This policy outlines how personal information is stored, accessed, and protected in compliance with the General Data Protection Regulation (GDPR) and Protection of Personal Information Act (POPIA). It applies to all campaigns and data handling activities conducted on behalf of client.
This policy applies to:
- All personal data collected, processed, and stored during campaign execution.
- All systems and APIs involved in data transmission and reporting.
- All appointed representatives of client with authorized access.
¶ 3. Data Storage and Segregation
- Encryption at Rest: All personal data is encrypted using industry-standard algorithms (e.g., AES-256) while stored.
- Campaign Isolation: Each campaign’s data is stored in a logically separated environment to prevent cross-access or leakage.
- Access Control: Only appointed representatives of TLC have access to campaign reporting and analytics. Access is role-based and audited.
- Whitelisting: All API endpoints are protected by IP whitelisting to restrict access to known, trusted sources.
- Encryption in Transit: All API calls are encrypted using TLS 1.2 or higher to ensure secure data transmission.
This policy adheres to the following principles from GDPR and POPIA:
- Lawfulness, Fairness, and Transparency: Data subjects are informed of the purpose and scope of data collection.
- Purpose Limitation: Data is collected only for specified, legitimate campaign purposes.
- Data Minimization: Only necessary personal data is collected and retained.
- Integrity and Confidentiality: Technical and organizational measures are in place to prevent unauthorized access, alteration, or loss.
- Accountability: TLC and its partners maintain records of processing activities and access logs.
Data subjects may request:
- Access to their personal data.
- Correction or deletion of inaccurate or outdated data.
- Restriction of processing or objection to processing under applicable laws.
¶ 7. Retention and Disposal
Personal data is retained only for the duration necessary to fulfill campaign objectives and legal obligations. Secure disposal methods are used post-retention.
¶ 8. Review and Updates
This policy is reviewed annually or upon significant changes to data handling practices, legal requirements, or system architecture.