GDPR
GDPR Policy
GDPR Policy for Lonestar.africa
This GDPR Policy sets out how Lonestar.africa collects, uses, and protects personal information in compliance with the General Data Protection Regulation (GDPR). We are committed to maintaining the privacy and security of your personal information and ensuring that it is processed lawfully and transparently.
1. Lawfulness, Fairness, and Transparency
1.1. Lawful Basis: We will only collect and process personal information when there is a lawful basis for doing so. This may include obtaining consent, fulfilling a contract, complying with legal obligations, protecting vital interests, or pursuing legitimate interests.
1.2. Fair Processing: We will ensure that personal information is processed in a fair manner, meaning that individuals are properly informed about the collection and use of their data.
1.3. Transparency: We will provide clear and transparent information about our data processing activities through this GDPR Policy and other relevant privacy notices.
2. Purpose Limitation and Data Minimization
We will only collect personal information for specific, explicit, and legitimate purposes. We will not process personal data in a way that is incompatible with these purposes. Additionally, we will ensure that the personal information we collect is adequate, relevant, and limited to what is necessary for the intended purpose.
3. Accuracy and Data Retention
We will take reasonable steps to ensure that personal information is accurate, complete, and up to date. We will only retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
4. Data Security and Confidentiality
We will implement appropriate technical and organizational measures to protect personal information against unauthorized access, accidental loss, destruction, or alteration. Access to personal information will be restricted to authorized individuals who need it for legitimate purposes, and we will ensure that they are subject to strict confidentiality obligations.
5. Data Subject Rights
We recognize and respect the rights of data subjects under the GDPR. These rights include the right to access, rectify, erase, restrict processing, object to processing, data portability, and the right not to be subject to automated decision-making, including profiling. We will respond promptly and appropriately to data subject requests regarding these rights.
6. International Data Transfers
If personal information is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect the data, such as Standard Contractual Clauses, to ensure that the data is adequately protected in accordance with GDPR requirements.
7. Data Breach Notification
In the event of a personal data breach that may risk the rights and freedoms of individuals, we will promptly assess the breach and, if required, notify the appropriate supervisory authority and affected individuals in accordance with GDPR obligations.
8. Third-Party Processors
If we engage third-party processors to handle personal information, we will ensure that they provide sufficient guarantees regarding data protection and privacy, and that they only act on our documented instructions.
9. Accountability and Recordkeeping
We will maintain records of our data processing activities, including the purposes of processing, data categories, recipients, and retention periods. We will regularly review and update these records to ensure compliance with GDPR requirements.
10. Contact Us
If you have any questions or concerns about our GDPR Policy or our processing of personal information, please contact us using the contact form below.
Last updated: April 2024