Introduction
The GDPR policy outlines how our organization collects, processes, and stores personal data, and how we comply with the General Data Protection Regulation (GDPR). Lion Reach Media is a global group and therefore is committed to comply with all the laws, rules, and regulations related to Data Protection and all its branches. It is governed, but not limited to, the General Data Protection Regulation (“GDPR”)
We will be collecting and processing the following personal data pertaining to an individual or business or any third party.
Definition:
- Personal data: Any information relating to an identified or identifiable natural person.
- Data subject: The natural person to whom personal data relates.
- Processing: Any operation or set of operations performed on personal data, including collection, storage, use, and disclosure.
- Controller: The natural or legal person that determines the purposes and means of processing personal data.
Principles of GDPR compliance:
- Our organization is committed to complying with the GDPR by adhering to the following principles:
- Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and in a transparent manner. We maintain transparency in all our business dealings and transactions, including the storing personal information.
- Purpose limitation: Personal data is collected and processed for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimization: Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: Personal data is accurate and, where necessary, kept up to date.
- Storage limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Integrity and confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Roles and responsibilities
- Our organization has designated a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance. The DPO is responsible for:
- Informing and advising our organization and its employees about GDPR compliance requirements
- Monitoring compliance with GDPR policies and procedures
- Conducting audits and risk assessments related to GDPR compliance
- Responding to inquiries and complaints related to GDPR compliance
- Cooperating with supervisory authorities
Legal basis for processing personal data
- Our organization processes personal data based on the following legal bases:
- Consent: Data subjects have given their consent for processing their personal data for one or more specific purposes.
- Contract: Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation: Processing is necessary for compliance with a legal obligation to which our organization is subject.
- Vital interests: Processing is necessary to protect the vital interests of the data subject or of another natural person.
- Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our organization.
- Legitimate interests: Processing is necessary for the legitimate interests pursued by our organization or by a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
Collection and processing of personal data
- Our organization collects and processes personal data only to the extent necessary to achieve the purposes for which the data is collected. We collect personal data in the following ways:
- Directly from data subjects: We collect personal data directly from data subjects through online forms, surveys, and other interactions.
- Indirectly from third parties: We may collect personal data indirectly from third-party sources, such as public records, social media, and other sources.
- Automated collection: We may collect personal data through automated means, such as cookies