Data Protection Policy

1. Purpose

This Data Protection Policy outlines Leadstalk Digital Ltd.’s commitment to safeguarding the personal data of our clients, employees, and partners. We adhere to the strict standards set forth by the General Data Protection Regulation (GDPR) and the Data Protection Act 2017 of Mauritius.

2. Scope

This Data Protection Policy applies to all employees, contractors, and representatives of Leadstalk Digital Ltd., regardless of their location, whether in Mauritius or abroad. It governs the handling of all personal data processed in the course of delivering Leadstalkโ€™s services.

Please note that this policy does not apply to third-party applications (e.g., CRM platforms) or services (e.g., hosting services) that are used or implemented on behalf of clients as part of service delivery. These services are covered by the respective privacy policies of those third-party providers.

That said, Leadstalk exercises due diligence in selecting reputable partners and service providers whose data protection standards align with or are compatible with our own.

3. Data Protection Principles

Leadstalk Digital Ltd. commits to the following principles to ensure the protection of personal data:

  • Processed lawfully, fairly, and transparently.
  • Collected for specific, explicit, and legitimate purposes.
  • Adequate and limited to what is necessary for the intended purposes.
  • Accurate and kept up to date.
  • Stored only as long as necessary for the purposes outlined.
  • Secured against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • Managed with accountability and transparency

4. Rights of Data Subjects

Individuals whose data is processed by Leadstalk Digital Ltd. enjoy the following rights:

  • Access to their personal data.
  • Correction or erasure of their personal data as appropriate.
  • Restriction of processing and the ability to object to processing.
  • Data portability to another data controller.

5. Data Processing Activities

Leadstalk Digital Ltd. processes personal data strictly according to documented instructions from our clients (the data controllers) and legal obligations. This includes processing for:

  • Consent: Processing based on clear and voluntary agreement by the data subject.
  • Contractual necessity: Processing required to fulfill a contract or pre-contractual obligations.
  • Legal requirements: Processing necessary to comply with the law.
  • Legitimate interests: Processing necessary for the legitimate interests pursued by Leadstalk Digital Ltd. or a third party, balanced against the interests or rights of the data subject.

6. Data Breach Notification

Should a data breach occur, Leadstalk Digital Ltd. will promptly notify the client. We also assist clients in fulfilling their data breach reporting obligations to supervisory authorities and affected individuals, if necessary.

8. Data Transfers

Data transfers outside the European Economic Area or Mauritius are conducted according to the clients’ instructions under legal frameworks, ensuring compliance with international data transfer regulations.

9. Roles and Responsibilities

All employees and contractors of Leadstalk Digital Ltd. are responsible for ensuring that data is processed in accordance with this policy and relevant laws. This responsibility includes following strict guidelines and procedures when handling personal data.

10. Amendments

This policy may be updated periodically to reflect changes in legal standards, our practices, or advances in technology.