GDPR Compliance - Data Protection & Privacy

1. Our Commitment to Data Protection

At Lua CRM, we are committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organisational measures to ensure the security and confidentiality of your information.

2. Data Protection Principles

We adhere to the following fundamental principles in our data processing activities: We uphold the following core principles in our data processing operations:

Lawfulness, fairness, and transparency in all data processing operations.
Purpose limitation and data minimization to collect only necessary information.
Precision and data quality upkeep through regular updates and verification
Storage limitation with defined retention periods and secure deletion procedures
Integrity and confidentiality through advanced security measures
Accountability and compliance through regular audits and assessments.
Technical and organisational security measures aligned with industry standards

3. Your Rights Under the Data Protection Act

Right to Access

You have the right to request access to your personal information and receive a comprehensive copy of the details we maintain about you, including particulars on how we process and safeguard your data.

Right to Correction

You can request corrections to your personal details if it is inaccurate or incomplete. We will promptly update your information and notify relevant third parties of any necessary changes.

Right to Erasure

You have the right to request the complete deletion of your personal information when it is no longer needed for the reasons it was collected, subject to legal requirements and our legitimate interests.

Right to Restriction

You can request the restriction of processing your personal data under specific circumstances, such as when you dispute the accuracy of the data or when the processing is illegal.

4. Data Processing Information

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Your express permission for specific processing activities
Contractual necessity for service provision and maintenance
Legal obligations and regulatory compliance requirements dey important for businesses for make sure say dem dey follow all de laws and regulations wey dey apply to dem. Dis na key part of good corporate governance and risk management.
Legitimate business interests, carefully balanced with your rights and freedoms

International Data Transfers

When we transfer your data internationally, we ensure appropriate safeguards are in place through:

Standard contractual clauses approved by the European Commission
Binding corporate policies for intra-company transfers
Adequacy decisions for recipient countries with equivalent data protection standards

5. Security Precautions

We implement comprehensive security measures to safeguard your personal data.

Dɛn sɛ ɛyɛ dɛn sɛ wɔ yɛ encryption sɛ wɔ ma data no kɔ hɔ ne sɛ ɛwɔ hɔ no, wɔ dɛ industry-standard protocols no.
Regular security assessments, pen-testing, and vulnerability management.
Multifactor authentication and role-based access controls
Secure data centres with physical security measures and environmental controls
Comprehensive staff training on data protection and security best practices

6. Data Breach Notification

In di case of a personal data breach, we don don put in place comprehensive procedures to:

Conduct immediate risk assessment and impact analysis.
Notify relevant supervisory authorities within 72 hours of discovery.
Communicate with affected persons without undue delay when necessary.

7. Contact Details

For any questions about your personal data or to exercise your rights, please contact our dedicated privacy team at:

Email: [email protected]

Phone: +374 95 505-300

Address: Harju Region, Lasnamäe District, Sepapaja Street 6
Tallinn, Ghana

Phone: +374 9550-5300

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are regularly reviewed and updated to ensure compliance with applicable laws and industry standards.

Third-Party Processors

We carefully select and continuously monitor third-party processors who handle your personal data. All processors are bound by strict contractual obligations to maintain appropriate security measures and comply with data protection laws. We conduct regular audits to ensure compliance.

Updates to This Policy

We dey regularly review and update dis privacy policy to reflect changes for our practices, legal requirements, and technological developments. We go notify you of any material changes through appropriate channels and provide you with the opportunity to review the updated policy.

Data Protection & Privacy Compliance