situation that can adversely impact its stature.
##
>> Indicate which ones require MoU, NDAs, etc.
TIOF Member relationships are covered under TIOF's Human Resources Policy.
Probation Period: 3 months
Validity Unless otherwise specified, any Offer will have a validity of 15 natural days.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
For a structure of The IO Foundation, please visit
Back to top
This document sets out the standards established by TIOF in matters of Intellectual Property you will need to be aware of while being a Member for TIOF. It establishes all necessary considerations in the creation of materials of different nature (including but not limited to documents, articles, books, images, videos and datasets) and how the applicable IP will be established and communicated. You should familiarize yourself with them and comply with them at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Comms Coordinator, who is the ultimate responsible for its application.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-Member who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
Back to top
This document directly applies to:
This document indirectly applies to:
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top
The IO Foundation publishes information under the following levels:
Each Organization and Initiative must have
a clear License description for productions (research materials, articles, etc.)
based on an established model and tailored if necessary to provide public access and reuse
easily accessible through the corresponding documentation site
a clear License description for code
based on an established Licensing Model
easily accessible through the corresponding Repository
a shortURL for all the licenses
The Organization will strive to provide
machine-readable formats
user-friendly formats
of all of its productions, in particular:
Policies
Licensing models
Every production will showcase/signal its licensing by
Indicating the Level in its (file)name
Including the TIOF Licensing Signal (?) in the production:
Attributions need be mentioned
In the Attributions section
In the productions themselves
The IO Foundation is committed to its DCDR advocacy and to share all of its generated materials to be available and shareable by all under a licensing model that preserves and encourages their usage and benefit.
Currently, TIOF has adopted the following licenses:
Applicable for: All productions such as documents, books, videos
Applicable for: Software
Applicable for: Datasets
Should there be a type of material that is not listed above, please reach out to your corresponding Team Comms Coordinator for clarification and to update this document.
Back to top
Back to top
Back to top
Back to top
Back to top
When engaging in collaborations of any sort, TIOF is mandated to comply with its IP Policy. While in occasions the engagement document may indicate a conflicting IP approach, TIOF must make all efforts to agree on an open modality akin to its own.
When such option is not possible, TIOF will not engage in said collaboration.
Exceptions Anything that does not generate materials that are related to the DCDR advocacy.
Back to top
Credits are to be always made.
How to participate
Use the Comments tool to share your thoughts.
We will review your inputs and decide which ones make sense in the context of our DCDR Framework and the Malaysian NAP.
Should your inputs be included in the document and your name will be added as collaborator.
Should your inputs not be included we will do our best to articulate the reasons that lead to that decision.
Please consider that in any case The IO Foundation will need to make the final decision as we will have to defend the Policy Brief upon the group working on the NAP.
Timeline Beginning of the comments: 7th October at reception of this email. End of comments: 14th of October @ 18:00 Finalizing of Policy Brief: 16th of October Submission to BEEU, SUHAKAM and UNDP: 17th of October Submission to further relevant parties: 24th of October and onwards
All materials produced by TIOF, that are not under excluding terms as indicated in the @@@Exceptions, are to be published under Creative Commons. The licensing terms must be clearly indicated in the material and links to further information such as this policy and the terms of the licensing are to be made easily available.
Back to top
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements TIOF's
This document does not form part of any and we may amend it at any time.
All
All
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all and will be used as part of the selection criteria when engaging with them.
Public | Internal | Confidential |
---|
Type of production | Category | Signal(?) |
---|
License | Applicable since | Comments |
---|
Code | [P] | [I] | [C] |
Usage |
Document | Text |
Spreadsheet |
Video |
Music |
Creative Commons 4.0 BY NC SA | 1st April 2018 |
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
TIOF does not, in general, sign public petitions or statements.
By local member.
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
Back to top
This document defines all the necessary elements that conform The IO Foundation's Project Identity (Branding Guidelines) and their usage rules on Media Channels, by either TIOF members or external parties. It is a reference document to which all TIOF productions, either for internal or external use, must refer and adhere. You should familiarize yourself with this it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to the corresponding project's Team Comms.
A document summarizing The IO Foundation's Branding Guidelines is also available.
This document does not form part of any Engagement Document and we may amend it at any time.
Back to top
This document directly applies to:
All [TIOF Members] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#member)
This document indirectly applies to:
All [TIOF Contributors] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#contributors) that may produce any type of content related to The IO Foundation.
The policies and procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to anyone involved in the sharing of productions through any official channel, irrespective of their part-time, fixed-term or casual status.
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top
This document describes the Media Policy of The IO Foundation.
This Code of Conduct applies to:
All [TIOF Members] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#member)
This Code of Conduct applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
TIOF employs any outreach channel only to update its beneficiaries, partners and Members about the following:
The progress of its advocacy
Updates on its projects
Announcements (such as events organized by TIOF or in which TIOF participates)
Official statements
Exposing disinformation relative to its advocacy and technology in general
Note on Comments and Reactions: TIOF will not engage in exchanges that users may initiate as a result of its media outreach campaigns and will, to the extend of the settings available per platform, undertake the necessary configuration measures to disable such options.
The IO Foundation categorizes their media Media Channels under several dimensions, one of them being the Update Mode, and accordingly adopts a different strategy in order to maximize the adoption of its advocacy while finding ways to reach out to its beneficiaries. For more details on the Update Mode please refer to each Media Channel definition below.
Update Mode:
Cast::XXX TIOF owns/controls this Media Channel. TIOF will publish content in accordance to its own schedule. Content customization will not be the norm. [WTI]
Targeted::XXX TIOF has some endpoint ID with the beneficiary. TIOF will approach beneficiaries using there endpoint ID and customizing the contents whenever possible. [WTI]
This section provides guidance for media channels in their mention to The IO Foundation, its advocacy and the programs it implements on their channels.
The IO Foundation encourages media organizations to actively participate in the dissemination of knowledge and news about the advocacy of Data-Centric Digital Rights.
For any further clarifications, please send your inquires to Media@TheIOFoundation.org
The following Media Kits are available:
Coming soon.
Where do we stand on Social Media (and equivalent platforms)
In order to enable meaningful impact for its advocacy, The IO Foundation needs to reach out to its beneficiaries and stakeholders. In an eminently connected and ever increasing digital world, it is inevitable to use the platforms in which they interact and from which they obtain their news.
It is clear that most of these platforms do not embrace business models that are conducive to the observance of Human and Digital Rights; they simply are merely following regulations. And reluctantly, at that.
Under the current circumstances, The IO Foundation is compelled to find a that a balance between achieving impact through outreach and minimize its participation in such practices so as to reduce both the extraction of users' data and the generation of metadata that may be used for [harmful outcomes].
We do have profiles there. They are empty and mostly there to protect the organization from identity theft. If you find us, please don’t “Like” us, don’t “Follow us” or anything alike. We don’t support
The IO Foundation is actively researching alternative methods to reach out to its beneficiaries, stakeholders and partners that would be more aligned with the concept of Rights. If you'd like to participate in this research, visit our discussion.
TIOF discourages the use of mainstream social media platform for a number of reasons:
Data extraction from its users This happens at several levels: Direct Data Collection + Inferred Data Collection + Human Sensor Collection
Segmentation of users, fostering the creation of echo chambers
Application of behavior modification algorithms
If you wish to know more about these effects, we encourage you to observe the following information: [WIP]
To the citizen: The IO Foundation has used this platform with the sole purpose of communicating information related to its advocacy and events. We understand that its usage may have become fundamental in your daily activities and needs. It is important to understand, however, that this platform may be collecting more information about you than you expect or wish or even consented to. We encourage you to take a stand on this matter and demand that the platform operates under the principle of Rights by Design. Should the platform not change in the way they operate, we encourage you to stop using it and move towards alternatives that focus on keeping your data secure and away from abuse.
To the channel: The IO Foundation has used your platform with the sole purpose of communicating information related to its advocacy and events. We do not endorse in any way possible malpractices on collecting users' data as a result of their interaction with it and invite you to revisit your business model accordingly. In particular, we invite you to revise your technology stack and pivot towards the observance of the Rights by Design principle.
About general use of channels: The IO Foundation believes that free, open communication is key to face and solve the challenges that digital societies are experiencing and therefore any technological means of communication should enable the discovery of solutions. We deplore "Cancel culture" and invite citizens and platforms to be more open and acceptant of both scientific facts (those that made possible the existence of technology to being with) and opinions that may not conform to mainstream ideologies.
A list of media appearances and references can be found here: @@@
Should you wish to notify The IO Foundation about your reporting, please do so by contacting us at Media@TheIOFoundation.org
TIOF's own channels
Media Channel sharings
This section provides guidance for those Members responsible for sharing content on behalf of The IO Foundation for the purpose of outreach campaigns for its advocacy and projects. For any further clarifications, please contact your Team Comms Coordinator.
@@@Create links to CRM Reports to extra the corresponding lists. @@@Create links to the specific handbooks for each of the Channels
All media sharing, regardless of the channel, will involve the following 3 steps
Creating, approving and planning All activities leading to the generation of the content. Content shall be generated at most one month and not later than a week before its assigned sharing date.
Executing All activities involved in the sharing of the content. Content shall be shared on the scheduled dates, maximizing the use of scheduling tools.
Reporting All activities performed to evaluate the impact of the content. Reports are to be provided at least one week before the established review dates.
Note: Members are to be provided with the necessary tools to perform their tasks. Should they experience any difficulty, they are to notify to their Team Comms Coordinator so that TIOF can find a suitable solution as soon as possible.
Members need to know and adhere to the applicable policies from The IO Foundation.
Members should be aware of the effect their actions may have on their images, as well as TIOF's image and be mindful that information shared through the Channels may be public for a long time.
Social media networks, blogs and other types of online content sometimes generate press and media attention or legal questions. Employees should refer these inquiries to authorized [Company] spokespersons.
Members should get appropriate permission before referring to or sharing contents post images of current or former Members, partners or any other individual and organization.
Members are to be mindful of using third party's copyrights, copyrighted material, trademarks, service marks or other intellectual property and get appropriate permission before creating any content.
The Team Comms Coordinator is responsible to ensure the application of this Media Policy across their team.
The Project Manager has final approval on all content and sharing strategies.
Members will only share content previously approved by their corresponding Team Comms Coordinator.
Members should not, under no circumstance, engage in sharing content that does not correspond to the approved materials.
Members should not, under no circumstance, share any information that is considered confidential or not public. If there are questions about what is considered confidential, Members should check with their corresponding Team Human Resources
Members are encouraged to communicate to their Project Manager any relevant information they see on channels that relates or could affect TIOF or its advocacy.
Members are to report to their Team Comms Coordinator should they be engaged privately for matters concerning TIOF.
Members are to generate the necessary reports in a scheduled manner and make them accessible to their Team Comms Coordinator. Tools are provided
While good judgment is always encouraged, The IO Foundation does not wish to regulate the behavior of its Members in their own interaction with media channels.
Members are to understand, and agree, that their sharing is to be considered solely theirs and do not imply any type of endorsement from The IO Foundation.
TIOF will review carefully the information it shares from 3rd party sources. Only 3rd party content approved by the Team Comms Coordinator may be relayed by TIOF.
In order to repost/forward 3rd party content, the following criteria must all be met:
Does the content relate to the project's objectives or area of advocacy?
Does the content comply with TIOF's CoC?
Should any of these criteria be doubtful, please reach out to your Team Comms Coordinator for final approval.
<Only in the context of correcting errata and other grammatical & syntactical mistakes WITHOUT changing the content or its meaning.>
To add links where appropriate
The following are the list of approved media channels.
📢 Channel: Calendar
TIOF Public Events Calendar
TIOF Project Teams Calendars
📢 Channel: Email
📢 Channel: Eventbrite
TIOF organization profile
📢 Channel: GitHub
TIOF organization profile
📢 Channel: LinkedIn
TIOF organization profile
TIOF projects profile
📢 Channel: Meetup
📢 Channel: RSS
📢 Channel: Slack
TIOF
Selected 3rd party Slack workspaces
📢 Channel: Telegram
📢 Channel: Twitter
TIOF organization profile
TIOF projects profile
TIOF project Teams profile
📢 Channel: Website
Note: Any additionally approved Channel must be trigger the creating of the corresponding #Tag.
Any new channel must
be approved by Team Management
configured with the aid of Team UX/UI and with the help of the Media Kit
notify all TIOF Members
initiate an outreach campaign if necessary
About this policy
This policy is in place to minimise the risks to our business through use of social media.
This policy deals with the use of all forms of social media, including Facebook, LinkedIn, Twitter, Google+, Wikipedia, Whisper, Instagram, Tumblr and all other social networking sites, internet postings and blogs. It applies to use of social media for business purposes as well as personal use that may affect our business in any way.
This policy does not form part of any employee's contract of employment and we may amend it at any time.
Personal use of social media
Occasional personal use of social media during working hours is permitted so long as it does not involve unprofessional or inappropriate content, does not interfere with your employment responsibilities or productivity and complies with this policy.
Prohibited use
You must avoid making any social media communications that could damage our business interests or reputation, even indirectly.
You must not use social media to defame or disparage us, our staff or any third party; to harass, bully or unlawfully discriminate against staff or third parties; to make false or misleading statements; or to impersonate colleagues or third parties.
You must not express opinions on our behalf via social media, unless expressly authorised to do so by your manager. You may be required to undergo training in order to obtain such authorisation.
You must not post comments about sensitive business-related topics, such as our performance, or do anything to jeopardise our trade secrets, confidential information and intellectual property. You must not include our logos or other trademarks in any social media posting or in your profile on any social media.
The contact details of business contacts made during the course of your employment are our confidential information. On termination of employment you must provide us with a copy of all such information, delete all such information from your personal social networking accounts and destroy any further copies of such information that you may have.
Any misuse of social media should be reported to [insert name].
Guidelines for responsible use of social media
You should make it clear in social media postings, or in your personal profile, that you are speaking on your own behalf. Write in the first person and use a personal e-mail address.
Be respectful to others when making any statement on social media and be aware that you are personally responsible for all communications which will be published on the internet for anyone to see.
If you disclose your affiliation with us on your profile or in any social media postings, you must state that your views do not represent those of your employer (unless you have been authorised to speak on our behalf as set out in paragraph 3.3). You should also ensure that your profile and any content you post are consistent with the professional image you present to clients and colleagues.
If you are uncertain or concerned about the appropriateness of any statement or posting, refrain from posting it until you have discussed it with [insert name].
If you see social media content that disparages or reflects poorly on us, you should report it.
Breach of this policy
Breach of this policy may result in disciplinary action up to and including dismissal. Any member of staff suspected of committing a breach of this policy will be required to co-operate with our investigation.
You may be required to remove any social media content that we consider to constitute a breach of this policy. Failure to comply with such a request may in itself result in disciplinary action.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Documentation must be easy to find, navigate and understand.
The Organization will make all efforts to produce documents will be provided in both Human and Machine readable formats.
Documents will be properly Tagged.
File names should be consistent across the organization for ease in storing, searching, and identifying files.
As all information is contextual, in order to understand it we require not only the information itself but also the context under which it has been generated and that it will be applied to.
Files need to be named in a way that allows for clearly understanding their content and this across platforms.
The use of Metadata, while not prohibited, is discouraged as certitude of compliance across platforms can't be enforced.
As a result, the only universal, cross-platform nomenclature system is the file name.
When reading a filename, a user must be able to easily know:
Which organization is the source of the document
Which Initiative (relative to TIOF) it is associated to
Which Team it belongs to
The general idea of the content
The related date (when it is necessary for context or file sorting)
Language the document uses
Its version
Whether it contains signatures
Folders need to fo
Seasons: Every 10x year (2020, 2030, 2040) 10 more Seasons are to be created using the corresponding Season Folder Template.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
ShortURL | Playbook | Assistant
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Taxonomy
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Activities conducted by and participated in by The IO Foundation that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct.
This document does not form part of any Engagement Document and we may amend it at any time following the procedures described in TIOF's Statute.
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
GUIDELINES IN CONDUCTING ACTIVITIES
Note: Internal terminology, Activity refers to those organized by TIOF.
Each activity conducted in the name of TIOF must be proposed in writing addressed to the CEO following the TIOF Activity Design Format. Only after respective deliberation, and when approved, shall the activity be implemented.
TIOF stands for quality. Every activity should reflect this distinguishing characteristic—from planning to implementation, monitoring and evaluation, as well as in liaising with other individuals/groups/institutions;
Every activity should be responding to TIOF’s Operational Framework;
Activities should aim to achieve high impact with the lowest cost possible;
Diligent coordination is highly expected from the organizer or partner;
Activity reports follow every activity implementation which includes evaluation;
Should a TIOF representative be needed in the activity, this shall be represented by its CEO or the respective personnel as delegated.
GUIDELINES IN ATTENDING EVENTS
Note: Internal terminology, Events refers to those organized by 3rd parties.
Types of events
Organized by TIOF
[TIOF] Where TIOF acts as organized and content creator (Type A)
[TIOF] Where TIOF acts as manager for other orgs (Type B)
Organized by 3rd Parties
[3PT] Where TIOF will participate as content creators (Type C)
[3PT] Where TIOF will participate as audience (Type D)
TIOF needs to be able to differentiate these type of events with an easy visual method based on text, colors or icons.
Event Evaluation Form
Requirements for participating in a 3PT event
Requirements for events
Start Location
Activity Location
End Location
Accommodation Location
Transportation Mode
What does this category involve:
Transportation in and out from Start Location to airport, train station or bus station
Transportation in and out from airport, train station or bus station Accommodation
Communications while at Activity Location
Tourist taxes at Activity Location, when applicable
Local transportation at Activity Location
F&B at Activity Location
All flights booked on economy seats unless no seats are available. Airline regulation only applies to the funding partner requirement.
Per person accommodation are to be in not more than 4-star hotels based on the following:
Level 1: Washington DC, London, Geneva
Level 2: Germany, Paris, etc
Level 3: Global South
Level 1: Washington DC, London, Geneva
Level 2: Germany, Paris, etc
Level 3: Global South
OPERATIONAL FRAMEWORK
2019 EDITION
PENDING:
HR
[COVER]
ORGANIZATIONAL INFORMATION
ABOUT THE ORGANIZATION
VISION
MISSION
GOALS
VALUES
ORGANIZATIONAL CHART
APPLICATION COVERAGE STATEMENT
POLICY STATEMENT
RECRUITMENT
EMPLOYMENT STATUS
WORKING HOURS & TIMESHEETS
SALARIES AND WAGES
REST DAYS AND LEAVE BENEFITS
INSURANCES
SOCIAL BENEFITS
PERFORMANCE APPRAISAL
CAREER DESIGN
TURNOVER
GRIEVANCE
END OF CONTRACT
CODE OF CONDUCT
The IO Foundation, also known as TIOF, is a non-stock not-for-profit non-government organization born out of a fundamental concern for the future of digital societies. It is founded at a time whereby emerging technologies blur the divide between the analog and the digital world.
It’s founder and current CEO, Jean François Quéralt, was driven by a strong desire to contribute to the changing landscape of socio-political participation and strongly wishes to create a space that can provide a pathway to ensure the respect of Human Rights in the digital space.
TIOF is legally registered:
in Estonia in March 2018 through its e-Residency program as a non-profit association under registry code 80549272.
in Malaysia in February 2019 as a regular for-profit company, under the name The IO Network MY Sdn. Bhd. with registry code 1315369-A.
As of this writing, TIOF has presence in Malaysia, The Philippines as well as a growing network in Spain, Nigeria, Indonesia and other countries in Asia.
The ensemble of these is henceforth referred to as country network.
A world where Human Rights and Digital Rights are one and the same.
To promote, protect and provide solutions for Digital Rights.
PROGRAM OVERVIEW
The IO Foundation’s work on Digital Rights is designed around three interrelated programs structure:
Awareness
The awareness programs refer to projects that are focused on raising literacy and understanding on the various areas of knowledge within and around Digital Rights. It also mainly aims in raising consciousness and responsiveness to Digital Rights and further aims to increase people's commitment to the respect and protection of human rights in the digital space.
Engagement
The engagement program goes one step further than awareness. The initiatives developed and is developing within this section encompasses technological solutions to certain social issues respective to good governance, humanitarian accountability or sustainable development.
Strategic
Strategic programs are leaning towards long-term protection of Human Rights in the digital space through policies adopted and implemented in the local, national, regional or international level. Strategic projects is an integration of both Awareness and Engagement programs. The ultimate strategic document for TIOF is the Universal Declaration of Digital Rights.
OPERATIONAL FRAMEWORK
To fully grasp the approach TIOF applies into achieving its vision, please refer to the Operational Framework document annexed here.
As a brief, TIOF considers society and people to exist both in the digital and analog world. The digital world being the space where people in the analog world exist with digital identities and digital societies. There are solutions to Human Rights violations in the analog world and there are solutions to Human Rights violations in the digital world. However, TIOF believes that since the digital space and the various development growth within that sphere are created through code, respect and protection to Digital Rights can be proactive.
TIOF also considers programmers – digital architects, engineers and technologists – as the new generation of Human Rights Defenders.
ORGANIZATIONAL STRUCTURE
Please refer to the Organizational Chart for a global overview of the organization’s internal structure.
BOARD OF DIRECTORS
As of this writing, TIOF is currently looking into forming its Board of Directors that will contribute mainly in organizational governance specifically in looking into whether the programs of TIOF are within the scope of its mission and vision.
TIOF hopes to gather a Board of Directors who are present in the various sections of its work such as Human Rights and Digital Spaces as well as in crucial components of organizational management such administrative, fiscal and legal aspects.
The ideal composition would be one Director per country where TIOF has presence so that each has its own voice in the Board. These Directors shall also represent TIOF in events and actively seek for support from local stakeholders.
BOARD OF ADVISERS
As of this writing, there are three members of the Board of Advisers providing inputs and guidance to the Executive Secretariat on program direction, linkages and initial organizational management.
THE EXECUTIVE SECRETARIAT
The current executive team is lean in nature. It is headed by its founder, Jean F. Queralt, who acts as TIOF’s Chief Executive Officer. The Executive Secretariat ensures implementation of the annual program plan and complies with all legal requirements to any legal entity TIOF is registered into.
CEO / COO / ED / Head
The CEO is responsible for the overall management of the Foundation, represents the Foundation in various engagements and provides managerial leadership to the rest of the team members.
Program Manager
The Program Manager is responsible for ensuring implementation of projects within each of the program areas as planned. The PM works closely with the Finance Manager and the Project Manager in planning, monitoring and evaluating initiatives that aim to achieve organizational mission and vision.
Finance Manager
The Finance Manager is mainly responsible for fiscal management reflecting cohesiveness between program design and cost-effectiveness. The FM works closely with the PM and the Project Manager.
Finance and Administrative Staff
The F/A Staff or Assistant provides clerical support to the rest of the secretariat.
Project Manager / Project Officer / Project Staff
When necessary and when funds are available, the Foundation hires respective project personnel.
NETWORK BUILDING
TIOF sees the value of building a network of programmers under its roof as a community of people working together for the respect, and protection of, as well as in providing solutions, for Digital Rights. The structure of which is still being looked into closely by the Executive Secretariat.
PARTNERSHIPS
Organizations who desire to collaborate with TIOF on specific activities or projects can be considered as partners. When necessary a partnership agreement can be drawn out to formalize such partnerships and to clarify various roles in implementing activities related to such partnership.
Any member from TIOF can be approached for partnership. The person must immediately report such a request or idea to the CEO. The CEO responds to the partnership and assigns the necessary next steps.
It has to be noted that partnerships must be beneficial to TIOF and does not put the organization into a situation that can adversely impact its stature.
GUIDELINES IN CONDUCTING ACTIVITIES
Note: Internal terminology, Activity refers to those organized by TIOF.
Each activity conducted in the name of TIOF must be proposed in writing addressed to the CEO following the TIOF Activity Design Format. Only after respective deliberation, and when approved, shall the activity be implemented.
TIOF stands for quality. Every activity should reflect this distinguishing characteristic—from planning to implementation, monitoring and evaluation, as well as in liaising with other individuals/groups/institutions;
Every activity should be responding to TIOF’s Operational Framework;
Activities should aim to achieve high impact with the lowest cost possible;
Diligent coordination is highly expected from the organizer or partner;
Activity reports follow every activity implementation which includes evaluation;
Should a TIOF representative be needed in the activity, this shall be represented by its CEO or the respective personnel as delegated.
GUIDELINES IN ATTENDING EVENTS
Note: Internal terminology, Events refers to those organized by 3rd parties.
TO BE FILLED
FINANCIAL GUIDELINES
TIOF receives funds through grants, donations, registration fees during activities and income from services.
Grant Application
All grant applications must be entered into only by the Chief Executive Officer deliberated in the Executive Secretariat and in the Board of Directors.
Projects must be responsive to TIOF’s key focus which is Digital Rights and leads to the Foundation’s vision.
Funding Source
TIOF refuses to receive grants from organizations, companies or individuals who are directly linked to businesses involving alcohol, illegal drugs, tobacco and extractive industries that are harmful to the environment. As well as any other activities declared as illegal in each of the country networks.
Funds Management
Projects must be adequately funded to ensure effective implementation.
To ensure efficient funds management, refer to TIOF Financial Control Guidelines.
FINANCIAL CONTROL GUIDELINES
Organization Bank Account
TIOF shall maintain an organization bank account for the safekeeping of TIOF funds.
The signatory for this bank account shall be any two of the following:
Chairman of the Board + BoD Treasurer; President + Chairman of the Board; or BoD + President
All fund disbursement must be validated by the Finance Manager based on the project plan prepared by the Project Manager / Officer as approved by the Program Manager and further signed off by the Chief Executive Officer.
In the absence of a Board of Directors, as it is now for TIOF, a newly founded organization by a single visionary, the current CEO and founder, Jean F. Queralt shall be the single signatory of the bank account. The respective accounting procedure based on project management shall still apply.
TIOF shall maintain a revolving fund of not less than 1000 USD equivalent in local currency which shall be under the responsibility of the CEO and shall be reviewed quarterly by the Finance Manager.
Project Bank Account
A separate bank account shall be opened for specific projects if required by the donor.
Each project will have a corresponding petty cash allocation of not greater than 250 USD equivalent in local currency or unless otherwise approved by the CEO. Petty Cash will be under the accountability of the Project Officer or the Project Assistant.
Staff payment
Organizational staff are paid in full or partial from project funds. The percentage breakdown can be monitored via TIOF’s Labour Distribution Matrix.
TIOF staff is free to donate part of their salary back to the organization, at their sole discretion.
Internal Control
To ensure internal control in finances, each project must have:
a project concept and corresponding project budget following TIOF Fiscal Calendar (31 December)
the project budget must have been approved by the CEO and the funding partner before implementation
the Finance Manager verifies expenses based on the approved project budget and monitor burn rate using the Fund Monitoring System
Accounting workflow is as follows:
Cash Advances for Activities and Payments
(This can be processed by any of the staff)
Using the Cash Advance Request Form, the requesting person inputs the project name or number, the funding partner and lists the specific items and corresponding amount requested with its respective budget line item reference. The form shall be signed by the requesting party and the project officer / manager.
The C/A form then goes to the online portal. All required items shall be inputted.
Once submitted, it will be referenced based on the row within which it was submitted. It shall then be numbered based on the current year, following the last two digits of the bank account from which it was requested and the corresponding row. The numbering shall be implemented by the Finance and Admin team in the online sheet and in the actual form should it be printed. The number will be this format: 19-38-01 YY-BB-RR
The Finance Manager shall verify the amounts requested and sign off validation.
The CEO approves and signs off checks for the release of the funds online.
Required Documentation for this process: Cash Advance Form, Cash Advance Form submitted online, Check/Bank Transfer Documentation
Note: if the cash advance request is a payment for reimbursement, the same process follows however the corresponding documentation of the items for reimbursement must be approved from the filing level
Liquidation of Cash Advances
(Must be completed by the requesting party not later than two weeks after the activity was completed)
All cash advances will be liquidated using the TIOF Liquidation form
All expenses must have a corresponding documentation or a corresponding explanatory note why documentation is not available
All expenses that do not have official receipt or official documentation must have a form of documentation i.e. TIOF Acknowledgement Receipt form signed by the external party receiving payment from TIOF
Liquidation Form must be signed by the requesting party of the cash advance and reviewed by the Finance Officer / Manager
It shall be submitted to the CEO or respective immediate head for final approval
All remaining cash shall be re-deposited to the TIOF bank account.
All reimbursements shall be processed following requisition of cash advance. Revolving Fund cannot be used to pay for cash advance reimbursements
Documentation Needed: Liquidation Form and corresponding official documentation, proof of return (deposit slip) of positive balance
Honoraria
All honoraria shall be paid once a month only and every 20th of the month. All payments shall be in US Dollars.
Per Diem Regulations; Maximum Amount
Level 1: Washington DC, London, Geneva
Level 2: Germany, Paris, etc
Level 3: Global South
Hotel Accommodation
Per person accommodation are to be in not more than 4-star hotels based on the following:
Level 1: Washington DC, London, Geneva
Level 2: Germany, Paris, etc
Level 3: Global South
Travel Regulation
All flights booked on economy seats unless no seats are available. Airline regulation only applies to the funding partner requirement.
Procurement
All purchases – goods or services – must undergo a respective procurement process using the TIOF procurement form.
Minimum of 3 quotations must be presented in procuring goods and services greater than $5000.
Provision
Guidelines to per diem and hotel accommodation may change when the project partner requires otherwise. Subsequent consultation and agreement shall be made with the Executive Secretariat. Additionally, in the period of its initial years, expenses for logistics i.e. accommodation, travel and board, shall be negotiated with the staff as needed.
Budget
Expenses shall be implemented based on the approved project budget.
ADMINISTRATIVE GUIDELINES
Hiring
Interested applicants to a project shall address his/her application letter to the CEO.
Human Resource Manager shall conduct the respective interviews.
A recommendation letter shall be submitted to the Board for all qualified applicants to the position.
Acceptance of new applicants shall be by virtue of a Letter of Acceptance from the CEO.
Labour Requirement
Staff shall be paid for through project grants and may be distributed to the respective projects.
Full time staff are required to render 40 work hours per week and shall be paid on a monthly basis based on the honoraria scale.
If paid on part-time, the percentage shall be calculated against the weekly work hours.
Staff may report on flexible time.
The latest time-in for a regular 8-hour operation is at 10.00AM.
There will be two days off per week.
There will be 15 days paid vacation leave, non-convertible to cash for staff engaged on a three-year project.
Sick leave allowed at all times provided there are supporting documentations/testimonies of medical condition.
Staff may apply for regular leaves and can off-set leave through day offs.
When overtime is needed, overtime will be off-set to day offs.
Every Staff of TIOF is entitled with slots of DnD (Do not Disturb) mode every day, which can last up to 3 hours. It is at their discretion to decide when to apply this, which must be indicated in the [TIOF] DnD calendar. While not mandatory, TIOF encourages every Staff to implement at least 3 of such DnD slots once a week. Every Staff is expected to respect such times and apply proper judgment when insisting in reaching out to those in DnD mode.
Processes
Leave Application – whether sick leave, regular leave or vacation leave, a staff shall file an Application for Leave to the Administrative Staff for Approval of the immediate head. Information shall be channeled through respectively.
Resignation – resigning party shall provide a one-month period for hiring of replacement.
Loan – TIOF allows borrowing of up to 3 months honorarium provided there is enough project time for the said amount to be advanced and paid. Payments are paid on staggered basis to the remaining project duration
.
Benefits
TIOF commits to provide staff development program to each regular and project staff such as trainings, workshops and other activities that can contribute to professional growth and development;
TIOF sees families as an integral part of a person’s life and therefore commits to provide activities and resources that strengthen family bonds. These activities expands from family day outings, insurance coverage, scholarships and other possible opportunities;
TIOF recognizes the need to provide consistent mental and physical support to staff and therefore strives to provide programs that can ensure happiness while working in TIOF.
THE TIOF LOGO
The logo appearing below represents The IO Foundation. Please refer to Branding and Marking Policy for further information on the use of the logo and other corresponding regulations.
APPROVING DATE
This Operating Manual is prepared by the Program Manager acting as current Finance / Admin Manager and Human Resource Manager.
This document was reviewed and approved by TIOF CEO and Founder, Jean F Queralt, on 01 March 2019.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
C: Confidential
MUST remain inside the TIOF Network
I: Internal
Designed to be used among the involved parties of the document. Can be authorized to be made public.
P: Public
No restrictions
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The organization will register domain names to protect its image and reputation.
This includes:
The organization's main domain name
Domain names that may be similar in writing and/or sounding
Social Media platforms
Other relevant platforms
Each
Organization in the TIOF Network
Initiative
must have
Introduction to audiences
Presentations [Slides]
A repository of slides + ShortURL
A general introductory presentation + ShortURL
Presentations [Video]
Version 1.0 | This Policy was approved on DD MMMM YYYY.
Complexity levels
MFA
Always enabled when possible.
Post-quantum considerations
The organization will provide with a password vault that all members will have to use.
The organization will allow members to use the Vault for personal use as a perk.
1. [Introduction](#introduction) - [Definitions](#definitions) - [About this document](#about-this-document) - [Scope](#scope) 2. [Policy details](#policy-details) - [Organization Taxonomy] (#organization-taxonomy) - [Organization Chart] (#organization-chart) - [Salary Matrix](#salary-matrix) - [Global calculations] (#global-calculations) - [Other considerations] (#other-considerations) - [Taxes] (#taxes)
1. [Introduction](#introduction) - [Definitions](#definitions) - [About this document](#about-this-document) - [Scope](#scope) 2. [Policy details](#policy-details) - [Organization Taxonomy] (#organization-taxonomy) - [Organization Chart] (#organization-chart) - [Salary Matrix](#salary-matrix) - [Global calculations] (#global-calculations) - [Other considerations] (#other-considerations) - [Taxes] (#taxes)
NOTICE
NOTICE
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Complexity levels
MFA
Always enabled when possible.
Post-quantum considerations
The organization will provide with a password vault that all members will have to use.
The organization will allow members to use the Vault for personal use as a perk.
1. [Introduction](#introduction) - [Definitions](#definitions) - [About this document](#about-this-document) - [Scope](#scope) 2. [Policy details](#policy-details) - [Organization Taxonomy] (#organization-taxonomy) - [Organization Chart] (#organization-chart) - [Salary Matrix](#salary-matrix) - [Global calculations] (#global-calculations) - [Other considerations] (#other-considerations) - [Taxes] (#taxes)
**Notes: Missing Career Plans?**
</details>
# Introduction
## Definitions This document employs terms related to the [DCDR Advocacy](http://tiof.click/Advocacy) that can be found in the [TIOF terminology](http://tiof.click/Terminology).
For a structure of The IO Foundation, please visit * The IO Foundation's [Organizational Chart](http://TIOF.Click/TIOFOrgChart) * The IO Foundation's [Organizational Nomenclature](http://TIOF.Click/OrgNomenclature)
<a href="#top">Back to top</a>
## About this document This document sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a Member for TIOF. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Coordinator.
The IO Foundation is committed to conducting its advocacy and all of its business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly, with integrity and under the observance of the law in all our operations, business dealings and relationships.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's [Code of Conduct](http://TIOF.Click/TIOFPolicyCoC)
This document does not form part of any [Engagement Document](https://github.com/TheIOFoundation/TIOF/wiki/Terminology#engagement-document) and we may amend it at any time.
<a href="#top">Back to top</a>
## Scope This document directly applies to: * All [TIOF Members](https://github.com/TheIOFoundation/TIOF/wiki/Terminology#member)
This document indirectly applies to: * All [TIOF Contributors](https://github.com/TheIOFoundation/TIOF/wiki/Terminology#contributors)
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all [Contributors](https://github.com/TheIOFoundation/TIOF/wiki/Terminology#contributors) and will be used as part of the selection criteria when engaging with them.
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
<a href="#top">Back to top</a>
# Policy details
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
Country
Maximum Amount
Level 1
250
Level 2
150
Level 3
80
Country
Breakfast
Lunch
Dinner
Coffee
Full Board
Level 1
30
50
50
20
150
Level 2
10
25
25
10
60
Level 3
5
10
10
10
35
Country
Maximum Amount
Level 1
250
Level 2
150
Level 3
80
Version 1.0 | This Policy was approved on DD MMMM YYYY.
ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
The IO Foundation's Organizational Chart
The IO Foundation's Organizational Nomenclature
Back to top
This document sets out the standards established by TIOF in matters of Information Technologies and Communication Systems you will need to be aware of while being a Member for TIOF. It establishes the facilities that you are provided of, when we will monitor their use and the actions the organization will take if you breach these standards. You should familiarize yourself with them and comply with them at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team HR Coordinator.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-Member who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct
This document does not form part of any Engagement Document and we may amend it at any time.
Back to top
This document directly applies to:
All TIOF Members
This document indirectly applies to:
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top
The IO Foundation's IT and communications systems are intended to promote effective communication, working practices and an effective way to advance its advocacy. The organization is committed to provide with all necessary tools for Members to perform their tasks and to work jointly to ensure their responsible and safe use.
Back to top
The IO Foundation has designed and implemented an infrastructure that enables the organization, its Members and Contributors, to perform their assigned responsibilities and move forward TIOF's advocacy.
To facilitate remote collaboration, most of this infrastructure is built around online platforms that are made available through a single working interface.
Back to top
This is the current list of requirements for any service or platform adopted by The IO Foundation:
Mandatory
Desirable
Back to top
Because of it's global orientation, The IO Foundation heavily relies on a strong base of Members that are distributed across the globe. In order to facilitate this distributed and remote structure, we encourage Members to use their own devices to perform their tasks. The organization will do all possible efforts to provide with the online tools necessary to implement those tasks and will assist Members in configuring and securing their devices ot the extend of its possibilities.
Back to top
Members will be provided with a number of Digital Credentials to access the different online platforms and services. While the organization will make all efforts to assist Members, including training, to secure their Digital Credentials, the responsibility to protect them ultimately lies in them.
You are responsible for the security of the equipment allocated to or used by you (BYOD) and you must not allow it to be used by anyone other than in accordance with this Policy. You should use your Digital Credentials on all IT equipment, particularly items that you take out of the office, keep them confidential and update them regularly.
You must only log on to our systems using your own Digital Credentials. Under no circumstance you should use another Member's or allow anyone else to log on using yours.
If you are away from your desk you should log out or lock your computer. You must log out and shut down your computer, or alternatively send it to hibernation, at the end of each working day.
Back to top
Back to top
As an additional layer of security, the organization encourages, and sometimes mandates, the use of MFA/2FA techniques to further secure the Members' Digital Credentials. Suitable training is provided to understand how to configure and use these techniques.
Back to top
You should not delete, destroy or modify existing systems, programs, information or data (except as authorized in the proper performance of your duties).
You must not download or install software from external sources without authorization. Downloading unauthorized software may interfere with our systems and may introduce viruses or other malware. Failure to comply may result in facing compensation charges.
You must not attach any device or equipment including mobile phones, tablet computers or USB storage devices to our systems without authorization. We monitor all e-mails passing through our system for viruses. You should exercise particular caution when opening unsolicited e-mails from unknown sources. If an e-mail looks suspicious do not reply to it, open any attachments or click any links in it. Inform someone immediately if you suspect your computer may have a virus.
Back to top
Members are provided with a number of Official Channels to communicate among themselves and with third parties. Any sharing of information using any of these is considered a communication.
When communicating with third parties by means on any of the available Channels, you must at all times adopt a professional tone and observe appropriate etiquette under the guidance of the Media Policy.
Remember that such communications can be used in legal proceedings and that even when deleted these may remain on the system and be capable of being retrieved.
You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate communications. All such behaviors will be treated according to our Anti harassment and Anti bullying Policy.
You should not:
send or forward private communications at work which you would not want a third party to read;
send or forward chain communications, junk communications, cartoons, jokes or gossip;
contribute to system congestion by sending trivial communications or unnecessarily copying or forwarding communications to others who do not have a real need to receive them; or
send communications from on behalf of another Member (unless authorized) or under an assumed name/identity.
Do not use your own personal channels (such as e-mail, instant messaging applications, etc.) to send or receive communications for the purposes of your responsibilities with TIOF. Only use the accounts we have provided for you.
We do not permit access to web-based personal e-mail such as Gmail or Hotmail on our computer systems at any time due to additional security risks.
Back to top
Adopt a professional tone and observe appropriate etiquette when communicating with third parties by e-mail.
Remember that e-mails can be used in legal proceedings and that even deleted e-mails may remain on the system and be capable of being retrieved.
You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate e-mails.
You should not:
send or forward private e-mails at work which you would not want a third party to read;
send or forward chain mail, junk mail, cartoons, jokes or gossip;
contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to others who do not have a real need to receive them; or
send messages from another person's e-mail address (unless authorised) or under an assumed name.
Do not use your own personal e-mail account to send or receive e-mail for the purposes of our business. Only use the e-mail account we have provided for you.
[We do not permit access to web-based personal e-mail such as Gmail or Hotmail on our computer systems at any time due to additional security risks.]
When specifically provided, Internet access is provided primarily to perform your responsibilities in TIOF. Occasional personal use may be permitted as set out in below.
You should not access any web page or download any image or other file from the Internet which could be regarded as illegal, offensive, in bad taste or immoral. Be always mindful of possible extra limitations set forward by your local jurisdiction. As a general rule, actions (or lack of thereof) that result in accessing information or files that might be a source of embarrassment if made public will be a breach of this Policy.
Back to top
We may block or restrict access to some websites at our discretion. These will always be reasoned as a security measure and never as an attempt to curtail freedom of information or expression.
Back to top
We permit the incidental use of our systems to send personal communications, browse the Internet and make personal phone calls subject to certain conditions. Personal use is a consideration and not a right. It must not be overused or abused. We may withdraw permission for it at any time or restrict access at our discretion.
Personal use must meet the following conditions:
it must be minimal and take place substantially outside of normal working hours (that is, during your lunch break and before or after work);
it must never make use of official TIOF channels;
should the above not be possible, and in matters of extreme urgency, personal communications should prefix the term "Personal - " in the subject header;
it must not affect your work or interfere with the TIOF's advocacy;
it must not commit TIOF to any marginal costs and
it must comply with our all of our Policies and Procedures, including but not limited to the Equal Opportunities Policy, Anti-harassment and Anti-Bullying Policy, Anti-corruption and Anti-bribery Policy, Data Protection Policy and Disciplinary Procedures.
Back to top
Misuse or excessive personal use of our Channels or inappropriate Internet use will be dealt with under our Disciplinary Procedure. Bear in mind that misuse of the Internet can in some cases be a criminal offense.
Creating, viewing, accessing, transmitting or downloading any of the following material will usually amount to gross misconduct (this list is not exhaustive):
pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature);
offensive, obscene or criminal material or material which is liable to cause embarrassment to us or to any of Members or Contributors;
a false and defamatory statement about any person or organization;
material which is discriminatory, offensive, derogatory or may cause embarrassment to others (including material which breaches our Equal Opportunities Policy, Anti-harassment and Anti-Bullying Policy);
confidential information about TIOF or any of our Members or Contributors (except as authorized in the proper performance of your responsibilities);
unauthorized software;
any other statement which is likely to create any criminal or civil liability (for you or TIOF); or
music or video files or other material in breach of copyright.
Back to top
Our systems enable us to monitor telephone, e-mail, Internet and other communications methods. In order to carry out legal obligations in our role as an employer (when applicable), your use of our systems including (but not limited to) the telephone and computer systems (including any personal use) may be continually monitored by automated software or otherwise.
We reserve the right to retrieve the contents of communications or check Internet usage (including pages visited and searches made) as reasonably as necessary in the interests of the organization, including for the following purposes (this list is not exhaustive):
to monitor whether the use of the communication channels or the Internet is legitimate and in accordance with this Policy;
to find lost communications or to retrieve communications lost due to computer failure;
to assist in the investigation of alleged wrongdoing; or
to comply with any legal obligation.
Back to top
Version 1.0 | This Policy was approved on DD MMMM YYYY.
NOTICE
For a structure of The IO Foundation, please visit
This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document directly applies to:
This document indirectly applies to:
Review and Amendments This policy shall be reviewed regularly to ensure its continued relevance and effectiveness. Amendments may be made to adapt to new legal requirements, changing circumstances or to better serve the organization's Mission.
The IO Foundation is committed to conducting its advocacy and all of its initiatives in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, transparently, fairly, with integrity and under the observance of the law in our advocacy, operations, financial management and relationships.
For a structure of The IO Foundation, please visit
Back to top
This document sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a Member for TIOF. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Coordinator.
The IO Foundation is committed to conducting its advocacy and all of its business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly, with integrity and under the observance of the law in all our operations, business dealings and relationships.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
Back to top
This document directly applies to:
This document indirectly applies to:
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top
For a structure of The IO Foundation, please visit
The IO Foundation's IT and communications systems are intended to promote effective communication, working practices and an effective way to advance its advocacy.
This Policy does not form part of any Engagement Document and we may amend it at any time.
This document directly applies to:
All [TIOF Members] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#member)
This document does not apply to:
All [TIOF Contributors] (https://github.com/TheIOFoundation/TIOF/wiki/Terminology#contributors)
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
\
Interpretation
Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The UK GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.
Automated Processing: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing.
Company name: The IO Foundation MTU.
Company Personnel: all employees, workers contractors, agency workers, consultants, directors, volunteers and others.
Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them.
Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the UK GDPR. We are the Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.
Criminal Convictions Data: means personal data relating to criminal convictions and offences and includes personal data relating to criminal allegations and proceedings.
Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programmes involving the Processing of Personal Data.
Data Protection Officer (DPO): the person required to be appointed in specific circumstances under the UK GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance.
EEA: the 28 countries in the EU, and Iceland, Liechtenstein and Norway.
Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).
UK General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679) as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018. Personal Data is subject to the legal safeguards specified in the UK GDPR.
Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of Personal Data is a Personal Data Breach.
Privacy by Design: implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the UK GDPR.
Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.
Special Categories of Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data.
INTRODUCTION
The Data Protection Policy sets out how The IO Foundation MTU ("we", "our", "us", "the Company") handle the Personal Data of our customers, suppliers, employees, workers and other third parties.
This Data Protection Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, website users or any other Data Subject.
This Data Protection Policy applies to all Company Personnel ("you", "your"). You must read, understand and comply with this Data Protection Policy when Processing Personal Data on our behalf and attend training on its requirements. This Data Protection Policy sets out what we expect from you for the Company to comply with applicable law. Your compliance with this Data Protection Policy is mandatory. Any breach of this Data Protection Policy may result in disciplinary action.
This Data Protection Policy is an internal document and cannot be shared with third parties, clients or regulators without prior authorisation from the DPO.
Scope
We recognise that the correct and lawful treatment of Personal Data will maintain confidence in the organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Company is exposed to potential fines of up to EUR20 million or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the provisions of the UK GDPR.
All departments are responsible for ensuring all Company Personnel comply with this Data Protection Policy and need to implement appropriate practices, processes, controls and training to ensure that compliance.
The DPO is responsible for overseeing this Data Protection Policy. That post is held by [insert name].
Please contact the DPO with any questions about the operation of this Data Protection Policy or the UK GDPR or if you have any concerns that this Data Protection Policy is not being or has not been followed. In particular, you must always contact the DPO in the following circumstances:
if you are unsure of the lawful basis which you are relying on to process Personal Data (including the legitimate interests used by the Company) (see paragraph 5.1);
if you need to rely on Consent and/or need to capture Explicit Consent (see paragraph6);
if you need to draft Privacy Notices (see paragraph7);
if you are unsure about the retention period for the Personal Data being Processed (see paragraph 11);
if you are unsure about what security or other measures you need to implement to protect Personal Data (see paragraph 12.1);
if there has been a Personal Data Breach (see paragraph 13);
if you are unsure on what basis to transfer Personal Data outside the EEA (see paragraph 14);
if you need any assistance dealing with any rights invoked by a Data Subject (see paragraph 15);
whenever you are engaging in a significant new, or change in, Processing activity which is likely to require a DPIA (see paragraph 19) or plan to use Personal Data for purposes other than what it was collected for;
if you plan to undertake any activities involving Automated Processing including profiling or Automated Decision-Making (see paragraph 20);
if you need help complying with applicable law when carrying out direct marketing activities (see paragraph 21); or
if you need help with any contracts or other areas in relation to sharing Personal Data with third parties (including our vendors) (see paragraph 22).
Personal data protection principles
We adhere to the principles relating to Processing of Personal Data set out in the UK GDPR which require Personal Data to be:
processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency);
collected only for specified, explicit and legitimate purposes (Purpose Limitation);
adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation);
accurate and where necessary kept up to date (Accuracy);
not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation);
processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality);
not transferred to another country without appropriate safeguards being in place (Transfer Limitation); and
made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests).
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).
Lawfulness, fairness, transparency
Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
You may only collect, Process and share Personal Data fairly and lawfully and for specified purposes. The UK GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing, but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject.
The UK GDPR allows Processing for specific purposes, some of which are set out below:
the Data Subject has given his or her Consent;
the Processing is necessary for the performance of a contract with the Data Subject;
to meet our legal compliance obligations;
to protect the Data Subject's vital interests;
to pursue our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which we process Personal Data for legitimate interests need to be set out in applicable Privacy Notices; or
[insert other UK GDPR processing grounds].
You must identify and document the legal ground being relied on for each Processing activity in accordance with any Company guidelines on Lawful Basis for Processing Personal Data, in force from time to time.
Consent
A Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the UK GDPR, which include Consent.
A Data Subject consents to Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters.
Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented.
When processing Special Category Data or Criminal Convictions Data, we will usually rely on a legal basis for processing other than Explicit Consent or Consent if possible. Where Explicit Consent is relied on, you must issue a Privacy Notice to the Data Subject to capture Explicit Consent.
You will need to evidence Consent captured and keep records of all Consents so that the Company can demonstrate compliance with Consent requirements.
Transparency (notifying Data Subjects)
The UK GDPR requires Data Controllers to provide detailed, specific information to Data Subjects depending on whether the information was collected directly from Data Subjects or from elsewhere. The information must be provided through appropriate Privacy Notices which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them.
Whenever we collect Personal Data directly from Data Subjects, including for human resources or employment purposes, we must provide the Data Subject with all the information required by the UK GDPR including the identity of the Controller and DPO, how and why we will use, Process, disclose, protect and retain that Personal Data through a Privacy Notice which must be presented when the Data Subject first provides the Personal Data.
When Personal Data is collected indirectly (for example, from a third party or publicly available source), we must provide the Data Subject with all the information required by the UK GDPR as soon as possible after collecting or receiving the data. We must also check that the Personal Data was collected by the third party in accordance with the UK GDPR and on a basis which contemplates our proposed Processing of that Personal Data.
If you are collecting Personal Data from Data Subjects, directly or indirectly, then you must provide Data Subjects with a Privacy Notice.
You must comply with any Company guidelines on drafting Privacy Notices, in force from time to time.
Purpose limitation
Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes.
You cannot use Personal Data for new, different or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have provided Consent where necessary.
Data minimisation
Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties.
You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes.
You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the Company's data retention guidelines.
Accuracy
Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate.
You will ensure that the Personal Data we use and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. You must take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data.
Storage limitation
Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed.
The Company will maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires that data to be kept for a minimum time. You must comply with any Company guidelines on data retention in force from time to time.
You must not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements.
You will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require in accordance with all the Company's applicable records retention schedules and policies. This includes requiring third parties to delete that data where applicable.
You will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable Privacy Notice.
Security integrity and confidentiality
Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Special Categories of Personal Data and Criminal Convictions Data from loss and unauthorised access, use or disclosure.
You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested.
You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:
Confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it;
Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed; and
Availability means that authorised users are able to access the Personal Data when they need it for authorised purposes.
You must comply with and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the UK GDPR and relevant standards to protect Personal Data.
Reporting a Personal Data Breach
The UK GDPR requires Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the DPO. You should preserve all evidence relating to the potential Personal Data Breach.
Transfer limitation
The UK GDPR restricts data transfers to countries outside the EEA to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined. You transfer Personal Data originating in one country across borders when you transmit, send, view or access that data in or to a different country.
You may only transfer Personal Data outside the EEA if one of the following conditions applies:
the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subject's rights and freedoms;
appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;
the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or
the transfer is necessary for one of the other reasons set out in the UK GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.
You must comply with any Company guidelines on cross-border data transfers in force from time to time.
Data Subject's rights and requests
Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to:
withdraw Consent to Processing at any time;
receive certain information about the Data Controller's Processing activities;
request access to their Personal Data that we hold;
prevent our use of their Personal Data for direct marketing purposes;
ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;
restrict Processing in specific circumstances;
challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
request a copy of an agreement under which Personal Data is transferred outside of the EEA;
object to decisions based solely on Automated Processing, including profiling (ADM);
prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
make a complaint to the supervisory authority; and
in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.
You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation).
You must immediately forward any Data Subject request you receive to DPO and comply with any Company Data Subject response process in force from time to time.
Accountability
The Controller must implement appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles. The Controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
The Company must have adequate resources and controls in place to ensure and to document UK GDPR compliance including:
appointing a suitably qualified DPO (where necessary) and an executive accountable for data privacy;
implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects;
integrating data protection into internal documents including this Data Protection Policy or Privacy Notices;
regularly training Company Personnel on the UK GDPR, this Data Protection Policy and data protection matters including, for example, Data Subject's rights, Consent, legal bases, DPIA and Personal Data Breaches. The Company must maintain a record of training attendance by Company Personnel; and
regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort.
Record-keeping
The UK GDPR requires us to keep full and accurate records of all our data Processing activities.
You must keep and maintain accurate corporate records reflecting our Processing including records of Data Subjects' Consents and procedures for obtaining Consents in accordance with any Company record-keeping guidelines in force from time to time.
These records should include, at a minimum, the name and contact details of the Controller and the DPO, clear descriptions of the Personal Data types, Data Subject types, Processing activities, Processing purposes, third-party recipients of the Personal Data, Personal Data storage locations, Personal Data transfers, the Personal Data's retention period and a description of the security measures in place. To create the records, data maps should be created which should include the detail set out above together with appropriate data flows.
Training and audit
We are required to ensure all Company Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance.
You must undergo all mandatory data privacy related training and ensure your team undergo similar mandatory training [in accordance with any Company mandatory training guidelines in force from time to time.
You must regularly review all the systems and processes under your control to ensure they comply with this Data Protection Policy and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data.
Privacy By Design and Data Protection Impact Assessment (DPIA)
We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles.
You must assess what Privacy by Design measures can be implemented on all programmes, systems or processes that Process Personal Data by taking into account the following:
the state of the art;
the cost of implementation;
the nature, scope, context and purposes of Processing; and
the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.
Data controllers must also conduct DPIAs in respect to high-risk Processing.
You should conduct a DPIA (and discuss your findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including:
use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes);
automated Processing including profiling and ADM;
large-scale Processing of Special Categories of Personal Data or Criminal Convictions Data; and
large scale, systematic monitoring of a publicly accessible area.
A DPIA must include:
a description of the Processing, its purposes and the Data Controller's legitimate interests if appropriate;
an assessment of the necessity and proportionality of the Processing in relation to its purpose;
an assessment of the risk to individuals; and
the risk mitigation measures in place and demonstration of compliance.
You must comply with any Company guidelines on DPIA and Privacy by Design in force from time to time.
Automated Processing (including profiling) and Automated Decision-Making
Generally, ADM is prohibited when a decision has a legal or similar significant effect on an individual unless:
a Data Subject has given Explicit Consent;
the Processing is authorised by law; or
the Processing is necessary for the performance of or entering into a contract.
If certain types of Special Categories of Personal Data or Criminal Convictions Data are being processed, then grounds (b) or (c) will not be allowed but the Special Categories of Personal Data and Criminal Convictions Data can be Processed where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention.
If a decision is to be based solely on Automated Processing (including profiling), then Data Subjects must be informed when you first communicate with them of their right to object. This right must be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard the Data Subject's rights and freedoms and legitimate interests.
We must also inform the Data Subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the Data Subject the right to request human intervention, express their point of view or challenge the decision.
A DPIA must be carried out before any Automated Processing (including profiling) or ADM activities are undertaken.
Where you are involved in any data Processing activity that involves profiling or ADM, you must comply with any Company guidelines on profiling or ADM in force from time to time.
Direct marketing
We are subject to certain rules and privacy laws when marketing to our customers.
For example, a Data Subject's prior consent is required for electronic direct marketing (for example, by email, text or automated calls). The limited exception for existing customers known as "soft opt in" allows organisations to send marketing texts or emails if they have obtained contact details in the course of a sale to that person, they are marketing similar products or services, and they gave the person an opportunity to opt out of marketing when first collecting the details and in every subsequent message.
The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information.
A Data Subject's objection to direct marketing must be promptly honoured. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future.
You must comply with any Company guidelines on direct marketing to customers in force from time to time.
Sharing Personal Data
Generally we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place.
You may only share the Personal Data we hold with another employee, agent or representative of our group (which includes our subsidiaries and our ultimate holding company along with its subsidiaries) if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions.
You may only share the Personal Data we hold with third parties if:
they have a need to know the information for the purposes of providing the contracted services;
sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject's Consent has been obtained;
the third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place;
the transfer complies with any applicable cross border transfer restrictions; and
a fully executed written contract that contains UK GDPR-approved third party clauses has been obtained.
You must comply with any Company guidelines on sharing data with third parties in force from time to time.
Changes to this Data Protection Policy
We keep this Data Protection Policy under regular review. This version was last updated in [January] 2021.
This Data Protection Policy does not override any applicable national data privacy laws and regulations in countries where the Company operates.
Acknowledgement of receipt and review
I, [insert name], acknowledge that on [insert date], I received and read a copy of the Company's Data Protection Policy and understand that I am responsible for knowing and abiding by its terms. I understand that the information in this Data Protection Policy is intended to help Company Personnel work together effectively on assigned job responsibilities and assist in the use and protection of Personal Data. This Data Protection Policy does not set terms or conditions of employment or form part of an employment contract.
Signed ……………………………………………………….
Printed Name ……………………………………………….
Date ………………………………………………………….
| Playbook | Assistant
This documentation page is under construction. Should you want to be notified once it's published, .
| Playbook | Assistant
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements .
This document does not form part of any and we may amend it at any time following the procedures described in .
All
All
The policies set out in this document apply to all unless otherwise indicated. They therefore apply to Members of the Boards (, , ), , and ; this is irrespective of their . They equally apply to all and will be used as part of the selection criteria when engaging with them.
This Policy applies within all , including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This document complements TIOF's
This document does not form part of any and we may amend it at any time.
All
All
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all and will be used as part of the selection criteria when engaging with them.
This document employs terms related to the that can be found in the .
The IO Foundation's
The IO Foundation's
This Policy outlines the standards you must observe when using these systems, when we will monitor their use, and the action we will take if you breach these standards that you will need to be aware of while being a Member for TIOF. You should familiarize yourself with it and comply with it at all times. Any breach of this Policy may be dealt with under our and, in serious cases, may be treated as gross misconduct leading to summary dismissal. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team HR Coordinator.
This Policy complements TIOF's
The policies and procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all and will be used as part of the selection criteria when engaging with them.