Privacy and Data Security Policies

At Leads Technologies Limited, we are deeply committed to safeguarding the privacy and security of our clients’ data. Our comprehensive Privacy and Data Security Policies are designed to protect sensitive information, ensure compliance with legal and regulatory standards, and build trust and transparency with our clients and stakeholders. Below is an in-depth overview of our policies and practices related to privacy and data security.

1. Data Collection & Usage

  • Purpose Limitation:
    We collect personal and business data strictly for specified, explicit, and legitimate purposes. These include providing and enhancing our services, meeting contractual obligations, complying with legal requirements, and improving user experiences. We ensure that the data collected is relevant and limited to what is necessary for these purposes.
  • Transparency and Consent:
    We operate with full transparency regarding the data we collect, how it will be used, and why it is needed. Prior to collecting any personal data, we inform data subjects of their rights and obtain their explicit consent where required. This information is provided through clear and accessible privacy notices and consent forms.
  • Data Analytics and Profiling:
    Where data analytics or profiling is employed, it is done in a way that respects individual privacy. We provide data subjects with information about how their data is being used in analytics and profiling, and they have the right to opt-out if they choose.

2. Data Minimization & Retention

  • Data Minimization:
    In line with the principle of data minimization, we ensure that only the data necessary for achieving our legitimate business objectives is collected. Unnecessary or redundant data collection is avoided, reducing the risk of data breaches and enhancing data security.
  • Data Retention Policy:
    Our data retention policy stipulates that personal data is only kept for as long as it is needed to fulfill the purposes for which it was collected or as required by law. We regularly review the data we hold and securely delete or anonymize data that is no longer necessary.
  • Automated Deletion Processes:
    To further enhance data minimization, we implement automated deletion processes that ensure data is removed from our systems after the retention period expires unless otherwise required by law.

3. Data Security

  • Encryption Standards:
    We employ state-of-the-art encryption protocols to protect data both in transit and at rest. All sensitive data is encrypted using advanced algorithms such as AES-256, ensuring that it remains secure against unauthorized access.
  • Access Management:
    Our access management policies ensure that access to data is strictly controlled and limited to authorized personnel. Access is granted based on job role and responsibilities, following the principle of least privilege. All access requests are reviewed, and access rights are regularly audited.
  • Multi-Factor Authentication (MFA):
    To enhance security, we require multi-factor authentication for all systems accessing sensitive data. This provides an additional layer of security beyond traditional passwords.

4. Data Subject Rights

  • Right to Information:
    Data subjects have the right to know what personal data we hold about them, why it is being processed, and who it is shared with. We provide this information through our comprehensive privacy policy and upon request by the data subject.
  • Right to Access and Portability:
    Individuals can request access to their personal data at any time, and where applicable, they can request that their data be transferred to another service provider in a structured, commonly used, and machine-readable format.
  • Right to Rectification and Erasure:
    We promptly correct any inaccuracies in the personal data we hold upon request by the data subject. Additionally, data subjects have the right to request the deletion of their personal data under specific circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when consent is withdrawn.
  • Right to Object and Restrict Processing:
    Data subjects have the right to object to the processing of their data or request that the processing be restricted in certain circumstances. We respect these rights and ensure that such requests are handled in accordance with applicable laws.

5. Third-Party Data Sharing

  • Strict Vendor Management:
    We work only with third-party vendors who meet our stringent privacy and security standards. All vendors undergo a rigorous assessment process before any data sharing occurs, ensuring they have the necessary safeguards in place.
  • Data Processing Agreements (DPA):
    All third-party vendors with whom we share data must sign a Data Processing Agreement that clearly defines the scope, purpose, and limitations of data processing activities. These agreements also include obligations related to data protection and incident response.
  • Cross-Border Data Transfers:
    When data is transferred across international borders, we ensure that it is protected by appropriate safeguards, such as standard contractual clauses, binding corporate rules, or other legally recognized mechanisms. We also comply with local data protection laws in all jurisdictions where we operate.

6. Compliance & Regulatory Adherence

  • Global Compliance:
    We comply with all relevant data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other local and international data protection laws. Our compliance efforts are continuously reviewed and updated to align with evolving legal requirements.
  • Data Protection Officer (DPO):
    We have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy, ensuring compliance with regulatory requirements, and serving as a point of contact for data subjects and regulatory authorities.

7. Incident Response & Breach Notification

  • Comprehensive Incident Response Plan:
    We have a detailed Incident Response Plan in place that outlines the procedures for detecting, responding to, and mitigating the impact of data breaches and other security incidents. This plan includes predefined roles and responsibilities, communication protocols, and escalation procedures.
  • Breach Notification Protocols:
    In the event of a data breach, we are committed to notifying affected individuals and relevant regulatory authorities as required by law. Notifications are made promptly, providing clear and concise information about the breach, the data affected, and the steps being taken to mitigate the impact.
  • Post-Incident Review:
    Following any incident, we conduct a thorough post-incident review to identify the root cause, evaluate the effectiveness of our response, and implement improvements to prevent future occurrences.

8. Employee Training & Awareness

  • Ongoing Training Programs:
    We provide regular training to all employees on data protection principles, privacy regulations, and our internal security policies. This training is designed to ensure that every employee understands their role in protecting data and can recognize potential threats.
  • Phishing Simulations and Security Drills:
    To enhance awareness and preparedness, we conduct regular phishing simulations and security drills. These exercises help employees recognize and respond to security threats, reinforcing the importance of vigilance.
  • Culture of Privacy:
    We foster a culture of privacy within our organization, encouraging all employees to prioritize data protection in their daily work. This culture is supported by continuous communication and leadership commitment to privacy and data security.

9. Continuous Improvement

  • Policy Reviews and Updates:
    Our privacy and data security policies are subject to regular reviews and updates to ensure they remain effective in the face of evolving threats and regulatory changes. We also stay informed about industry best practices and incorporate them into our policies and procedures.
  • Client and Stakeholder Feedback:
    We actively seek feedback from our clients and stakeholders regarding our privacy and data security practices. This feedback is used to drive improvements and ensure that our policies meet the expectations of those we serve.
  • Innovation in Data Security:
    We are committed to exploring and adopting new technologies and methodologies that enhance data security. This includes staying abreast of developments in encryption, access control, and incident detection technologies.
× WeChat QR Code

Scan this QR code to add us on WeChat

× Line QR Code

Scan this QR code to add us on Line