¶ POPIA and GDPR Compliance Policy for package−client
This policy outlines our commitment to protecting the personal information of package−client's customers in compliance with the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA). This document details how personal information is stored, accessed, and protected for all campaigns and data handling activities conducted on behalf of package−client.
This policy applies to:
- All personal data collected, processed, and stored during the execution of campaigns for package−client.
- All systems and APIs involved in the transmission and reporting of this data.
- All appointed representatives of package−client with authorized access.
¶ 3. Data Storage and Segregation
- Encryption at Rest: All of package−client's personal data is encrypted using industry-standard algorithms (e.g., AES-256) while stored in our systems.
- Campaign Isolation: Each of package−client's campaigns has its data stored in a logically separated environment to prevent any cross-access or data leakage.
- Access Control: Only authorized personnel and appointed representatives of package−client have access to campaign reporting and analytics. Access is role-based and all access is audited.
To protect package−client's data in transit, we implement the following security measures for our APIs:
- Whitelisting: All API endpoints are protected by IP whitelisting to restrict access to known, trusted sources, such as the servers of package−client.
- Encryption in Transit: All API calls are encrypted using TLS 1.2 or higher to ensure the secure transmission of data.
We adhere to the following principles from GDPR and POPIA for all of package−client's data:
- Lawfulness, Fairness, and Transparency: Data subjects are informed of the purpose and scope of data collection.
- Purpose Limitation: Data is collected only for the specified, legitimate purposes of package−client's campaigns.
- Data Minimization: Only the personal data that is necessary for the campaign is collected and retained.
- Integrity and Confidentiality: We have technical and organizational measures in place to prevent unauthorized access, alteration, or loss of data.
- Accountability: We maintain records of all processing activities and access logs related to package−client's data.
We are committed to upholding the rights of data subjects as defined in the GDPR and POPIA. For any data subject requests from package−client's customers, we will provide full support to package−client to facilitate these requests. Data subjects have the right to request:
- Access to their personal data.
- Correction or deletion of inaccurate or outdated data.
- Restriction of processing or objection to processing under applicable laws.
¶ 7. Retention and Disposal
Personal data for package−client is retained only for the duration necessary to fulfill campaign objectives and any legal obligations. The retention periods can be customized based on the specific needs and legal requirements of package−client. Secure disposal methods are used for all data post-retention.
This policy will be reviewed annually, or in the event of significant changes to data handling practices, legal requirements, or our system architecture, to ensure its continued relevance and effectiveness for package−client.