GDPR Policy
Effective Date: 21st June 2023
1. Introduction
Vibe Active Communications Limited (“the Company”) is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines our approach to data protection and the measures we have implemented to ensure compliance with the GDPR.
2. Data Controller
Vibe Active Communications Limited is the data controller responsible for the collection, processing, and storage of personal data obtained through our website and other business activities.
3. Types of Personal Data Collected
The Company may collect and process the following categories of personal data:
- Contact information (e.g., name, address, email address, telephone number)
- User account details (if applicable)
- Financial information (if applicable)
- Communication records (e.g., call records, email correspondence)
- Technical data (e.g., IP addresses, browser information, cookies)
- Location data (if applicable)
4. Purpose of Processing Personal Data
The Company processes personal data for the following purposes:
- Provision of telecommunications services.
- Customer support and service management.
- Billing and payment processing.
- Compliance with legal obligations (e.g., regulatory requirements)
- Marketing and promotional activities (with explicit consent, if required)
- Network and information security.
- Fraud prevention and detection.
5. Lawful Basis for Processing
The Company relies on the following lawful bases for processing personal data:
- Contractual necessity: Processing necessary for the performance of a contract with the data subject or to take pre-contractual steps at the data subject’s request.
- Legal obligations: Processing necessary to comply with legal obligations imposed on the Company.
- Legitimate interests: Processing necessary for the legitimate interests pursued by the Company or a third party, provided such interests are not overridden by the data subject’s rights and interests.
- Consent: Processing based on the data subject’s freely given, specific, informed, and unambiguous consent (where applicable).
6. Data Subject Rights
Data subjects have the following rights regarding their personal data:
- Right to access: The right to request access to personal data we hold about them.
- Right to rectification: The right to request correction or completion of inaccurate or incomplete personal data.
- Right to erasure: The right to request deletion of personal data under certain circumstances.
- Right to restrict processing: The right to request restriction of processing of personal data under certain circumstances.
- Right to data portability: The right to receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller, where technically feasible.
- Right to object: The right to object to the processing of personal data based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: The right to withdraw consent to the processing of personal data, where applicable.
7. Data Security Measures
The Company takes appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:
- Implementing robust network and information security controls.
- Regular data security assessments and audits.
- Encryption and pseudonymization of personal data where applicable.
- Restricted access controls and user authentication mechanisms.
- Regular staff training on data protection and security.
8. Data Retention
Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. The retention periods will be reviewed and updated periodically.
9. Third-Party Disclosures
The Company may share personal data with third-party service providers and partners as necessary for the provision of our telecommunications services and the fulfillment of our contractual obligations. We ensure that such third parties are compliant with applicable data protection laws and have appropriate safeguards in place.
10. International Data Transfers
In the event of transferring personal data to countries outside the European Economic Area (EEA), the Company will ensure appropriate safeguards are in place to protect the data in accordance with GDPR requirements.
11. Changes to the GDPR Policy
The Company may update this GDPR policy from time to time to reflect changes in legal or regulatory requirements, industry practices, or our business operations. Any updates will be communicated to data subjects as required by law.