Data Protection

Comprehensive data protection measures ensuring your information is secure while we work together to protect marine life.

Compliance with GDPR, CCPA, and international data protection standards

Data Protection Overview

At Oceanaplas, data protection is fundamental to our operations. We implement comprehensive measures to ensure the security, privacy, and proper handling of all personal and research data entrusted to us.

Our data protection framework complies with international standards including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Our Commitment: We protect your data with the same dedication we bring to protecting marine ecosystems.

Legal Basis for Processing

We process personal data only when we have a valid legal basis. Our legal bases include:

Primary Legal Bases

  • Consent: When you explicitly agree to processing
  • Contract: For employment and service agreements
  • Legal Obligation: When required by law
  • Vital Interests: To protect life and safety

Conservation-Specific Bases

  • Legitimate Interest: Marine conservation research
  • Public Interest: Environmental protection activities
  • Scientific Research: Marine ecosystem studies
  • Statistical Purposes: Conservation impact analysis

Data Categories and Processing

Personal Data Categories

Identity Data

  • Name and contact details
  • Professional qualifications
  • Employment history

Technical Data

  • IP addresses and device info
  • Usage analytics
  • Cookie preferences

Research Data

  • Scientific contributions
  • Conservation project data
  • Volunteer participation

Special Category Data

We may process special categories of data only with explicit consent or other lawful basis:

  • Health data (for field research safety requirements)
  • Biometric data (for secure facility access)
  • Location data (for marine research activities)

Security Measures

Technical Safeguards

Encryption

AES-256 encryption for data at rest, TLS 1.3 for data in transit

Access Controls

Multi-factor authentication, role-based access, principle of least privilege

Monitoring

24/7 security monitoring, intrusion detection, audit logging

Backup & Recovery

Encrypted backups, disaster recovery procedures, business continuity planning

Organizational Measures

Staff Training

Regular data protection training, security awareness programs

Policies & Procedures

Comprehensive data protection policies, incident response procedures

Vendor Management

Due diligence on third parties, data processing agreements

Regular Audits

Internal audits, external security assessments, compliance reviews

Your Data Protection Rights

Under data protection laws, you have comprehensive rights regarding your personal data:

Right of Access

Request copies of your personal data and information about how it's processed

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data under certain circumstances

Right to Restrict Processing

Limit how we process your data in specific situations

Right to Data Portability

Receive your data in a structured format or transfer it to another service

Right to Object

Object to processing based on legitimate interests or for direct marketing

Right to Withdraw Consent

Withdraw consent for processing at any time

Right to Complain

Lodge complaints with supervisory authorities

International Data Transfers

Our marine conservation work is global, which may require transferring data internationally. We ensure all transfers comply with applicable data protection laws:

Transfer Safeguards

  • Adequacy decisions by regulatory authorities
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

Research Collaboration

  • International marine research partnerships
  • Data sharing agreements with research institutions
  • Conservation project coordination globally
  • Scientific publication and peer review

Data Breach Response

We have comprehensive procedures for detecting, investigating, and responding to data breaches:

Detection

24/7 monitoring systems detect potential breaches immediately

Response

Immediate containment and investigation within 1 hour of detection

Notification

Authorities notified within 72 hours, individuals without undue delay

Data Protection Contact

For data protection inquiries, to exercise your rights, or report concerns:

Data Protection Officer

dpo@oceanaplas.org

+1 (555) 123-4567 ext. 101

Response within 30 days guaranteed

Supervisory Authority

Mozambique Data Protection Authority

privacy@gov.mz

For complaints and regulatory matters