Data Protection Policy
1. Objective
Jamborow will process personal data lawfully, fairly, transparently, securely and for specified purposes. It will apply privacy by design and by default to product development, onboarding, integrations and partner programmes.
2. Governance
Jamborow should maintain a privacy governance framework including a named privacy lead or DPO where required, records of processing activities, DPIAs for high-risk processing, processor due diligence, data sharing agreements, privacy notices, incident response, staff training and periodic compliance reviews.
3. Data protection principles
Jamborow will apply lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.
4. Sensitive and financial data
Because Jamborow may process identity, KYC, financial, group-membership, credit, biometric or other sensitive information, enhanced controls should be applied, including strict access rights, encryption, segregation of duties, audit logging, retention controls and management approval for new use cases.
5. Processors and suppliers
Suppliers must be assessed for security, location, sub-processors, breach reporting, audit rights, deletion/return of data and cross-border transfer safeguards.
6. DPIAs
A Data Protection Impact Assessment should be completed for high-risk activities, including automated decisioning, credit risk profiling, large-scale financial data processing, biometrics, vulnerable user programmes, new country launches and major API integrations.