GDPR Compliance

Our commitment to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation.

Home Legal GDPR Compliance

Contents

  1. Introduction
  2. GDPR Key Principles
  3. Individual Rights
  4. Our GDPR Compliance Measures
  5. Data Collection and Processing
  6. International Data Transfers
  7. Data Breach Procedures
  8. Data Protection Officer
  9. Contact Us

1. Introduction

YugantarX is committed to ensuring the privacy and protection of personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines our approach to GDPR compliance and how we implement data protection principles across our organization and services.

The GDPR is a European Union regulation that establishes a comprehensive framework for the protection of personal data. It applies to organizations that process personal data of individuals in the EU, regardless of where the organization is located. As a global provider, we embrace the GDPR principles and extend these protections to all our clients and users worldwide.

Scope of Application:

This GDPR Compliance policy applies to all personal data processed by YugantarX , including data related to our clients, employees, contractors, partners, and website visitors. It covers data processed through our website, services, applications, and business operations.

2. GDPR Key Principles

Our data protection practices are built on the seven key principles outlined in Article 5 of the GDPR:

1

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how and why we collect and use personal data.

2

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

3

Data Minimization

We limit the collection of personal data to what is adequate, relevant, and necessary for the purposes for which it is processed.

4

Accuracy

We take reasonable steps to ensure personal data is accurate, up-to-date, and corrected or deleted when inaccurate.

5

Storage Limitation

We keep personal data in a form that permits identification only for as long as necessary for the purposes for which it is processed.

6

Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

7

Accountability

We take responsibility for and can demonstrate compliance with the GDPR principles through appropriate policies, procedures, and documentation.

3. Individual Rights

Under the GDPR, individuals have several rights regarding their personal data. YugantarX respects and facilitates these rights:

  • Right to Information: We provide clear, transparent information about our data collection and processing activities.
  • Right of Access: Individuals can request confirmation of whether we process their personal data and receive a copy of that data.
  • Right to Rectification: Individuals can request that inaccurate personal data be corrected or completed if it is incomplete.
  • Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data under certain circumstances.
  • Right to Restriction of Processing: Individuals can request that we restrict the processing of their personal data in certain cases.
  • Right to Data Portability: Individuals can request their personal data in a structured, commonly used, and machine-readable format and have it transferred to another controller.
  • Right to Object: Individuals can object to the processing of their personal data in certain circumstances.
  • Rights Related to Automated Decision Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

How to Exercise Your Rights:

To exercise any of these rights, please contact our Data Protection Officer at dpo@yugantarx.com. We will respond to your request within 30 days and take appropriate action in accordance with the GDPR requirements.

4. Our GDPR Compliance Measures

At YugantarX , we have implemented comprehensive measures to ensure GDPR compliance across our organization and services:

4.1 Data Protection by Design and Default

We incorporate data protection principles into our business processes and development lifecycle. Our systems and services are designed with privacy in mind, ensuring that data protection is a core consideration rather than an afterthought.

4.2 Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for processing activities that may result in high risks to individuals' rights and freedoms. These assessments help us identify and minimize data protection risks in our products and services.

4.3 Staff Training and Awareness

We provide regular training to our employees on data protection principles, GDPR requirements, and our specific data protection policies and procedures. This ensures a strong culture of data protection throughout our organization.

4.4 Data Processing Agreements

We maintain appropriate data processing agreements with our clients, vendors, and partners that outline the parties' responsibilities regarding data protection and ensure compliance with GDPR requirements.

4.5 Documentation and Record-Keeping

We maintain detailed records of our processing activities as required by Article 30 of the GDPR, including the purposes of processing, categories of data subjects and personal data, recipients of data, data retention periods, and security measures.

4.6 Technical and Organizational Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures
  • Employee training on security best practices
  • Physical security measures for our facilities

5. Data Collection and Processing

5.1 Legal Basis for Processing

We process personal data only when we have a legal basis to do so under the GDPR. The legal bases we rely on include:

  • Consent: The individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with the individual or to take steps at the individual's request before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

5.2 Types of Data We Collect

Depending on the services provided, we may collect and process the following types of personal data:

  • Contact information (name, email, phone number, address)
  • Business information (job title, company name, industry)
  • Account credentials (username, password)
  • Financial information (billing details, payment information)
  • Technical information (IP address, device information, browsing data)
  • Usage information (service usage metrics, preferences)

5.3 Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are determined based on:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Legal, regulatory, or contractual requirements

Upon the expiration of the applicable retention period, we securely delete or anonymize personal data in accordance with our data retention policy.

6. International Data Transfers

YugantarX is a global company with operations in multiple countries. We may transfer personal data to countries outside the European Economic Area (EEA) where necessary for our business operations or to provide services to our clients.

When transferring personal data outside the EEA, we ensure adequate protections are in place through one or more of the following mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules for transfers within our corporate group
  • Transfers to countries that have received an adequacy decision from the European Commission
  • Derogations under Article 49 of the GDPR in specific limited circumstances

We regularly review our data transfer mechanisms to ensure they remain valid and provide appropriate safeguards in light of evolving regulations and court decisions.

7. Data Breach Procedures

We maintain robust procedures to detect, report, and investigate personal data breaches in accordance with the GDPR. Our data breach response plan includes:

  • A dedicated incident response team responsible for managing data breaches
  • Procedures for identifying and assessing the scope and impact of a breach
  • Processes for containing, mitigating, and recovering from breaches
  • Notification protocols for informing affected individuals, data protection authorities, and other relevant parties
  • Documentation requirements for recording breach details and response actions
  • Post-breach review to identify improvements to security and response procedures

Notification Timeline:

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also communicate the breach to affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

8. Data Protection Officer

YugantarX has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. The DPO's responsibilities include:

  • Monitoring compliance with the GDPR and other data protection laws
  • Advising on data protection impact assessments
  • Training staff on data protection matters
  • Cooperating with supervisory authorities
  • Serving as a point of contact for individuals on privacy matters

Our DPO operates independently and reports directly to the highest management level of the organization to ensure data protection considerations are given appropriate weight in business decisions.

9. Contact Us

If you have any questions, concerns, or requests regarding this GDPR Compliance statement or our data protection practices, please contact our Data Protection Officer at:

Data Protection Officer

Priya Sharma

dpo@yugantarx.com

+91 123 456 7890

YugantarX , Bangalore, India

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The competent supervisory authority will depend on your habitual residence, place of work, or the place of the alleged infringement.

Last Updated: April 7, 2025