Global Data Protection Policy

Effective Date: 16/05/2023

1. Introduction

This Global Data Protection Policy (the "Policy") outlines the principles, guidelines, and responsibilities for protecting personal data across all our operations worldwide. As an organization committed to safeguarding the privacy and confidentiality of personal information, we recognize the importance of complying with applicable data protection laws and regulations.

2. Scope

This Policy applies to all employees, contractors, third-party vendors, and any other individuals who handle personal data on behalf of our organization ("Data Handlers"). It covers all personal data collected, processed, stored, or transmitted globally, regardless of the medium or format in which it is stored.

3. Compliance with Applicable Laws

We are committed to complying with all applicable data protection laws, regulations, and industry standards in all jurisdictions where we operate. This includes, but is not limited to, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant national, state, and local laws.

4. Data Collection and Use

4.1. Lawful Basis

We will only collect and process personal data where there is a lawful basis to do so. This may include obtaining explicit consent, fulfilling contractual obligations, complying with legal requirements, protecting vital interests, or pursuing legitimate interests, provided that such interests are not overridden by the rights and freedoms of data subjects.

4.2. Purpose Limitation

Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in any manner incompatible with those purposes.

4.3. Data Minimization

We will only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

4.4. Data Accuracy

We will take reasonable steps to ensure that personal data is accurate, complete, and kept up-to-date. Data subjects have the right to request the rectification of inaccurate or incomplete personal data.

4.5. Data Retention

Personal data will be retained only for as long as necessary to full fill the purposes for which it was collected, unless a longer retention period is required by law or legitimate business needs. We will implement appropriate measures to securely delete or anonymize data that is no longer required.

4.6. Data Security

We will implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

5. Data Subject Rights

We respect the rights of data subjects and will facilitate the exercise of their rights, including but not limited to the right to access, rectify, erase, restrict processing, object to processing, data portability, and the right not to be subject to automated decision-making.

6. Data Transfers

When transferring personal data internationally, we will ensure that appropriate safeguards are in place to protect the data, including the use of standard contractual clauses, binding corporate rules, or relying on adequacy decisions by relevant authorities.

7. Third-Party Relationships

When engaging third-party vendors or service providers, we will ensure they provide sufficient guarantees to protect personal data in accordance with applicable data protection laws. We will enter into data processing agreements or similar arrangements that impose appropriate data protection obligations on such third parties.

8. Data Breach Response

In the event of a data breach, we will promptly investigate the incident, mitigate its impact, and notify relevant supervisory authorities and affected data subjects in accordance with applicable legal requirements.

9. Employee Training and Awareness

We will provide regular data protection training and awareness programs to all employees and Data Handlers, ensuring they understand their responsibilities and obligations regarding the protection of personal data.

10. Policy Compliance and Review

Compliance with this Policy is mandatory for all employees and Data Handlers. The Policy will be reviewed periodically to ensure its ongoing suitability, effectiveness, and compliance with applicable laws and regulations.

11. Reporting Violations

Any concerns, questions, or reports of suspected violations of this Policy should be promptly reported to the designated data protection officer or relevant contact person.

12. Policy Enforcement

Failure to comply with this Policy may result in disciplinary action, up to and including termination of employment or contractual relationship, as well as legal consequences.

By adhering to this Global Data Protection Policy, we aim to ensure the highest standards of data protection and privacy across our organization and maintain the trust of individuals whose personal data we handle.

Libralex (pty) Ltd. (Reg # 1996/003156/07)

Vetmaster Online (pty) Ltd. (Reg # 2005/008162/07)