GDPR Policy

Effective Date: June 30, 2023

1. **Introduction**

Lemeister (“Company”, “we”, “us”, “our”) is committed to ensuring the security and protection of the personal data that we process and provide a compliant and consistent approach to data protection. We comply with the EU General Data Protection Regulation (GDPR) and have strict policies and procedures in place to ensure compliance.

2. **Scope**

This policy applies to all personal data processed by Lemeister, including data we collect from individuals who use our services, visit our website, communicate with us, and participate in our promotional activities.

3. **Data Protection Principles**

We adhere to the following data protection principles as set out by GDPR:

– Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

– Purpose Limitation: We only collect personal data for specified, explicit, and legitimate purposes.

– Data Minimisation: We only process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it’s processed.

– Accuracy: We keep personal data accurate and up to date.

– Storage Limitation: We retain personal data for no longer than is necessary for the purposes for which the personal data is processed.

– Integrity and Confidentiality: We ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

4. **Data Subject’s Rights**

We provide data subjects with the following rights:

– Right to Access: Data subjects have the right to request information about whether and how we process their personal data.

– Right to Rectification: Data subjects have the right to request us to correct inaccurate personal data and to complete incomplete personal data.

– Right to Erasure (Right to be Forgotten): In certain circumstances, data subjects have the right to the erasure of their personal data.

– Right to Restrict Processing: Data subjects have the right to request the restriction of the processing of their personal data.

– Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format, and have the right to transmit that data to another controller.

– Right to Object: Data subjects have the right to object to the processing of their personal data under certain circumstances.

– Rights related to Automated Decision Making including Profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

5. **Consent**

We only process personal data based on valid consent, and we ensure that consent is freely given, specific, informed, and unambiguous.

6. **Data Breaches**

We have implemented procedures to handle any suspected personal data breach. We will notify data subjects and any applicable regulator of a breach where we are legally required to do so.

7. **Data Transfers**

We do not transfer personal data to countries outside the European Economic Area (EEA) unless they provide an adequate level of protection for personal data.

8. **Data Protection Officer (DPO)**

We have appointed a DPO who is responsible for overseeing our data protection strategy and its implementation to ensure compliance with GDPR requirements. Our DPO can be contacted at:

9. **Changes to this Policy**

We reserve the right to update and change this policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make in the future will be posted on this page.