GDPR Compliance Statement
Tech SaraZ is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines our commitment to data protection and explains how we handle your personal information in accordance with GDPR requirements.
Our Commitment: We are dedicated to maintaining the highest standards of data protection and ensuring that your rights under GDPR are fully respected and protected.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all companies processing personal data of EU residents, regardless of where the company is located.
Individual Rights
Enhanced rights for individuals regarding their personal data, including access, rectification, erasure, and portability.
Data Security
Strict requirements for data security, breach notification, and implementing privacy by design and default.
Accountability
Organizations must demonstrate compliance and implement appropriate technical and organizational measures.
Our GDPR Compliance Framework
Legal Basis for Processing
We only process personal data when we have a valid legal basis under GDPR Article 6:
Consent (Article 6(1)(a))
- • Marketing communications
- • Newsletter subscriptions
- • Cookie preferences
- • Optional form fields
Contractual Necessity (Article 6(1)(b))
- • Service delivery and support
- • Project management
- • Payment processing
- • Account management
Legitimate Interest (Article 6(1)(f))
- • Website analytics
- • Fraud prevention
- • System security
- • Business communications
Legal Obligation (Article 6(1)(c))
- • Tax and accounting records
- • Regulatory compliance
- • Legal proceedings
- • Statutory reporting
Data Minimization Principles
We adhere to strict data minimization principles, ensuring we only collect and process data that is:
Adequate
Sufficient for the intended purpose
Relevant
Directly related to business needs
Limited
Not excessive for the purpose
Accurate
Up-to-date and correct
Technical and Organizational Measures
We implement comprehensive security measures to protect your personal data:
Technical Measures
Encryption
Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls
Role-based access, multi-factor authentication, regular audits
Infrastructure Security
Secure cloud hosting, firewalls, intrusion detection
Data Backup
Regular encrypted backups with secure recovery procedures
Organizational Measures
Staff Training
Regular GDPR training for all employees handling personal data
Data Protection Policies
Comprehensive policies covering data handling and privacy
Incident Response
Clear procedures for identifying and responding to data breaches
Vendor Management
Due diligence and contracts ensuring third-party compliance
Your Rights Under GDPR
Enhanced Individual Rights
Right to Information (Articles 13 & 14)
Be informed about how your personal data is being used
- • Clear privacy notices
- • Purpose of data processing
- • Legal basis for processing
- • Retention periods
Right of Access (Article 15)
Request a copy of your personal data we hold
- • Free first copy
- • Machine-readable format
- • Processing details included
- • Response within 30 days
Right to Rectification (Article 16)
Have inaccurate personal data corrected
- • Correction of errors
- • Completion of incomplete data
- • Free of charge
- • Prompt implementation
Right to Erasure (Article 17)
Request deletion of your personal data ("Right to be Forgotten")
- • No longer necessary for purpose
- • Consent withdrawn
- • Unlawfully processed
- • Legal obligation to erase
Right to Restrict Processing (Article 18)
Limit how we use your personal data
- • Accuracy disputes
- • Unlawful processing claims
- • Objection pending verification
- • Legal claims defense
Right to Data Portability (Article 20)
Receive your data in a portable format
- • Structured, machine-readable format
- • Transfer to another controller
- • Applies to automated processing
- • Based on consent or contract
Right to Object (Article 21)
Object to processing based on legitimate interests
- • Direct marketing (absolute right)
- • Legitimate interest basis
- • Public task performance
- • Profiling and automated decisions
Rights Related to Automated Decision-making (Article 22)
Protection from automated decision-making including profiling
- • Human intervention right
- • Express opinion
- • Contest the decision
- • Explanation of logic involved
How to Exercise Your Rights
Request Process
Making a Request
- 1Contact Us: Email privacy@techsaraz.com or call +91 7760231920
- 2Verify Identity: Provide sufficient information to verify your identity
- 3Specify Request: Clearly state which right you wish to exercise
- 4Await Response: We'll respond within 30 days (extendable to 60 days for complex requests)
What We May Need
- • Identity Verification: Government-issued ID, proof of address
- • Account Information: Email address, phone number, account details
- • Specific Details: What data you're requesting or want deleted
- • Timeframe: Relevant dates or periods for your request
- • Authority: If acting on behalf of someone else, proof of authorization
Note: Some requests may require additional verification for security purposes. We may charge a reasonable fee for excessive or repetitive requests.
Data Breach Procedures
Our Commitment to Breach Response
In the unlikely event of a data breach, we have comprehensive procedures in place to protect your interests:
Authority Notification
Report to relevant supervisory authority within 72 hours of becoming aware of the breach
Individual Notification
Notify affected individuals without undue delay if high risk to rights and freedoms
Mitigation Measures
Immediate action to contain breach and minimize impact on affected individuals
What We'll Tell You
- • Nature of the breach and categories of data affected
- • Likely consequences of the breach
- • Measures taken or proposed to address the breach
- • Contact point for more information
- • Recommendations for protecting yourself
International Data Transfers
While Tech SaraZ is based in India, we may transfer your personal data internationally. We ensure appropriate safeguards are in place:
Transfer Mechanisms
Adequacy Decisions
Transfers to countries recognized by EU as providing adequate protection
Standard Contractual Clauses
EU-approved contracts ensuring GDPR-level protection
Binding Corporate Rules
Internal policies approved by EU authorities
Additional Safeguards
- • Technical measures: Encryption, pseudonymization
- • Organizational measures: Access controls, staff training
- • Regular compliance assessments
- • Ongoing monitoring of protection levels
- • Suspension mechanisms if protection is undermined
Supervisory Authority and Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority:
EU Residents
Contact your national data protection authority. You can find a list of EU data protection authorities at:
European Data Protection BoardIndian Residents
For Indian data protection matters, contact:
Indian Computer Emergency Response Team (CERT-In)
Email: incident@cert-in.org.in
Before filing a complaint: We encourage you to contact us directly atprivacy@techsaraz.comso we can try to resolve your concerns promptly.
Contact Our Data Protection Officer
For any questions about GDPR compliance, data protection, or to exercise your rights:
Data Protection Officer
Email: privacy@techsaraz.com
Phone: +91 7760231920
Response Time: Within 30 days
General Inquiries
Email: info@techsaraz.com
Phone: +91 9886958347
Business Hours: Mon-Fri, 9 AM - 6 PM IST
Postal Address
Plot 7f, SNN Raj Pinnacle, 3rd floor,
Graphite India Main Rd, behind RXDX Hospital,
Doddanakundi Industrial Area 2, Phase 2,
Whitefield, Bengaluru, Karnataka 560048, India