Data Protection Policy (GDPR Compliance)
Last Updated: September 18, 2024
At Skymium Technologies Private Limited (“Skymium Technologies Pvt. Ltd.”, “we”, “us”, or “our”), we are committed to protecting the personal data of our customers, partners, and visitors. This Data Protection Policy outlines how we collect, process, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR), other applicable data protection laws, and best practices.
This policy applies to all personal data processed by us, regardless of whether the data subject is in the European Union (EU) or elsewhere.
1. Key Definitions
- Personal Data: Any information relating to an identified or identifiable natural person (a “data subject”). This can include names, addresses, email addresses, payment information, or any other data that can identify a person.
- Data Controller: Skymium Technologies Pvt. Ltd., which determines the purposes and means of processing personal data.
- Data Processor: Any third-party entity that processes personal data on behalf of Skymium Technologies Pvt. Ltd.
- Processing: Any operation performed on personal data, whether automated or manual, including collection, storage, modification, and deletion.
- Data Subject: Any individual whose personal data is processed by Skymium Technologies Pvt. Ltd.
2. Legal Basis for Processing
Under GDPR, we only process personal data where we have a valid legal basis to do so. The legal bases for processing personal data include:
- Consent: The data subject has given clear and informed consent for the processing of their personal data for one or more specific purposes.
- Contractual Necessity: Processing is necessary to fulfill a contract with the data subject, such as providing services or products.
- Legal Obligation: Processing is necessary to comply with a legal obligation.
- Legitimate Interests: Processing is necessary for the legitimate interests of Skymium Technologies Pvt. Ltd., provided these interests are not overridden by the data subject’s fundamental rights and freedoms.
3. Data Collection and Processing
We collect and process personal data in a fair, transparent, and lawful manner. The types of personal data we collect and process include, but are not limited to:
- Contact Information: Name, email address, phone number, mailing address.
- Payment Information: Billing information, credit card details (processed securely).
- Business Information: Company name, industry, services required.
- Technical Data: IP address, browser type, operating system, device information, and usage patterns.
3.1. Purpose of Data Collection
We process personal data for the following purposes:
- To provide and improve our services and products.
- To communicate with customers about orders, services, or customer support.
- To process payments and manage transactions.
- To comply with legal obligations and respond to law enforcement requests.
- For marketing purposes, provided explicit consent has been given (e.g., newsletters).
- For analytics, research, and development to improve our offerings.
4. Data Subject Rights
As a data subject under the GDPR, you have specific rights regarding your personal data. Skymium Technologies Pvt. Ltd. is committed to ensuring that you can exercise these rights.
4.1. Right to Access
You have the right to request access to your personal data and obtain information about how it is being processed, including:
- The purposes of the processing.
- The categories of personal data being processed.
- The recipients or categories of recipients with whom the data is shared.
- The period for which the data will be stored.
4.2. Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete the data.
4.3. Right to Erasure (“Right to be Forgotten”)
You have the right to request the deletion of your personal data under the following circumstances:
- The personal data is no longer necessary for the purposes for which it was collected.
- You withdraw consent where consent was the legal basis for processing.
- You object to processing, and there are no overriding legitimate grounds for continued processing.
- The personal data was unlawfully processed.
4.4. Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful but you do not want the data erased.
4.5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another data controller where technically feasible.
4.6. Right to Object
You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing purposes or when processing is based on our legitimate interests.
4.7. Right to Withdraw Consent
If processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
5. Data Retention
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Personal data will be securely deleted or anonymized once it is no longer needed.
- Transactional Data: Retained to comply with legal, tax, or regulatory obligations.
- Marketing Data: Retained until you opt out of marketing communications.
6. Data Security
We implement appropriate technical and organizational measures to ensure the security of personal data. These measures are designed to protect against unauthorized access, accidental loss, destruction, or damage.
- Encryption: Personal data, such as payment information, is encrypted during transmission using SSL (Secure Socket Layer) technology.
- Access Control: Access to personal data is restricted to authorized personnel who require the information to perform their duties.
- Regular Audits: We regularly review our security practices and systems to detect and address vulnerabilities.
7. Data Sharing and Transfers
We will not sell or lease your personal data to third parties. However, we may share your personal data with:
- Service Providers: Third-party vendors that help us deliver services, such as payment processors, email services, and data analytics.
- Legal Authorities: Where required by law or in response to valid requests by public authorities, such as law enforcement or regulatory agencies.
7.1. International Transfers
If we transfer personal data outside the European Economic Area (EEA), we will take appropriate safeguards to ensure that your personal data remains protected in accordance with GDPR. These measures may include:
- Standard Contractual Clauses: Data transfers based on contractual terms approved by the European Commission.
- Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection.
8. Data Breach Notification
In the event of a data breach that may result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk to you as an individual, we will notify you without undue delay.
9. Third-Party Data Processors
We work with third-party service providers who act as data processors to help us provide our services. These third parties may have access to personal data only for the purpose of performing specific tasks on our behalf and are contractually obligated to keep your information confidential and secure.
We regularly review and audit our third-party processors to ensure compliance with GDPR and this Data Protection Policy.
10. Data Protection Officer (DPO)
Skymium Technologies Pvt. Ltd. has appointed a Data Protection Officer (DPO) to oversee compliance with GDPR and other data protection laws. You can contact the DPO regarding any issues or questions related to this Data Protection Policy at info@skymium.com.
11. Complaints and Supervisory Authority
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU or in your country of residence.
For more information, or to make a complaint, you can contact your local data protection authority.
12. Changes to This Data Protection Policy
We may update this Data Protection Policy from time to time in response to changes in our data processing practices, regulatory requirements, or other legal obligations. Any updates will be posted on this page, and we will notify you of any significant changes. The “Last Updated” date will be revised accordingly.
13. Contact Us
If you have any questions or concerns regarding this Data Protection Policy or your personal data, please contact us at:
Skymium Technologies Private Limited
Email: info@skymium.com