Data Protection & Privacy Compliance
Our Commitment to Safeguarding Your Personal Information
1. Our Commitment to Data Protection
At Lua CRM, we are committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organisational measures to ensure the security and confidentiality of your information.
2. Data Protection Principles
We adhere to the following fundamental principles in our data processing activities: We uphold the following fundamental principles in our data processing operations:
- Lawfulness, fairness, and transparency for all data processing activities.
- Purpose limitation and data minimization to collect only necessary information
- Accuracy and data quality maintenance through regular updates and verification
- Storage limitation with defined retention periods and secure deletion procedures
- Integrity and confidentiality through advanced security measures
- Accountability and compliance through regular audits and assessments
- Technical and organisational security measures aligned with industry standards
3. Your Rights Under GDPR
Right to Access
You have the right to request access to your personal information and receive a comprehensive copy of the details we hold about you, including how we process and safeguard your data.
Right to Correction
You can request corrections to your personal information if it is inaccurate or incomplete. We will promptly update your details and notify relevant third parties of any necessary changes.
Right to Erasure
You have the right to request the complete deletion of your personal information when it is no longer necessary for the purposes for which it was collected, subject to legal requirements and our legitimate interests.
Right to Restriction
You can request the restriction of processing your personal information under specific circumstances, such as when you dispute the accuracy of the data or when the processing is illegal.
4. Data Processing Information
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Your explicit approval for specific processing activities
- Contractual necessity for service provision and maintenance
- Legal obligations and regulatory compliance requirements
- Legitimate business interests, carefully balanced with your rights and freedoms
International Data Transfers
When we transfer your data internationally, we ensure appropriate safeguards are in place through:
- Standard contractual clauses approved by the European Commission
- Binding corporate policies for intra-company transfers
- Adequate data protection decisions for recipient countries with equivalent data protection standards
5. Security Precautions
We implement comprehensive security measures to safeguard your personal data.
- Secure data encryption using standard industry protocols for data in motion and data at rest.
- Regular security assessments, penetration testing, and vulnerability management
- Multi-factor authentication and role-based access controls
- Secure data centres with physical security measures and environmental controls
- Comprehensive staff training on data protection and security best practices
6. Data Breach Notification
In the event of a personal data breach, we have established comprehensive procedures to: 1. Promptly notify affected individuals and relevant authorities. 2. Investigate the incident and take necessary steps to mitigate any harm. 3. Implement additional security measures to prevent future breaches. 4. Provide support and assistance to impacted customers. 5. Comply with all applicable data protection regulations.
- Carry out immediate risk assessment and impact analysis.
- Notify relevant supervisory authorities within 72 hours of discovery.
- Communicate with affected individuals without undue delay when necessary.
7. Contact Details
For any questions about your personal data or to exercise your rights, please contact our dedicated privacy team at:
Email: [email protected]
Email: [email protected]
Phone: +374 95 505-300
Phone: +374 95 505-300
Address: Harju Local Government Area, Lasnamäe District, Sepapaja Street 6
Tallinn, Nigeria
Phone: +374 9550-5300
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are regularly reviewed and updated to ensure compliance with applicable laws and industry standards.
Third-Party Processors
We carefully select and continuously monitor third-party processors wey dey handle your personal data. All processors dey bound by strict contractual obligations to maintain appropriate security measures and comply with data protection laws. We dey conduct regular audits to ensure compliance.
Updates to This Policy
We dey regularly review and update dis privacy policy to reflect changes for our practices, legal requirements, and technological developments. We go notify you of any major changes through appropriate channels and provide you with the opportunity to review the updated policy.