GDPR Compliance
At contriva, we take compliance of data privacy and security regulations very seriously. For the GDPR, we are working diligently to ensure that we are compliant with the rules laid out by the law and provide product functionality and mould our services to enable us to remain compliant. In the following sections, we have outlined our approach to comply with the GDPR.
contriva GDPR Compliance
contriva group is a provider of cloud based services which include advisory services, cloud migration and deployment solutions, cloud native applications, data analytics and other cloud based products. contriva has a global presence having its offices at Pune, Mumbai, Singapore, Malaysia, Europe, USA, Australia and Canada.
Our website is used and explored by our clients (existing and prospective), and through the same we at contriva process certain amount of personal data of our clients (existing and prospective) in the capacity of a Data Controller. While providing our solutions and services we assume the role of a Data Processor for our clients, who provide us personal information for the purposes of our offerings.
Risk Assessment
We have performed a company-wide information discovery exercise to identify and assess what personal information we hold, where it comes from, how and why it is processed, and to whom it is disclosed.
Data Subject Consent
As a Data Controller, contriva has updated its Privacy Policies, Cookies Policy and Disclaimer for the usage of the Cookies in as per the requirements of GDPR on its website www.contriva.com.
As a Data Processor, we execute contracts required under the GDPR with our clients (who are the Data Controllers) and process the personal information as per their directions and in accordance with the GDPR where applicable. Additionally, we implement technical and organizational security measures to ensure compliances.
Transfer of Data Outside EU
contriva has in place an article 28 GDPR-compliant data processing addendum including the EU Model Clauses to ensure an appropriate legal basis for data transfers outside the EU.
Data Retention & Erasure
We have formulated a data retention policy and schedule to ensure that we comply with the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived, and destroyed in accordance with the GDPR.
Record Keeping as per the GDPR
According to Article 30 of the GDPR, each processor and controller’s representative needs to maintain a record of all activities pertaining to the processing of personal information in such an organization. contriva maintains a controller processing record as required under Article 30(1) of the GDPR as well as processor processing record as required under Article 30(2) of the GDPR.
Data Breach and Mitigation Process
The GDPR has stipulated measures and notifications that must be made upon discovery of a data security breach. contriva has put in place internal measures to minimize the risk of any data security breach happening. However, in the unlikely event of any such breach happening, contriva intends to honour its responsibilities as laid down under the GDPR, which includes notifying in a timely manner, its customers, and the supervisory authorities (if contriva is the Data Controller).
Compliance Team
We have a team of leaders who head our GDPR compliance initiative and ensures that the processes flow down to each individual within the organization who handles data governed by the GDPR; should you require any clarification on any aspect of contriva’s compliance efforts please contact our team at info@contrivainc.com.
contriva Promise on GDPR
At contriva, maintaining the security, integrity, safety and confidentiality of personal data in our business is one of the highest priorities. contriva has already taken adequate measures to ensure that we fulfil our promise of being fully compliant with GDPR! In case you have any queries, please feel free to reach us at info@contrivainc.com.