Privacy policy.
Lafan’s GDPR/Data Protection Policy
1.Purpose and scope
This policy outlines Lafan’s commitment to compliance with the General Data Protection Regulation (GDPR) to ensure the protection of personal data.
This policy applies to all employees, contractors, and third parties who process personal data on behalf of Lafan.
2. Data Protection Principles
2.1 Lawfulness, Fairness, and Transparency: Lafan will process personal data lawfully, fairly, and transparently. We will inform individuals about the purpose and legal basis for data processing.
2.2 Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
2.3 Data Minimisation: Lafan will collect only the data necessary for the intended purpose.
2.4 Accuracy: We will take reasonable steps to ensure that personal data is accurate and up to date.
2.5 Storage Limitation: Personal data will be retained only for as long as necessary for the purposes for which it was collected.
2.6 Integrity and Confidentiality: Lafan will implement appropriate security measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
3. Data Subject Rights
3.1 Right to Access: Individuals have the right to request access to their personal data held by Lafan.
3.2 Right to Rectification: Individuals can request the correction of inaccurate personal data.
3.3 Right to Erasure (Right to be Forgotten): Lafan will honour requests for data erasure under certain conditions.
3.4 Right to Data Portability: We will provide individuals with their personal data in a structured, commonly used, and machine-readable format upon request.
3.5 Right to Object: Individuals have the right to object to the processing of their personal data.
4. Consent
4.1 Consent Obtained: Where required, Lafan will obtain explicit and informed consent from individuals before processing their personal data.
4.2 Withdrawal of Consent: Individuals can withdraw their consent at any time, and Lafan will cease processing their data accordingly.
5. Data Breach Management
5.1 Reporting: Lafan has established procedures for reporting and managing data breaches in accordance with GDPR requirements.
6.Training and Awareness
6.1 Training: Lafan provides regular data protection training and awareness programs for employees.
7. Third-Party Data Processors
7.1 Contracts: Lafan will ensure that third-party processors comply with GDPR and protect personal data.
8. Policy Review
8.1 Review: This policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR.
9. Conclusion
Enforcement: Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract.
Lafan is committed to maintaining GDPR compliance and protecting the personal data of individuals.