GDPR Compliance

1. Introduction

At Gyri Infotech, we are committed to ensuring that our Perfeckto Quality Management System (QMS) software and related services comply with the General Data Protection Regulation (GDPR). This document outlines our approach to GDPR compliance and provides information about how we process personal data in accordance with GDPR requirements.

2. Data Controller and Data Processor Roles

Under the GDPR, Gyri Infotech acts as a Data Processor when processing personal data on behalf of our customers who use our QMS software. Our customers act as Data Controllers, determining the purposes and means of processing personal data.

Gyri Infotech acts as a Data Controller for personal data we collect directly from individuals, such as our website visitors, prospective customers, and our own employees.

3. GDPR Principles We Follow

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and transparently.
• Purpose limitation: We collect personal data for specified, legitimate purposes only.
• Data minimization: We only collect data necessary for the purpose.
• Accuracy: We keep personal data accurate and up to date.
• Storage limitation: We retain data only as long as needed.
• Integrity and confidentiality: We ensure data is secure and protected.
• Accountability: We demonstrate GDPR compliance actively.

4. Legal Basis for Processing

We process personal data under these legal bases:

• Consent: When you have given us permission for a specific purpose.
• Contract: When necessary for performing a contract or taking steps prior to entering one.
• Legal obligation: When required for compliance with legal duties.
• Legitimate interests: When necessary for our or a third party’s legitimate interests, balanced against your rights.

5. Data Subject Rights

You have the following rights under GDPR:

• Right to access – Request a copy of your data.
• Right to rectification – Correct inaccurate or incomplete data.
• Right to erasure – Request deletion of your data.
• Right to restrict processing – Request limitation on how we use your data.
• Right to data portability – Receive your data in a portable format.
• Right to object – Object to data processing in certain cases.
• Rights related to automated decision-making – Not be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us using the details in the Contact Us section.

6. Data Protection Measures

We use the following security measures:

• Encryption in transit and at rest
• Regular security testing
• Access control and authentication
• Backups and disaster recovery
• Staff training on data security
• Data protection impact assessments (DPIAs)

7. International Data Transfers

If we transfer data outside the EEA, we implement safeguards such as:

• Standard contractual clauses
• Binding corporate rules
• Adequacy decisions
• Explicit informed consent

8. Data Breach Notification

In case of a data breach, we will notify the relevant supervisory authority within 72 hours if required, and affected individuals if the risk is high.

9. Data Protection Officer

Our DPO oversees our data protection compliance. Contact:

Email: [email protected]

Address: INDIA