Effivity GDPR Compliance Declaration
Effective date: 1 May 2020
By setting high data protection standards, the (GDPR) is designed to protect the fundamental human right to privacy. When offering you Effivity, we strive to ensure that any personal data transmitted through Effivity is processed in a lawful, fair, and transparent manner. We are also committed to helping our clients to understand how we comply with the GDPR.
This GDPR Compliance Declaration applies to personal data collected and processed through the business process automation software-as-a-service Effivity (https://www.effivity.com) for productivity enhancement.
The entity that is responsible for collection and further processing of personal data through Effivity is Effivity Technologies Pvt Ltd having a registered business address at A-4, Narsinhdham Society, Near Mother School, Gotri Road, Vadodara, 390021, Gujarat, India
(“we”, “us”, and “our”). To comply with our obligations under the GDPR, we have updated our policies and procedures and made them available for your consultation at any time. For more information on our data protection practices, please refer to our:
• Data processing agreement available at Data Processing Agreement(the “DPA”).
About The GDPR
The GDPR, the most comprehensive EU data protection law in decades and the most stringent data protection framework in the world, went into effect on May 25 2018. Besides strengthening and standardising data protection requirements across the Member States of the EU, it introduced new or additional obligations on all organisations that handle EU residents’ personal data, regardless of where those organisations are located.
Our Compliance With The GDPR
The GDPR’s updated requirements are significant and our team has adapted Effivity’s services, operations, policies, and contractual commitments to help us and our clients to comply with the requirements set by the GDPR. The measures that we have implemented include, but are not limited to:
· Investments in our security infrastructure;
· Updates to relevant contractual terms;
· Support for international data transfers by means of our DPA; and
· Offering data portability and data management tools, including: data import, export, amendment, and deletion tools whereby our clients may access, import, export, update, and delete their data through their user account.
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies and update the features of Effivity and our contractual commitments accordingly. We will provide you with regular updates regarding our data protection practices, so that you stay up-to-date with them.
Our Role Under The GDPR
As a provider of Effivity, we act both as a data controller and data processor. Our role depends on the specific situation that involves the processing of personal data:
• We act as a data controller when we ask our clients to submit their personal data for account registration purposes, payment processing purposes, or if they contact us directly. As a data controller, we comply with our obligations and remain solely responsible for the personal data obtained directly from our clients.
• We act as a data processor in the situations when our clients conclude a service contract with us and certain personal data is uploaded by them to be processed through Effivity. In such cases, the obligations applicable to data processors under the GDPR will apply to us. To ensure that we process personal data on behalf of our clients in compliance with the GDPR, we offer for conclusion our DPA, a copy of which is available at Data Processing Agreement.
Our Security Infrastructure and Certifications
Protecting personal data belonging to our clients and processed on behalf of them is of utmost importance to us. Therefore, we have set high standards for security and take administrative, organisational and technical security measures to protect personal data submitted through Effivity from loss, misuse, unauthorised access, and disclosure. The security measures implemented by us include:
• Maintaining adequate access control mechanisms (e.g., two-factor authentication, password protection, and limited access) covering any systems, servers, or files in which personal data is stored;
• DDOS mitigation;
• Using SSL encryption for any transmission of personal data electronically;
• Limiting access to personal data by our officers, directors, employees, consultants, and representatives only to the specific purposes; and
• Obtaining information security certificates signifying our adherence to the highest information security standards (we certified under ISO 27001:2013) and conducting regular information security audits.
We also make use of technology partners and third-party service providers who are carefully selected as complying with the highest data protection and information security standards.
International Data Transfers: Standard Contractual Clauses
The GDPR sets strict requirements for transfer of personal data outside the EU. To ensure that EU residents’ personal data remains safe and secure, the GDPR allows such international transfers only if certain safeguards are implemented, such as (the list is not exhaustive):
· Approved certification mechanisms are used; or
· Approval from data protection supervisory authorities is received.
To comply with the GDPR requirements and ensure that our personal data submitted to us remains secure, we offer our DPA based on Standard Contractual Clauses to meet adequacy and security requirements for our clients who operate in the EU or submit EU resident’s personal data through Effivity. The Standard Contractual Clauses are implemented in our DPA available at Data Processing Agreement.
Fulfilling our data protection commitments is important to us. If you have any questions about our GDPR compliance or would like to how more how we can help you with compliance, please contact us.
Post address: A-4, Narsinhdham Society, Near Mother School, Gotri Road, Vadodara, 390021, Gujarat, India