Lorann LLC upholds data compliance with both CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) through a series of stringent measures and protocols. These measures encompass various aspects:
Data Collection and Consent: Lorann LLC strictly adheres to the principle of obtaining explicit and unambiguous consent from individuals before collecting their data. This involves ensuring that consent is freely given, specific, and informed. For GDPR compliance, it is imperative to inform individuals about the categories of personal information and the purposes for which it will be used at or before the collection point. Under CCPA, it involves informing consumers about the categories of personal information and the purposes for which it will be used.
Data Processing and Purpose Limitation: The company ensures that personal data is collected for specific, explicit, and legitimate purposes and is further processed in a manner compatible with those purposes. Lorann LLC limits data processing to the purposes for which the data was collected, aligning with the purpose limitation principle of GDPR and CCPA’s regulations.
Data Minimization: Lorann LLC practices data minimization by ensuring that only the necessary personal information for the specified purposes is collected and processed. This approach aligns with GDPR’s data minimization principle and CCPA’s mandate to collect relevant and limited necessary data.
Security Measures: To comply with GDPR and CCPA, Lorann LLC implements appropriate technical and organizational measures to ensure security appropriate to the risk. This includes protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage by encryption and ensuring confidentiality, integrity, availability, and resilience of processing systems and services.
Data Subject Rights: Lorann LLC recognizes and facilitates the rights of data subjects under GDPR, which include the right to access, rectification, erasure, restriction of processing, data portability, and objection. Similarly, under the CCPA, consumers are given the right to know about the personal information collected about them, the right to delete personal information, the right to opt out of the sale of their personal information, and the right to non-discrimination for exercising their CCPA rights.
Data Breach Notification: In compliance with GDPR and CCPA, Lorann LLC has procedures to detect, report, and investigate personal data breaches. GDPR mandates notification of a data breach to the supervisory authority within 72 hours of becoming aware, whereas CCPA requires businesses to notify consumers of a breach.
Vendor Management and Due Diligence: Lorann LLC conducts due diligence with third parties and vendors to ensure they comply with GDPR and CCPA. Contracts with processors include clauses that specify the rights and obligations of both parties, including data protection aspects.
By adhering to these principles and measures, Lorann LLC demonstrates its commitment to protecting personal data and ensuring its practices align with the CCPA and GDPR, reflecting its dedication to privacy, security, and consumer rights.
If you have any questions about this privacy policy, please contact us at [email protected]