GDPR Compliance - Data Protection & Privacy

1. Our Commitment to Data Protection

At Lua CRM, we dey committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organizational measures to ensure the security and confidentiality of your information.

2. Data Protection Principles

We adhere to the following fundamental principles in our data processing activities: 1. Lawfulness, fairness and transparency: We process personal data lawfully, fairly and in a transparent manner. 2. Purpose limitation: We collect personal data for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. 3. Data minimisation: We collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 4. Accuracy: We keep personal data accurate and, where necessary, kept up to date. 5. Storage limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 6. Integrity and confidentiality: We process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Lawfulness, fairness, and transparency in all data processing operations.
Purpose limitation and data minimization to collect only necessary information.
Accuracy and data quality maintenance through regular updates and verification
Storage limitation with defined retention periods and secure deletion procedures
Integrity and confidentiality through advanced security measures
Accountability and compliance through regular audits and assessments
Technical and organisational security measures aligned with industry standards.

3. Your Rights Under GDPR

Right to Access

You have the right to request access to your personal data and receive a comprehensive copy of the information we hold about you, including details about how we process and protect your data.

Right to Rectification

You fit request corrections to your personal data if e dey inaccurate or incomplete. We go promptly update your information and notify relevant third parties of any necessary changes.

Right to Erasure

You have the right to request the complete deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal requirements and our legitimate interests.

Right to Restriction

You fit request the restriction of processing your personal data under specific circumstances, like when you contest the accuracy of the data or when the processing dey unlawful.

4. Data Processing Information

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Your explicit consent for specific processing activities
Contractual necessity for service provision and maintenance
Legal obligations and regulatory compliance requirements
Legitimate business interests, carefully balanced with your rights and freedoms

International Data Transfers

When we transfer your data internationally, we ensure appropriate safeguards are in place through:

Standard contractual clauses approved by the European Commission
Binding corporate rules for intra-group transfers
Adequate data protection decisions for recipient countries with equivalent data protection standards.

5. Security Measures

We implement comprehensive security measures to protect your personal data:

Advanced encryption of data in transit and at rest using industry-standard protocols.
Regular security assessments, penetration testing, and vulnerability management.
Multifactor authentication and role-based access controls
Secure data centers with physical security measures and environmental controls.
Comprehensive staff training on data protection and security best practices

6. Data Breach Notification

In the event of a personal data breach, we have established comprehensive procedures to:

Conduct immediate risk assessment and impact analysis.
Notify relevant supervisory authorities within 72 hours of discovery.
Communicate with affected individuals without undue delay when necessary.

7. Contact Information

For any questions regarding your personal data or to exercise your rights, please contact our dedicated privacy team at:

Email: [email protected]

Phone: +374 95 505-300

Address: 148, Pärnu Avenue, 2nd Floor Tallinn, Estonia

Phone: +372 4555-009

Data Retention

We keep your personal information only for as long as needed to achieve the reasons for which it was collected, including legal, accounting, or reporting requirements. We regularly review and update our retention periods to ensure compliance with applicable laws and industry standards.

Third-Party Processors

We carefully select and continuously monitor third-party processors who handle your personal data. All processors are bound by strict contractual obligations to maintain appropriate security measures and comply with data protection laws. We conduct regular audits to ensure compliance.

Updates to This Policy

We regularly review and update dis privacy policy to reflect changes for our practices, legal requirements, and technological developments. We go notify you of any material changes through appropriate channels and provide you with the opportunity to review the updated policy.

Data Protection & Privacy Compliance