1. Data Collection

Clearly state what personal data you collect, the purposes for collecting it, and how it is used.

2. Legal Basis

Specify the legal bases for processing personal data (e.g., consent, contractual necessity, legal obligations).

3. Data Subject Rights

Inform users about their rights under GDPR, including the right to access, rectify, erase, restrict processing, and data portability.

4. Data Transfers

Describe any data transfers outside the EU and the safeguards in place, such as Standard Contractual Clauses or adequacy decisions.

5. Consent Mechanisms

Under GDPR, consent must be freely given, specific, informed, and unambiguous. You should:

• Obtain Consent: Use clear and affirmative actions to obtain consent for data processing activities. Avoid pre-ticked boxes or implicit consent mechanisms.
• Separate Consents: Ensure that consent for different data processing activities (e.g., marketing, analytics) is obtained separately.
• Withdraw Consent: Provide a simple mechanism for users to withdraw their consent at any time.

6. Cookie Policy

Your Cookie Policy should comply with GDPR requirements by:

• Informing Users: Clearly explain the use of cookies and similar technologies, the types of data collected, and the purposes for which they are used.
• Obtaining Consent: Obtain explicit consent from users before placing non-essential cookies on their devices. This often involves a cookie consent banner or pop-up.
• Managing Preferences: Allow users to manage their cookie preferences, including an option to refuse or disable cookies.

7. User Rights and Requests

Ensure you have processes in place to handle requests from EU users exercising their GDPR rights:

• Access Requests: Users have the right to access their personal data. Provide an easy way for them to request this information.
• Access Requests: Allow users to obtain their personal data in a structured, commonly used format, and to transfer it to another service.
• Right to Erasure: Implement a procedure for users to request the deletion of their personal data.
• Right to Rectification: Allow users to correct any inaccuracies in their personal data.

8. Data Security Measures

Implement technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption: Use encryption to protect sensitive data, especially during transmission and storage.
• Access Controls: Limit access to personal data to authorized personnel only.
• Regular Audits: Conduct regular security audits and risk assessments.

9. Data Breach Notification

In the event of a data breach, GDPR requires that you:

• Notify Authorities: Inform the relevant supervisory authority within 72 hours of becoming aware of the breach if there is a risk to the rights and freedoms of individuals.
• Notify Affected Individuals: If the breach is likely to result in a high risk to individuals’ rights and freedoms, you must also notify the affected individuals without undue delay.

10. Data Protection Officer (DPO)

Depending on the size and nature of your processing activities, GDPR may require you to appoint a Data Protection Officer (DPO) to oversee compliance efforts, particularly if you process large amounts of personal data or sensitive data.

11. GDPR Compliance

Data Collection and Use: Clearly describe the types of personal data collected, the purposes for which the data is used, and the legal basis for processing (e.g., consent, legitimate interest).

User Rights: Include information on GDPR rights, such as the right to access, rectify, erase, restrict processing, data portability, and the right to object. Explain how users can exercise these rights.

Data Transfers: If personal data is transferred outside the EU, detail the safeguards in place to protect the data, such as Standard Contractual Clauses or Privacy Shield (for data transferred to the US).

Data Retention: Specify how long personal data is retained and the criteria used to determine this period.

Security Measures: Outline the security measures in place to protect personal data.

12. CCPA Compliance

Data Collection and Use: Detail the categories of personal information collected, the purposes for collection, and the categories of third parties with whom the data may be shared.

Consumer Rights: Include information on CCPA rights, such as the right to know, right to delete, and right to opt-out of the sale of personal information. Explain how California residents can exercise these rights.

Non-Discrimination: Assure users that they will not face discrimination for exercising their CCPA rights.

Notice of Data Collection: If applicable, provide a notice at the point of data collection, informing users about the data being collected and its intended use.

13. Company Address

Aparajayah Technologies Pvt Ltd,
Flat no: 2&3, 2nd Floor, VOC Street, Indian Bank Colony,
New Natham Road, Madurai 625014,Tamil Nadu,India.