← Back to Home

GDPR Compliance Statement

Last Updated: January 1, 2024

1. Introduction

MannaPOS is committed to protecting the privacy and personal data of our users in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Statement explains how we collect, process, and protect your personal data.

This statement applies to all individuals whose personal data is processed by MannaPOS, including customers, employees, and website visitors located within the European Economic Area (EEA).

2. Data Controller

MannaPOS Inc. acts as the Data Controller for personal data processed through our services. Our contact details are:

Company Name: MannaPOS Inc.
Address: 123 Business Avenue, Suite 100, Dar es Salaam, Tanzania
Email: dpo@mannapos.com
Phone: +255 123 456 789

3. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR:

  • Contractual Necessity: Processing necessary to perform our obligations under service agreements
  • Consent: Processing based on your explicit consent for specific purposes
  • Legal Obligation: Processing required to comply with applicable laws and regulations
  • Legitimate Interests: Processing for our legitimate business interests, where not overridden by your rights

4. Data We Collect

We collect the following categories of personal data:

  • Identity Data: Name, title, date of birth, gender
  • Contact Data: Email address, phone number, postal address
  • Financial Data: Payment information, billing address, transaction history
  • Technical Data: IP address, browser type, device information, cookies
  • Profile Data: Username, password, preferences, account settings
  • Usage Data: Service usage patterns, feature interactions, session data

5. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (right to be forgotten)
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

6. Exercising Your Rights

To exercise your GDPR rights, please contact our Data Protection Officer at dpo@mannapos.com. We will respond to your request within one month of receipt, unless the request is complex, in which case we may extend this period by up to two additional months.

We may request verification of your identity before processing your request to ensure we are disclosing data to the correct person.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Retention periods vary based on the type of data and applicable legal requirements:

  • Account Data: Retained while your account is active and for 7 years after closure
  • Transaction Data: Retained for 7 years for tax and legal compliance
  • Support Communications: Retained for 3 years
  • Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
  • Analytics Data: Retained for 2 years in anonymized form

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. We ensure adequate protection of your data by:

  • Using standard contractual clauses approved by the European Commission
  • Requiring third-party processors to maintain equivalent data protection standards
  • Complying with GDPR requirements for international transfers

10. Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority where required.

11. Children's Data

We do not knowingly collect personal data from children under 16 years of age without parental consent. If we become aware that we have collected personal data from a child without consent, we will take steps to delete such information immediately.

12. Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices, technology, or legal requirements. We will notify users of any material changes by posting the updated statement on this page.

13. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes GDPR requirements, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside, work, or where the alleged infringement occurred.

14. Contact Information

For any GDPR-related inquiries, please contact our Data Protection Officer:

Email: dpo@mannapos.com
Address: MannaPOS Inc., 123 Business Avenue, Suite 100, Dar es Salaam, Tanzania
Phone: +255 123 456 789

© 2024 MannaPOS. All rights reserved. This GDPR Compliance Statement should be read together with our Privacy Policy.