1. Purpose

The purpose of this Data Management Policy is to ensure that all data collected, stored, processed, and shared by Lema Press is handled responsibly, securely, and in compliance with applicable laws and industry best practices.

2. Scope

This policy applies to:

• All Lema Press employees, contractors, consultants, and partners.
• All forms of data handled by the company, including customer information, employee records, financial data, production data, and operational information.
• All systems and platforms used to store or process data.

3. Data Classification

Lema Press classifies data into the following categories:

• Public Data – Approved for public release.
• Internal Data – Intended for internal company use.
• Confidential Data – Restricted to authorized staff.
• Personal Data – Data identifying an individual.
• Sensitive Personal Data – Financial, legal, or other highly protected data.

4. Data Collection

• Data must be collected legally and ethically for legitimate business purposes.
• Only the minimum necessary data should be collected.
• Individuals must be informed of the purpose of data collection.

5. Data Storage and Protection

• Data must be stored in secure systems with appropriate access controls.
• Confidential and personal data must be encrypted in transit and at rest.
• Regular data backups must be performed and securely stored.
• Access to data must follow the principle of least privilege.

6. Data Access and Usage

• Data may only be used for official company purposes.
• Unauthorized access, sharing, or modification is prohibited.
• Employees must follow authentication and password policies.
• External parties require signed data protection agreements.

7. Data Quality

• Data must be accurate, complete, and regularly updated.
• Errors must be corrected promptly.

8. Data Sharing and Transfer

• Data may only be shared through approved internal and external procedures.
• Sensitive data must be transferred using secure methods.
• International data transfers must comply with applicable regulations.

9. Data Retention

• Retention periods must align with legal and business requirements.
• Data no longer needed must be securely deleted or anonymized.

10. Data Breach and Incident Management

• Suspected or confirmed breaches must be reported immediately.
• Lema Press will investigate incidents and take corrective action.
• Authorities and affected individuals will be notified when required.

11. Employee Responsibilities

• All employees must comply with this policy.
• Training will be provided regularly on data security and protection.
• Non-compliance may result in disciplinary measures.

12. Policy Review

This policy will be reviewed annually or when significant changes occur in technology, operations, or legislation affecting Lema Press.