What does this mean for JTI?

Throughout various operations we collect and handle personal data relating to JTI customers, employees, business partners and other stakeholders. We have a duty to keep all such data carefully protected and work only with data necessary for the effective operation of JTI.

We also produce other business-sensitive information about JTI which calls for the same level of care and protection. Unlawful or unauthorized disclosure of personal data or other information can harm JTI reputation and negatively impact the business operations.

What does this mean to me as an employee?

I am careful when I work with personal data. I always respect the privacy of the individuals and use their data lawfully.

I am especially careful when I share personal data. I do so only if there is a legitimate business reason. If I am in doubt, I seek guidance from the local or regional Legal Counsel.

I only use secure and approved IT solutions to collect, use, store and share personal data or other information. I keep my devices and documents protected and I maintain strong and secure passwords for accessing IT systems, websites and other information assets (JTI assets are anything that is owned or paid for by JTI).

I take extra care when working outside of JTI premises to ensure unauthorized people cannot overhear, see or access JTI information (including passwords).

If I receive any information and I am unsure of its origin or intended purpose, I speak to my line manager. I never respond to suspicious messages requesting any information and I do not open links or attachments contained in such messages.

I immediately report any suspected data breach (such as loss of confidentiality or misuse of any information) to my local or regional Legal Counsel or a member of Corporate Compliance or IT Teams.