Data Protection & Privacy Compliance
Our Commitment to Protecting Your Personal Information
1. Our Commitment to Data Protection
At Lua CRM, we are committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organisational measures to ensure the security and confidentiality of your information.
2. Data Protection Principles
We adhere to the following fundamental principles in our data processing activities: We uphold the following fundamental principles in our data processing activities:
- Lawfulness, fairness, and transparency in all data processing operations
- Purpose limitation and data minimisation to collect only necessary information
- Accuracy and data quality maintenance through regular updates and verification
- Storage limitation with defined retention periods and secure deletion procedures
- Integrity and confidentiality through advanced security measures
- Accountability and compliance through regular audits and assessments
- Technical and organisational security measures aligned with industry standards
3. Your Rights Under POPIA
Right to Access
You have the right to request access to your personal information and receive a comprehensive copy of the details we hold about you, including information about how we process and safeguard your data.
Right to Correction
You can request corrections to your personal information if it is inaccurate or incomplete. We will promptly update your details and notify relevant third parties of any necessary changes.
Right to Erasure
You have the right to request the complete deletion of your personal information when it is no longer necessary for the purposes for which it was collected, subject to legal requirements and our legitimate interests.
Right to Restriction
You can request the restriction of processing your personal information under specific circumstances, such as when you dispute the accuracy of the data or when the processing is unlawful.
4. Data Processing Information
Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Jou uitdruklike toestemming vir spesifieke verwerkingsaktiwiteite
- Contractual necessity for service provision and maintenance
- Legal obligations and regulatory compliance requirements
- Legitimate business interests, carefully balanced with your rights and freedoms
International Data Transfers
When we transfer your data internationally, we ensure appropriate safeguards are in place through:
- Standard contractual clauses approved by the European Commission
- Binding corporate rules for intra-group transfers
- Adequacy decisions for recipient countries with equivalent data protection standards
5. Security Measures
We implement comprehensive security measures to safeguard your personal data.
- Advanced encryption of data in transit and at rest using industry-standard protocols
- Regular security assessments, penetration testing, and vulnerability management
- Multi-factor authentication and role-based access controls
- Secure data centres with physical security measures and environmental controls.
- Comprehensive staff training on data protection and security best practices
6. Data Breach Notification
In the event of a personal data breach, we have established comprehensive procedures to:
- Conduct immediate risk assessment and impact analysis
- Notify relevant supervisory authorities within 72 hours of discovery.
- Communicate with affected individuals without undue delay when necessary.
7. Contact Details
For any queries regarding your personal information or to exercise your rights, please contact our dedicated privacy team at:
Email: [email protected]
Email: [email protected]
Phone: +374 95 505-300
Phone: +374 95 505-300
Address: Harju District, Lasnamäe District, Sepapaja Street 6
Tallinn, Estonia
Phone: +374 9550-5300
Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are regularly reviewed and updated to ensure compliance with applicable laws and industry standards.
Third-Party Service Providers
We carefully select and continuously monitor third-party service providers who handle your personal information. All service providers are bound by strict contractual obligations to maintain appropriate security measures and comply with data protection laws. We conduct regular audits to ensure compliance.
Updates to This Policy
We regularly review and update this privacy policy to reflect changes in our practices, legal requirements, and technological developments. We will notify you of any material changes through appropriate channels and provide you with the opportunity to review the updated policy.