Data Protection & Privacy Compliance
Our Commitment to Protecting Your Personal Data
1. Our Commitment to Data Protection
At Lua CRM, we are committed to maintaining the highest standards of data protection and privacy. This policy outlines our comprehensive approach to safeguarding your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement robust technical and organisational measures to ensure the security and confidentiality of your information.
2. Data Protection Principles
We adhere to the following fundamental principles in our data processing activities:
- Wettigheid, billikheid en deursigtigheid in alle dataverwerking-operasies
- Purpose limitation and data minimisation to collect only necessary information.
- Accuracy and data quality maintenance through regular updates and verification
- Storage limitation with defined retention periods and secure deletion procedures
- Integrity and confidentiality through advanced security measures
- Accountability and compliance through regular audits and assessments
- Technical and organisational security measures aligned with industry standards
3. Your Rights Under GDPR
Right to Access
You have the right to request access to your personal information and receive a comprehensive copy of the details we hold about you, including information about how we process and safeguard your data.
Right to Rectification
You can request corrections to your personal information if it is inaccurate or incomplete. We will promptly update your details and notify relevant third parties of any necessary changes.
Right to Erasure
You have the right to request the complete deletion of your personal information when it is no longer necessary for the purposes for which it was collected, subject to legal requirements and our legitimate interests.
Right to Restriction
You can request the restriction of processing your personal data under specific circumstances, such as when you contest the accuracy of the data or when the processing is unlawful.
4. Data Processing Information
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Your explicit consent for specific processing activities
- Contractual necessity for service provision and maintenance
- Legal obligations and regulatory compliance requirements
- Legitimate business interests, carefully balanced with your rights and freedoms
International Data Transfers
When we transfer your data internationally, we ensure appropriate safeguards are in place through:
- Standard contractual clauses approved by the European Commission
- Binding corporate rules for intra-group transfers
- Adequacy decisions for recipient countries with equivalent data protection standards
5. Security Measures
We implement comprehensive security measures to protect your personal data:
- Advanced encryption of data in transit and at rest using industry-standard protocols
- Regular security assessments, penetration testing, and vulnerability management
- Multi-factor authentication and role-based access controls
- Secure data centres with physical security measures and environmental controls.
- Comprehensive staff training on data protection and security best practices
6. Data Breach Notification
In the event of a personal data breach, we have established comprehensive procedures to:
- Conduct immediate risk assessment and impact analysis
- Notify relevant supervisory authorities within 72 hours of discovery.
- Communicate with affected individuals without undue delay when necessary.
7. Contact Information
For any questions regarding your personal data or to exercise your rights, please contact our dedicated privacy team at:
Foon: +374 95 505-300
Foon: +374 95 505-300
Address: 148, Pärnu Avenue, 2nd Floor Tallinn, Estonia
Phone: +27 4555-009
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are regularly reviewed and updated to ensure compliance with applicable laws and industry standards.
Third-Party Processors
We carefully select and continuously monitor third-party processors who handle your personal data. All processors are bound by strict contractual obligations to maintain appropriate security measures and comply with data protection laws. We conduct regular audits to ensure compliance.
Updates to This Policy
We regularly review and update this privacy policy to reflect changes in our practices, legal requirements, and technological developments. We will notify you of any material changes through appropriate channels and provide you with the opportunity to review the updated policy.