Data Policy

This Data Rights Policy establishes the protocol to comply with the rights of access, rectification, erasure (right to be forgotten), restriction of processing, objection, data portability, and objection to automated decision-making concerning personal data processed by Leapfrog Connect.

This policy is designed to adhere to the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws, ensuring that data subjects can exercise their rights effectively.

Terms and definitions

  • Data Subject: The individual to whom the data belongs.
  • Personal Data: Any information concerning identified or identifiable individuals.
  • Data Processing: Operations or technical procedures involving the collection, recording, storage, modification, or transfer of personal data.
  • Data Controller: The entity that determines the purpose, content, and use of data processing.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.
  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of their personal data.
  • Right of Access: The right to request a copy of personal data processed.
  • Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to Be Forgotten): The right to request the deletion of personal data.
  • Right to Restriction of Processing: The right to request limitation of data processing in specific circumstances.
  • Right to Object: The right to object to the processing of personal data for specific purposes.
  • Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format or request its transfer to another controller.
  • Right to Object to Automated Decision-Making: The right to not be subject to decisions based solely on automated processing, including profiling.

Data Subject Rights

Personal Data Processing

Data subjects have the right to request information regarding their personal data, including its source, processing purposes, and any transfers made or planned. They may exercise the following rights at no cost:

  1. Right of Access:
    • Data subjects can request confirmation of whether their data is being processed and may receive a copy of their data in a commonly used electronic format.
  2. Right to Rectification:
    • Data subjects can request correction of inaccurate data or completion of incomplete data.
  3. Right to Erasure (Right to Be Forgotten):
    • Data subjects can request deletion of personal data when:
      • It is no longer necessary for the purposes it was collected.
      • They withdraw their consent.
      • The processing is unlawful.
      • Legal obligations necessitate deletion.
  4. Right to Restriction of Processing:
    • Data subjects can request limitation of data processing when:
      • Data accuracy is contested.
      • Processing is unlawful but deletion is not desired.
      • The data is no longer needed but is required for legal claims.
      • An objection to processing is pending resolution.
  5. Right to Object:
    • Data subjects can object to processing for reasons related to their particular situation. Objections to processing for direct marketing or profiling must always be respected.
  6. Right to Data Portability:
    • Data subjects can request their data be transferred to themselves or another controller in a structured, machine-readable format.
  7. Right to Object to Automated Decision-Making:
    • Data subjects can refuse decisions made solely on automated processing, unless necessary for contractual purposes or explicitly consented to.

Exercising data rights

Data subjects can exercise their rights by submitting a written request to the designated email address: connect@lftechnology.com. The request must include:

  • The full name of the data subject.
  • A detailed description of the requested action.
  • A copy of a valid identification document.

Requests submitted on behalf of a data subject by a legal representative must include proof of representation.

Response procedures and timelines

The Privacy Officer will review and respond to all requests within the following timeframes:

  • Right of Access: 1 month
  • Right to Rectification: 1 month
  • Right to Erasure: 1 month
  • Right to Restriction of Processing: 1 month
  • Right to Object: 1 month
  • Right to Data Portability: 1 month
  • Right to Object to Automated Decision-Making: 1 month

In complex cases, the response period may be extended by an additional 2 months, with notification provided to the data subject.

Refusal to comply with request

The Privacy Officer may refuse requests under the following circumstances:

  • The request is repetitive, excessive, or manifestly unfounded.
  • The data subject has already exercised the same right within a 12-month period without new justification.
  • The request would infringe upon the rights of others or contravene legal obligations.

Data subjects will be informed in writing of the reasons for refusal and their right to file a complaint with the relevant data protection authority.

Dispute resolution

In the event of a dispute regarding data rights, the Privacy Officer will attempt to resolve the issue internally. If unresolved, the matter may be escalated to the appropriate regulatory authority for resolution.

Contact information

For inquiries or requests related to this policy, please contact:
Privacy Officer Email: connect@leapfrogconnect.co

This policy is reviewed annually to ensure compliance with applicable laws and best practices.

Last Updated December 2024