Effective Date: November 29, 2024.
CreatorsDesk AI (the “Platform”), a product of Lazostar LLC (“Company,” “we,” “us,” or “our”), is committed to protecting the personal data of its users in compliance with the General Data Protection Regulation (GDPR). This policy outlines the principles, rights, and procedures we follow to ensure GDPR compliance and safeguard the rights of individuals whose data we process.
1. Introduction
The GDPR, effective as of May 25, 2018, establishes a comprehensive legal framework designed to protect the privacy and personal data of individuals within the European Economic Area (EEA). This policy applies to all data subjects whose personal data is processed by Lazostar LLC, regardless of whether they reside within or outside the EEA. By adhering to this policy, we aim to align our operations with GDPR’s stringent requirements, promoting accountability and transparency in how we manage and safeguard personal data. Through these measures, we uphold the trust of our users and ensure their rights are fully protected.
2. Definitions
2.1 Personal Data: Personal data refers to any information that relates to an identified or identifiable individual (“data subject”). Examples include names, email addresses, IP addresses, and device identifiers, among other data that could identify an individual directly or indirectly.
2.2 Processing: Processing encompasses a wide range of activities performed on personal data, whether automated or manual. It includes collecting, recording, organizing, storing, adapting, using, disclosing, and erasing personal data.
2.3 Data Controller: As the data controller, Lazostar LLC determines the purposes and methods for processing personal data. We bear ultimate responsibility for ensuring data is processed in compliance with GDPR.
2.4 Data Processor: A data processor is a third party that processes personal data on behalf of Lazostar LLC based on our instructions. Examples include cloud storage providers and payment processors.
2.5 Data Subject: A data subject is any individual whose personal data is collected or processed by Lazostar LLC. This includes users of CreatorsDesk AI.
3. GDPR Principles
We adhere to seven core GDPR principles that form the foundation of lawful and ethical data processing practices:
3.1 Lawfulness, Fairness, and Transparency: All data processing activities are conducted lawfully, with fairness to the data subject, and in a transparent manner that ensures individuals understand how their data is used.
3.2 Purpose Limitation: Personal data is collected and processed solely for specified, explicit, and legitimate purposes. We do not repurpose data in ways that conflict with its original purpose without obtaining additional consent.
3.3 Data Minimization: We limit data collection to what is strictly necessary to achieve the purposes for which it is processed, ensuring that irrelevant or excessive data is not collected.
3.4 Accuracy: Personal data is maintained accurately and kept up-to-date as necessary. We take reasonable steps to rectify inaccuracies promptly upon discovery or notification.
3.5 Storage Limitation: Personal data is retained only for as long as it is needed to fulfill its processing purposes. Once the data is no longer required, we securely delete or anonymize it in compliance with legal and operational requirements.
3.6 Integrity and Confidentiality: We implement robust security measures to protect personal data against unauthorized access, accidental loss, or damage. This includes encryption, access controls, and secure storage.
3.7 Accountability: Lazostar LLC accepts responsibility for ensuring compliance with GDPR principles and demonstrating adherence through internal audits, documentation, and regular reviews.
4. Data Subject Rights
Under GDPR, individuals have enhanced rights concerning their personal data, and we are committed to honoring these rights:
4.1 Right to Access: Data subjects may request a copy of their personal data and receive information on how it is being processed, the purposes of processing, and the parties with whom their data is shared.
4.2 Right to Rectification: Data subjects can request corrections or updates to any inaccurate or incomplete personal data.
4.3 Right to Erasure: Often referred to as the “right to be forgotten,” data subjects may request the deletion of their personal data under specific circumstances, such as when the data is no longer needed for its original purpose or when consent is withdrawn.
4.4 Right to Restrict Processing: Data subjects can request that their personal data only be processed for specific purposes, such as for legal claims, while restricting other processing activities.
4.5 Right to Data Portability: Upon request, we provide personal data in a structured, commonly used, and machine-readable format, enabling the data subject to transfer it to another data controller.
4.6 Right to Object: Data subjects can object to processing activities based on legitimate interests, including direct marketing, and we will cease such processing unless we can demonstrate compelling legitimate grounds.
4.7 Right to Withdraw Consent: Data subjects may withdraw consent at any time, without affecting the lawfulness of processing conducted prior to withdrawal.
4.8 Right to Lodge a Complaint: If a data subject believes their rights have been violated, they may lodge a complaint with the relevant supervisory authority in their jurisdiction.
5. Lawful Bases for Processing
Our data processing activities are grounded in one or more of the following lawful bases:
5.1 Consent: We obtain explicit consent from data subjects for specific processing purposes, ensuring they understand and agree to how their data will be used.
5.2 Contractual Necessity: Data processing is essential to fulfill contractual obligations, such as providing access to CreatorsDesk AI services or facilitating subscription payments.
5.3 Legal Obligation: Processing is necessary to comply with legal obligations, such as tax reporting or responding to law enforcement requests.
5.4 Legitimate Interests: Processing is conducted to further our legitimate interests, such as improving the Platform’s functionality, provided it does not override the rights and freedoms of data subjects.
6. Data Protection Measures
To safeguard personal data, we have implemented comprehensive data protection measures:
6.1 Security Measures: Our security protocols include encryption of sensitive information, role-based access controls, secure storage solutions, and regular audits to identify and mitigate vulnerabilities.
6.2 Data Retention: We retain personal data only for as long as necessary to meet processing purposes, legal requirements, or operational needs. Data no longer required is securely deleted or anonymized.
6.3 Data Transfers: When transferring data outside the EEA, we ensure compliance with GDPR by implementing safeguards such as Standard Contractual Clauses, Binding Corporate Rules, or relying on adequacy decisions where applicable.
7. Data Breach Response
In the event of a data breach, we follow a structured response plan:
7.1 Assess the Breach: We evaluate the nature, scope, and potential impact of the breach to determine its severity.
7.2 Notify Authorities: If the breach poses a risk to the rights and freedoms of data subjects, we notify the relevant supervisory authority within 72 hours.
7.3 Inform Data Subjects: Affected data subjects are promptly informed if the breach presents a high risk to their rights and freedoms, outlining the nature of the breach and any recommended protective measures.
7.4 Mitigate Impact: We take immediate corrective actions to contain the breach, prevent recurrence, and minimize its impact.
8. Data Processing Agreements
All third-party processors engaged by Lazostar LLC are required to sign data processing agreements (DPAs) that outline their obligations under GDPR. These agreements ensure that processors handle personal data securely and only as instructed by us.
9. Training and Awareness
Regular training programs are conducted for employees and contractors involved in data processing to reinforce GDPR compliance. These sessions focus on best practices, security protocols, and awareness of data protection responsibilities.
10. Updates to This Policy
This policy may be updated periodically to reflect changes in legal requirements or business practices. Significant updates will be communicated to users through email notifications or prominent notices on the Platform. Continued use of the Platform constitutes acceptance of the revised policy.
11. Contact Information
For questions or concerns regarding this GDPR Compliance Policy or to exercise your rights, please contact us:
Lazostar LLC
312 W 2nd St #2131
Casper, WY 82601
Email: info@creatorsdesk.co