GDPR Policy

Last updated: November 8, 2025

1. Introduction

Geloka OpenMap ("we," "our," or "us") is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data and privacy of individuals located in the European Union. This GDPR Policy outlines our practices regarding the collection, processing, and protection of personal data.

2. Data Controller

Company: Geloka Inc.

Address: Rond point Maetur, Douala, LT, Cameroon

Email: contact@geloka.com

Phone: +237 655 122-498

3. Data Protection Officer

Name: Geloka

Email: contact@geloka.com

Phone: +237 655 122-498

4. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR:

  • Consent: When you explicitly agree to our data processing activities
  • Contract: To perform our contractual obligations and provide services
  • Legitimate Interest: For our legitimate business interests, provided they don't override your rights
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interests: To protect vital interests of individuals
  • Public Task: For tasks carried out in the public interest

5. Categories of Personal Data

5.1 Data Provided by You

  • Identification data (name, email, phone number)
  • Account credentials
  • Communication preferences
  • Support requests and feedback

5.2 Data Collected Automatically

  • IP addresses and geolocation data
  • Device and browser information
  • Usage patterns and API call logs
  • Cookies and tracking data
  • Performance and analytics data

6. Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request information about what personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restriction

You can request limitation of how we process your personal data.

Right to Data Portability

You can request your personal data in a structured, machine-readable format.

Right to Object

You can object to our processing of your personal data in certain situations.

7. Data Processing Purposes

We process personal data for the following purposes:

  • Providing our geospatial mapping and analytics services
  • Managing user accounts and authentication
  • Processing payments and managing subscriptions
  • Providing customer support and communication
  • Improving our services and developing new features
  • Ensuring security and preventing fraud
  • Complying with legal obligations
  • Conducting analytics and research

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, in accordance with our data retention schedule and legal requirements. Specific retention periods include:

  • Account data: Retained for the duration of your account plus 3 years after account closure
  • Payment data: Retained for 7 years for tax and accounting purposes
  • Communication data: Retained for 3 years for support and dispute resolution
  • Analytics data: Anonymized after 2 years or as required for legitimate business purposes

9. Data Security

We implement comprehensive security measures to protect personal data:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and multi-factor authentication
  • Secure data centers with physical security
  • Employee training on data protection
  • Incident response and breach notification procedures

10. International Data Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

11. Cookies and Tracking

We use cookies and similar technologies in compliance with GDPR requirements. You have the right to withdraw consent for non-essential cookies at any time through your browser settings or our cookie preferences.

12. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

13. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to identify and minimize data protection risks. DPIAs are conducted before implementing new technologies or processes that may significantly affect personal data processing.

14. Exercising Your Rights

To exercise your GDPR rights, please contact our Data Protection Officer using the information provided above. We will respond to your request within one month, with possible extension to two months for complex requests. We may request verification of your identity before processing your request.

15. Complaints

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with your local data protection authority. You can find contact details for your supervisory authority at: European Data Protection Board

16. Updates to This Policy

We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes and update the "Last updated" date at the top of this policy.

17. Contact Information

For GDPR-related inquiries or to exercise your rights, please contact:

Data Protection Officer: Geloka

Email: contact@geloka.com

Phone: +237 655 122-498

Address: Rond point Maetur, Douala, LT, Cameroon