GDPR Compliance Statement

Nurisha Africa is committed to protecting personal data and respecting privacy rights in accordance with the General Data Protection Regulation (GDPR).

1. Lawful Basis for Processing

We process personal data under lawful bases including:

• User consent
• Contractual necessity
• Legal obligations
• Legitimate business interests

2. Data Subject Rights

Users may exercise the following rights:

• Right to access personal data
• Right to correction
• Right to erasure ("Right to be Forgotten")
• Right to restrict processing
• Right to object
• Right to data portability
• Right to withdraw consent

3. Data Security

We implement administrative, technical, and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction.

4. Data Breach Procedures

In the event of a data breach affecting personal data, Nurisha Africa will investigate promptly and notify relevant authorities and affected users where legally required.

5. Data Processors

We may engage third-party processors including cloud providers, analytics providers, payment gateways, and infrastructure partners.

All processors are expected to maintain adequate data protection standards.

6. International Transfers

Where personal data is transferred internationally, appropriate safeguards are implemented to protect such data.

7. Consent Management

Users may manage marketing preferences and withdraw consent at any time.

8. Data Retention

Personal data is retained only as long as necessary for legal, operational, and contractual obligations.

9. Contact for GDPR Matters

For GDPR-related requests or concerns:

Nurisha Africa
Email: privacy@nurisha.africa
Website: https://nurisha.africa