Global Data Protection Policy
Effective Date: 16/05/2023
This Global Data Protection Policy (the "Policy") outlines the principles, guidelines, and responsibilities for protecting personal data across all our operations worldwide. As an organization committed to safeguarding the privacy and confidentiality of personal information, we recognize the importance of complying with applicable data protection laws and regulations.
This Policy applies to all employees, contractors, third-party vendors, and any other individuals who handle personal data on behalf of our organization ("Data Handlers"). It covers all personal data collected, processed, stored, or transmitted globally, regardless of the medium or format in which it is stored.
3. Compliance with Applicable Laws
We are committed to complying with all applicable data protection laws, regulations, and industry standards in all jurisdictions where we operate. This includes, but is not limited to, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant national, state, and local laws.
4. Data Collection and Use
4.1. Lawful Basis
We will only collect and process personal data where there is a lawful basis to do so. This may include obtaining explicit consent, fulfilling contractual obligations, complying with legal requirements, protecting vital interests, or pursuing legitimate interests, provided that such interests are not overridden by the rights and freedoms of data subjects.
4.2. Purpose Limitation
Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in any manner incompatible with those purposes.
4.3. Data Minimization
We will only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
4.4. Data Accuracy
We will take reasonable steps to ensure that personal data is accurate, complete, and kept up-to-date. Data subjects have the right to request the rectification of inaccurate or incomplete personal data.
4.5. Data Retention
Personal data will be retained only for as long as necessary to full fill the purposes for which it was collected, unless a longer retention period is required by law or legitimate business needs. We will implement appropriate measures to securely delete or anonymize data that is no longer required.
4.6. Data Security
We will implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
5. Data Subject Rights
We respect the rights of data subjects and will facilitate the exercise of their rights, including but not limited to the right to access, rectify, erase, restrict processing, object to processing, data portability, and the right not to be subject to automated decision-making.
6. Data Transfers
When transferring personal data internationally, we will ensure that appropriate safeguards are in place to protect the data, including the use of standard contractual clauses, binding corporate rules, or relying on adequacy decisions by relevant authorities.
7. Third-Party Relationships
When engaging third-party vendors or service providers, we will ensure they provide sufficient guarantees to protect personal data in accordance with applicable data protection laws. We will enter into data processing agreements or similar arrangements that impose appropriate data protection obligations on such third parties.
8. Data Breach Response
In the event of a data breach, we will promptly investigate the incident, mitigate its impact, and notify relevant supervisory authorities and affected data subjects in accordance with applicable legal requirements.
9. Employee Training and Awareness
We will provide regular data protection training and awareness programs to all employees and Data Handlers, ensuring they understand their responsibilities and obligations regarding the protection of personal data.
10. Policy Compliance and Review
Compliance with this Policy is mandatory for all employees and Data Handlers. The Policy will be reviewed periodically to ensure its ongoing suitability, effectiveness, and compliance with applicable laws and regulations.
11. Reporting Violations
Any concerns, questions, or reports of suspected violations of this Policy should be promptly reported to the designated data protection officer or relevant contact person.
12. Policy Enforcement
Failure to comply with this Policy may result in disciplinary action, up to and including termination of employment or contractual relationship, as well as legal consequences.
By adhering to this Global Data Protection Policy, we aim to ensure the highest standards of data protection and privacy across our organization and maintain the trust of individuals whose personal data we handle.
Libralex (pty) Ltd. (Reg # 1996/003156/07)
Vetmaster Online (pty) Ltd. (Reg # 2005/008162/07)