GDPR Compliance - Data Protection & Privacy

1. Our Commitment to Data Protection

At Lua CRM, we are committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organisational measures to ensure the security and confidentiality of your information.

2. Data Protection Principles

We adhere to the following fundamental principles in our data processing activities: We uphold the following fundamental principles in our data processing operations:

Ulukutu, ukufikapo, na ukusokolola mu zonse ifyakucitila amalyashi.
Purpose limitation and data minimisation to collect only necessary information
Accuracy and data quality maintenance through regular updates and verification.
Storage limitation with defined retention periods and secure deletion procedures
Integrity and confidentiality through advanced security measures.
Accountability and compliance through regular audits and assessments.
Technical and organisational security measures aligned with industry standards

3. Your Rights Under the Data Protection Act

Right to Access

You have the right to request access to your personal information and receive a comprehensive copy of the details we hold about you, including how we process and safeguard your data.

Right to Correction

You can request corrections to your personal details if they are inaccurate or incomplete. We will promptly update your information and notify relevant third parties of any necessary changes.

Right to Erasure

You have the right to request the complete deletion of your personal information when it is no longer necessary for the purposes for which it was collected, subject to legal requirements and our legitimate interests.

Right to Restriction

You can request the restriction of processing your personal data under specific circumstances, such as when you dispute the accuracy of the data or when the processing is unlawful.

4. Data Processing Information

Legal Basis for Processing

Tizipitiliza data yanu ya munthu kulingana ndi mafumu awa:

Yanu mwambo wako wa kukonzya kucita zintu ezyo
Contractual necessity for service provision and maintenance
Lawful duties an' regulatry compliance demands
Legitimate business interests, carefully balanced with your rights and freedoms.

International Data Transfers

When we transfer your data internationally, we ensure appropriate safeguards are in place through:

Standard contractual clauses approved by the European Commission
Binding corporate policies for intra-company transfers
Adequacy decisions for recipient countries with equivalent data protection standards

5. Security Measures

We implement comprehensive security measures to protect your personal data.

Ukwampana kwa bufi bwa data mu kutampa na pa kukhala kwa ichi kuchitika kuchokera mu mipando ya chikhalidwe cha chikhalidwe.
Regular security assessments, penetration testing, and vulnerability management.
Mwambo wa kufungula kwa kutumina zinthu zambiri ndiponso kufungula kwa kulingana ndi ntchito.
Secure data centres with physical security measures and environmental controls
Comprehensive staff training on data protection and security best practices

6. Data Breach Notification

Ine event of a personal data breach, we 'ave established comprehensive procedures to:

Conduct immediate risk assessment an' impact analysis.
Notify relevant supervisory authorities within 72 hours of discovery.
Communicate with affected individuals without undue delay when necessary.

7. Contact Details

For any questions regarding your personal data or to exercise your rights, please contact our dedicated privacy team at:

Email: [email protected]

Phone: +374 95 505-300

Address: Harju District, Lasnamäe City, Sepapaja Street 6
Tallinn, Zambia

Phone: +374 9550-5300

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are regularly reviewed and updated to ensure compliance with applicable laws and industry standards.

Third-Party Processors

We carefully select an' continuously monitor third-party processors who handle your personal data. All processors are bound by strict contractual obligations to maintain appropriate security measures an' comply with data protection laws. We conduct regular audits to ensure compliance.

Updates to This Policy

We regularly review and update dis privacy policy to reflect changes in our practices, legal requirements, and technological developments. We will notify you of any material changes through appropriate channels and provide you with the opportunity to review the updated policy.

Data Protection & Privacy Compliance