GDPR Compliance Policy

GDPR Compliance Policy

Last Updated: 10-04-2025

At iProAT Solutions Private Limited, we are committed to upholding the privacy, security, and rights of individuals under the General Data Protection Regulation (GDPR) (EU) 2016/679. We continuously improve our data handling processes to ensure that your personal data is collected, processed, and stored responsibly, lawfully, and transparently.

1. Legal Basis for Processing Personal Data

We process personal data only when we have a valid legal basis under Article 6 of the GDPR. These bases include:

  • Performance of a contract: We process your data to fulfill our contractual obligations.
  • Consent: We process your data with your clear, informed consent.
  • Legitimate interest: We process data when it is necessary for our legitimate business interests and does not override your rights.
  • Legal obligation: We process data to comply with our legal or regulatory responsibilities.

2. Data Collection and Purpose Limitation

We collect only the personal data necessary for specific, clearly defined purposes, such as:

  • Delivering our SaaS products and services
  • Managing customer relationships
  • Communicating updates or support
  • Meeting legal obligations

3. Data Minimization and Storage Limitation

We conduct regular audits to ensure:

  • Irrelevant or outdated personal data is deleted
  • Personal data is retained only for as long as necessary
  • Retention periods are aligned with legal and operational requirements

After the retention period ends, personal data is securely deleted or anonymized.

4. Data Protection Impact Assessments (DPIAs)

For high-risk processing activities, we conduct Data Protection Impact Assessments to:

  • Identify and minimize privacy risks
  • Ensure safeguards are in place
  • Maintain GDPR accountability

5. Individual Rights of Data Subjects

We have clear internal processes for managing data subject requests. You may exercise any of your rights under GDPR by contacting us at info@admin

Your rights include:

  • Right to access – Request a copy of your personal data
  • Right to rectification – Correct inaccurate or incomplete data
  • Right to erasure (right to be forgotten) – Request deletion of your data
  • Right to restriction of processing – Request to limit data use
  • Right to data portability – Transfer your data to another provider
  • Right to object – Object to data processing under certain conditions
  • Rights related to automated decision-making and profiling

We respond to all requests within one month, in accordance with GDPR requirements.

6. Data Security and Confidentiality

We use strong technical and organizational measures to protect personal data:

  • Encryption and hashing to pseudonymize sensitive information
  • Secure servers and access control protocols
  • Regular vulnerability assessments and penetration testing
  • Employee training on data security and GDPR compliance

We ensure that personal data is protected against accidental loss, unauthorized access, disclosure, or alteration.

7. Data Transfers Outside the EU/EEA

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (where applicable)
  • Transfers to countries with an adequacy decision from the European Commission

8. Third-Party Processors

We only engage third-party service providers who:

  • Are GDPR-compliant
  • Enter into Data Processing Agreements (DPAs) with us
  • Adhere to data protection standards equivalent to ours

We regularly monitor and audit third-party processors to ensure ongoing compliance.

9. Ongoing Compliance and Monitoring

GDPR compliance is not a one-time exercise. We:

  • Continuously review and update policies
  • Stay updated on GDPR amendments and regulatory trends
  • Maintain detailed processing records as required under Article 30
  • Conduct annual compliance reviews

10. Contact Us

For questions, concerns, or to exercise your rights under GDPR, please contact:

📧 Email: info@iproat.com
🌐 Website: www.iproat.com

This policy reflects our commitment to transparency, privacy, and trust. iProAT is dedicated to maintaining full compliance with GDPR and other applicable privacy regulations.

Scroll to Top