GDPR Compliance
At iProAT we have been working through our solutions to be GDPR Compliant. This is to elaborate on the Data Privacy and Security requirements that we have set in place to ensure that we create a haven for our Customers.
Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect the information:
- iProAT Solutions Private Limited needs to perform a contract with you
- You have given iProAT Solutions Private Limited permission to do so
- Processing your personal information is in iProAT Solutions Private Limited legitimate interests
- iProAT Solutions Private Limited needs to comply with the law
iProAT Solutions Private Limited will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Data collection, Storage Limitation &Data processing
When we mapped the personal data with the channels of data collection, we ensured that safeguards were in place so that the collected data was only processed for the reason for which it was collected. We also removed any personal data that was not important to business and established how long this information was stored.
Data minimization
Data Protection Impact Assessments (DPIA) have been carried out to help define, analyse and reduce or eliminate privacy risks in data processing operations.
Individual Rights
We established our own internal mechanism on how we respond to and address requests concerning individual rights from data subjects. These rights include the right to records, the right to rectification, the right to access, the right to erasure, the right to limit processing, the right to data portability, the right to object or the right not to be subject to, including profiling, automatic decision-making.
Confidential and secure
To ensure confidentiality, honesty, and availability of information, we ensure that adequate security measures are in place. To ensure that all personal data is safe, we also use pseudonymisation through encryption and hashing. To protect personal data against accidental or unlawful damage, loss, modification, unauthorized disclosure, or access to personal data, we take necessary technical and organizational steps.
GDPR Compliance is an ongoing process and we will ensure that we periodically review our processes to ensure that we do not violate any GDPR obligations and monitor more regulatory changes closely.
