Legal

GDPR Compliance

Our commitment to protecting your personal data under the General Data Protection Regulation

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

Request a copy of your personal data we hold.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request limitation of how we use your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data.

Data Protection Measures

We implement robust security measures to protect your data:

End-to-end encryption for data in transit and at rest

Regular security audits and penetration testing

Access controls and authentication mechanisms

Data minimization and purpose limitation

Regular staff training on data protection

Incident response and breach notification procedures

1. Our Commitment to GDPR

CompliVault is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). We have implemented comprehensive policies and technical measures to ensure the privacy and security of your information.

2. Data Controller

CompliVault Technologies Pvt. Ltd. acts as the data controller for personal data collected through our platform. We determine the purposes and means of processing your personal data in accordance with GDPR requirements.

3. Lawful Basis for Processing

Consent: When you have given clear consent for us to process your personal data
Contract: When processing is necessary for performing a contract with you
Legal Obligation: When we need to comply with legal requirements
Legitimate Interests: When processing is necessary for our legitimate business interests

4. Data Processing

We process personal data only when we have a lawful basis to do so. We maintain detailed records of our processing activities and conduct regular impact assessments for high-risk processing operations.

5. International Transfers

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions. We only transfer data to countries that provide adequate protection for personal data.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After the retention period, data is securely deleted or anonymized.

7. Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible, and affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

8. Contact Our DPO

For any GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer at dpo@complivault.in. We aim to respond to all legitimate requests within one month.

Data Protection Measures

We implement robust security measures to protect your data:

End-to-end encryption for data in transit and at rest

Regular security audits and penetration testing

Access controls and authentication mechanisms

Data minimization and purpose limitation

Regular staff training on data protection

Incident response and breach notification procedures

3. Lawful Basis for Processing

Consent: When you have given clear consent for us to process your personal data

Contract: When processing is necessary for performing a contract with you

Legal Obligation: When we need to comply with legal requirements

Legitimate Interests: When processing is necessary for our legitimate business interests