fbpx

General Data Protection Regulation

Our Compliance for GDPR

Based on the directives set across the General Data Protection Regulation (EU) 2016/679 (“GDPR”) our compliance policy for GDPR sets out the steps that Zelite Solutions Pvt. Ltd. (hereinafter referred as Zelite) is taking to ensure Zelite complies with the European Union’s new General Data Protection Regulation (GDPR). This regulation is designed to protect an individual’s personal data. In addition to giving citizens control of their personal data, the GDPR also aims to unify data protection laws across the European Union and the European Economic Area (EEA).

In accordance with the directives laid down in GDPR, below are the GDPR principles that Zelite complies with all the personal data

  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes
  • Accurate and kept up-to-date
  • Kept for no longer than necessary
  • Processed in a manner that ensures appropriate security.

As per the adherence to GDPR directives – we follow the following procedures. These procedures are set out as a data processor, our responsibilities are limited being a data processor under the Data Protection Act.

As a part of our responsibilities in line with the GDPR directives with reference to Article 5 and Article 6 of the GDPR below are procedures implemented and followed by Zelite.

High Level Data flow Map

We maintain a high level data flow map for all the processing requirements we receive from our client from time to time wherein we act a data processor as per the article 4 of the GDPR. The data flow map help understand our clients how their data flows with the Zelite environment and how all have access to it.

High Level Data Map

In accordance with GDPR compliances – it is important for Zelite and its client to understand what data falls under GDPR and how to handle it appropriately. To address this, Zelite shall use GDPR Data Map template, this will allow Zelite and its client get a clear understanding of exactly what data is Zelite in possession of and how that data is moving through Zelite as an organization. The key elements that shall be maintain in the data map is as below.

1. How was the data collected?

It is essential to understand the source of data collection as from where it has been collected.

2. What personal data is Zelite collecting?

The personal data of the data subject that is being collected as per the GDPR guidelines. Which doesn’t include processing of mission critical personal data, and/or processing of special category personal data, and/or processing of processing of children data and/or processing data of criminal convictions and offences as per the GDPR article 7,8,9 and 10.

3. Why is the data being collected?

The reason behind collecting the personal data of the subject lies with our data controller which is mostly for Business Marketing purposes.

4. How the data is stored, how it will be processed and person(s) having access to it?

As per the GDPR compliance {reference Article 4(2) and (6) of the GDPR} it is important to know how the data is stored, how it will be processed and who all have access to the data at Zelite.

5. When is this data disposed?

As per the GDPR compliances it is important to know how and when Zelite shall dispose all the personal data collected on behalf of the data controller.

All the personal data collected shall be disposed within 3 months (90 days) from the date it is been delivered to the controller or as per the agreed duration with the controller whichever is less.

6. Do we have consents from the data subjects?

As per the GDPR Article 7, conditions for consent wherever Zelite acts as a Data Controller, as per the definition defined in GDPR Article 4, Zelite shall only process or acquire the personal information of the data subject(s) wherein it has received appropriate consents from the data subject(s).

7. Right to withdraw

As per the Article 7(3), GDPR, under Conditions for consent, the data subject shall have the right to withdraw his or her consent at any time. Zelite strictly adheres to this policy, as a data subject you have full rights to withdraw your consent at any time. Please write to dpo@zelitesolutions.com.

Data Processing Register

As an adherence to GDPR compliances Zelite will fully comply with certain important rules required as a data processor and/or as a data controller from time to time. As part of the set rules Zelite shall duly maintain the data processing register.

For our GDPR Privacy Notice, please refer the document Zelite Privacy Notice

For our GDPR Privacy Policy, please refer document Zelite Privacy Policy & Disclaimer

Quick Enquiry