Data Protection Policy

Data Protection Policy
Last Updated 2026
Entity Refers to Leadorbit Solutions, a duly registered business entity.
GDPR Refers to the General Data Protection Regulation.
Responsible Person Refers to the Data Protection Officer (DPO) appointed by Leadorbit Solutions.
Data Registry Refers to a maintained record of all systems and environments where personal data is processed by Leadorbit Solutions and its associated brands.


1. Data Protection Principles

Leadorbit Solutions is committed to ensuring that all personal data is processed in accordance with GDPR obligations.

  • Processed securely using appropriate technical and organisational controls to prevent unauthorised access, loss, alteration, or damage.
  • Processed lawfully, fairly, and transparently.
  • Collected for specific, explicit, and legitimate purposes and not used in any manner incompatible with those purposes.
  • Adequate, relevant, and limited to only what is necessary.
  • Accurate and, where required, kept updated. Reasonable steps will be taken to correct or remove inaccurate data.
  • Processed in a manner that ensures complete confidentiality, integrity, and security.


2. General Provisions
  • This policy applies to all personal data processed by Leadorbit Solutions.
  • The appointed Responsible Person (DPO) is accountable for ensuring compliance with this policy.
  • This policy will undergo a formal review once every year.


3. Lawful, Fair & Transparent Processing
  • A comprehensive Register of Systems will be maintained to record all personal data processing activities.
  • The register will be reviewed annually to ensure continued compliance.
  • Individuals may request access to their personal data, and Leadorbit Solutions will respond within a reasonable timeframe.


4. Lawful Purposes
  • All data processing must be supported by a lawful basis: consent, contract, legal obligation, vital interests, public task, or legitimate interests.
  • The applicable lawful basis for each processing activity will be recorded in the Register of Systems.
  • Where processing relies on consent, clear and unambiguous opt-in consent will be obtained and securely stored.
  • Individuals may withdraw consent at any time, and the systems will reflect this change without delay.


5. Data Minimisation
  • Personal data collected and processed will always be limited to what is strictly necessary for the intended purpose.


6. Accuracy
  • Reasonable measures will be taken to ensure that all personal data remains accurate and up to date.
  • Appropriate procedures will be implemented to amend or update data when required.


7. Archiving & Removal
  • Personal data will not be retained for longer than necessary.
  • A defined archiving policy will specify retention periods, reasons for retention, and deletion procedures.
  • The archiving and retention schedule will be reviewed annually.


8. Security
  • Personal data will be stored using secure, up-to-date, and industry-standard software systems.
  • Access to personal data will be restricted to authorised personnel only.
  • Deleted data will be disposed of securely to ensure irrecoverability.
  • Regular data backups and disaster recovery mechanisms will be maintained.


9. Data Breach
  • In the event of a data breach involving unauthorised access, loss, alteration, or destruction, Leadorbit Solutions will:
    • Immediately assess the potential impact and associated risks.
    • Report the breach to regulatory authorities if required under GDPR guidelines.
    • Notify affected individuals where applicable.
    • Implement corrective measures to prevent recurrence.

END OF POLICY