The GDPR requires an organization to tell the users about their 8 rights under the GDPR, which
are:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights related to automated decision making and profiling
Basis the content given by the user, there are 6 legal bases, which are as follows:
The data subject has given consent to the processing
Processing is necessary for performance of a contract between the two parties
Processing is necessary for compliance with a legal obligation
Processing is necessary to protect the data subject's vital interests
Processing is necessary in order to protect a public interest or exercise official
authority
Processing is necessary for the purpose of legitimate interests, so long as fundamental
rights and freedoms are not infringed.
How we use information, we collect: (This description is available on the website of the
organization and is available for all users/visitors for the page who may submit data)
- For Safety and Security
- To protect our legitimate business interest and legal rights
- With your consent – We may publish testimonies or featured customer stories about our
services, with your permission.
Legal bases for processing:
- The information collected is used to provide services including operate the service,
provide customer support, provide personalized service and protect the user’s safety and
security.
Security and retention of your information
ADUPPADIYUM POTHICHORUM implements a variety of security safeguards designed to
protect information. These safeguards may vary based on the sensitivity of the
information collected. However, no method or transmission over the internet or
electronic system is completely secure, so there is no guarantee that such data may not
be accessed, disclosed, altered, or destroyed in connection with a breach of our physical,
technical, organizational, or managerial safeguards.
The Data is deleted or de-identified when it is no longer needed to fulfill these purposes
unless a longer retention period is required to comply with applicable laws. There may
be technical or other operational reasons where the data is not fully deleted or de�identified. Where
this
is the case, ADUPPADIYUM POTHICHORUM takes reasonable
measures to prevent further processing your information.
Storage and handling of Data/information:
Information collected by ADUPPADIYUM POTHICHORUM is classified as per the
information classification policy. Critical/Sensitive information are stored with
appropriate access controls and reviewed for security on a regular basis.
Changes to policy:
The data privacy policy is reviewed from time to time and updated as per the
law/regulations.
Data Protection by Design and Default
(Article 25 Paragraph 2 GDPR);
Privacy Governance
ADUPPADIYUM POTHICHORUM implements TECHNICAL AND ORGANISATIONAL
MEASURES, at the earliest stages of the design of the processing operations, in such a
Confidential Page 7 of 8
DATA PRIVACY POLICY
way that safeguards privacy and data protection principles right from the start (‘data
protection by design’). By default, ADUPPADIYUM POTHICHORUM ensure that personal
data is processed with the highest privacy protection (for example only the data
necessary are processed, short storage period, and limited accessibility) so that by default
personal data are not made accessible to an indefinite number of persons (‘data
protection by default’).
ADUPPADIYUM POTHICHORUM implements TECHNICAL AND ORGANISATIONAL
MEASURES, at the earliest stages of the design of the processing operations, in such a
Confidential Page 7 of 8
DATA PRIVACY POLICY
way that safeguards privacy and data protection principles right from the start (‘data
protection by design’). By default, ADUPPADIYUM POTHICHORUM ensure that personal
data is processed with the highest privacy protection (for example only the data
necessary are processed, short storage period, and limited accessibility) so that by default
personal data are not made accessible to an indefinite number of persons (‘data
protection by default’).
The principles and practices that we observe at ADUPPADIYUM POTHICHORUM to ensure
the privacy protection, confidentiality of communication and legal protection of our
customers.
Our framework is build based on the seven foundational principles:
Privacy is proactive, not reactive, and anticipate privacy issues before they reach the user.
Privacy is also being preventative, not remedial.
Privacy is the default setting. The user should not have to take actions to secure their
privacy, and consent for data sharing should not be assumed.
Privacy is embedded into design. It is a core function of the product or service, not an
add-on.
Privacy offers end-to-end lifecycle protection of user data. This is engaging in proper data
minimization, retention and deletion processes.
Privacy standards is visible, transparent, open, documented and independently
verifiable. PRB CONSULTING’s processes, in other words, stand up to external scrutiny.
Privacy is user-centric. This is giving users granular privacy options, maximized privacy
defaults, detailed privacy information notices, user-friendly options and clear notification
of changes.
Order or Contract Control
Third-party data processing as per Article 28 GDPR will not be performed without
corresponding instructions from the Client, e.g.: clear and unambiguous contractual
arrangements, formalized order management, strict controls on the selection of the
Service Provider, duty of pre-evaluation, supervisory follow-up checks
