GDPR

RaeonTech Pvt. Ltd.

Effective Date: January 2024

1. Introduction

At BizFluence LLP (Formerly RaeonTech) (“the Company”), we are committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy outlines our approach to ensuring that personal data is handled responsibly and by GDPR requirements.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of BizFluence LLP (Formerly RaeonTech) who process personal data on behalf of the Company. It covers all personal data processed by the Company, regardless of its form or location.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Data Subject: The individual whose personal data is being processed.
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: The entity that processes personal data on behalf of the controller.

4. Data Protection Principles

We adhere to the following principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary for the purposes of processing.
  4. Accuracy: Personal data is accurate and, where necessary, kept up to date.
  5. Storage Limitation: Personal data is kept for no longer than is necessary for the purposes for which it is processed.
  6. Integrity and Confidentiality: Personal data is processed securely to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.

5. Data Subject Rights

Data subjects have the following rights under GDPR:

  1. Right to Access: Obtain confirmation as to whether personal data concerning them is being processed and access to such data.
  2. Right to Rectification: Request correction of inaccurate or incomplete personal data.
  3. Right to Erasure (“Right to be Forgotten”): Request deletion of personal data where it is no longer necessary for the purposes for which it was collected.
  4. Right to Restrict Processing: Request restriction of processing under certain conditions.
  5. Right to Data Portability: Receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
  6. Right to Object: Object to the processing of personal data for certain purposes, including direct marketing.
  7. Right to Lodge a Complaint: Lodge a complaint with a supervisory authority.

6. Legal Basis for Processing

The Company processes personal data based on one or more of the following legal grounds:

  1. Consent provided by the data subject.
  2. Performance of a contract.
  3. Compliance with a legal obligation.
  4. Legitimate interests pursued by the Company or a third party.
  5. Protection of vital interests of the data subject or another person.
  6. Performance of a task carried out in the public interest.

7. Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data, including:

  1. Encryption and pseudonymization of personal data.
  2. Regularly testing, assessing, and evaluating the effectiveness of security measures.
  3. Limiting access to personal data to authorized personnel only.
  4. Secure storage and transfer of personal data.

8. Data Breach Notification

In the event of a personal data breach, the Company will:

  1. Notify the relevant supervisory authority within 72 hours, where feasible.
  2. Inform affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  3. Document all data breaches, including the facts, effects, and remedial actions taken.

9. Third-Party Processor

The Company ensures that all third-party processors comply with GDPR requirements by:

  1. Conducting due diligence before engaging third-party processors.
  2. Entering into data processing agreements that outline GDPR-compliant obligations.

10. Data Retention

The Company retains personal data only as long as necessary for the purposes for which it was collected or as required by law. Data no longer needed will be securely deleted or anonymized.

11. Training and Awareness

All employees and contractors are trained on GDPR requirements and data protection best practices. Regular updates and refresher training sessions are conducted to ensure ongoing compliance.

12. Contact Information

For any questions or concerns regarding this policy or data protection practices, please contact:

Data Protection Officer (DPO):
Email: inquiry@raeontech.com

13. Policy Review

This policy is reviewed annually or whenever there are significant changes in GDPR or Company operations. Updates will be communicated to all relevant stakeholders.