STEMAIDE Africa ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Data Privacy Policy outlines how we collect, use, disclose, and protect your personal information.
The purpose of this Data Privacy Policy is to inform individuals about how STEMAIDE Africa collects, uses, stores, and protects personal data. This policy ensures transparency and accountability in our data handling practices.
This policy applies to all personal data collected by STEMAIDE Africa from customers, users, and visitors of our website, services, and products. It outlines our practices and procedures for handling such data.
We collect various types of personal data, including but not limited to:
We collect and process personal data based on the following legal grounds:
Personal data is collected through various methods, including:
Data subjects have the right to consent to the collection and processing of their personal data. They can withdraw their consent at any time by contacting us.
We do not knowingly collect personal data from children under the age of 13 without parental consent. Parents or guardians can review, modify, or delete their child's personal data by contacting us.
Personal data is used for various purposes, including:
We collect only the personal data necessary to fulfill the specified purposes and avoid excessive data collection.
All personal data is processed lawfully, fairly, and transparently in compliance with applicable laws and regulations.
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.
We take reasonable steps to ensure that personal data is accurate and up-to-date. Data subjects can update their information by contacting us.
Personal data may be shared with third parties for specific purposes, such as service provision and legal compliance. We ensure that such transfers are conducted securely and in compliance with applicable laws.
Data subjects have several rights regarding their personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability.
Data subjects can request access to their personal data by contacting us. We will provide the requested information within a reasonable time frame.
Data subjects can request the rectification of inaccurate data and the erasure of data that is no longer necessary for the specified purposes.
Data subjects can request the restriction of processing under certain conditions, such as when the accuracy of the data is contested.
Data subjects can object to the processing of their personal data for direct marketing purposes or other legitimate interests.
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect them.
We implement appropriate technical and organizational measures to ensure the security of personal data, including:
Personal data is encrypted during transmission and storage. Where appropriate, we also pseudonymize data to protect individuals' privacy.
We have procedures in place to detect, respond to, and report data breaches. Affected data subjects will be notified promptly if a breach poses a high risk to their rights and freedoms.
Our employees are trained on data privacy and security practices. They are required to follow internal policies and procedures to protect personal data.
We may engage third-party processors to perform certain functions on our behalf, such as payment processing and data analysis.
We conduct due diligence to ensure that third-party processors have adequate data protection measures in place.
We enter into data processing agreements with third-party processors to ensure compliance with data protection laws.
We regularly monitor and audit third-party processors to ensure they comply with our data protection requirements.
Personal data may be transferred to countries outside the European Economic Area (EEA) using appropriate transfer mechanisms, such as:
We ensure that transfers are based on adequacy decisions by the European Commission or standard contractual clauses that provide appropriate safeguards.
We may use BCRs or other certification mechanisms to ensure that personal data transferred internationally is adequately protected.
Our Data Protection Officer (DPO) is responsible for overseeing compliance with this policy and data protection laws. The DPO can be contacted at dop@stemaide.com
We have internal policies and procedures in place to ensure compliance with data protection laws and this policy.
We conduct data protection impact assessments (DPIAs) for high-risk processing activities to identify and mitigate potential risks.
We regularly audit and review our data protection practices to ensure ongoing compliance and identify areas for improvement.
We have procedures in place to handle data breaches and complaints. Data subjects can contact us to report a breach or file a complaint.
We regularly review and update this policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website.
We will notify data subjects of any significant changes to this policy and obtain their consent where required.
STEMAIDE Africa is committed to protecting the privacy and personal data of our users. We strive to implement best practices and comply with all applicable data protection laws.
If you have any questions or concerns about this Data Privacy Policy or our data protection practices, please contact us at: contact@stemaide.com