• Wed, 5 February 2025
Linkedin X-twitter Icon-facebook

GDPR Policy

General Data Protection Regulation

What is GDPR ?

The European Union (EU) established a new rule known as the “General Data Protection Regulation” on April 8, 2016. (GDPR). It supersedes the EU Data Protection Directive and applies to all EU member countries, eliminating the need for national law. After four years of debate and changes, the legislation goes into force on May 25, 2018, putting the EU at the forefront of data protection norms.

It provides EU citizens more control and authority over personal data. Organizations that manage statistics on EU individuals will be required to follow data and privacy guidelines under this bylaw. IT Business Digest (VPROSPKTCO ANALYTICS Private Limited) has acknowledged and updated all of the essential requirements of GDPR as part of its basic policies

The European Union (EU) established a new rule known as the “General Data Protection Regulation” on April 8, 2016. (GDPR). It supersedes the EU Data Protection Directive and applies to all EU member countries, eliminating the need for national law. After four years of debate and changes, the legislation goes into force on May 25, 2018, putting the EU at the forefront of data protection norms.

It provides EU citizens more control and authority over personal data. Organizations that manage statistics on EU individuals will be required to follow data and privacy guidelines under this bylaw. IT Business Digest (VPROSPKTCO ANALYTICS Private Limited) has acknowledged and updated all of the essential requirements of GDPR as part of its basic policies

Personal data is defined in Article 4 of the GDPR as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.”

Article 5. Principles governing personal data processing:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date;
  5. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  6. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  7. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The controller shall be responsible for, and be able to demonstrate compliance with the principles.

Article 6. GDPR Lawfulness of processing:

In order to process personal data under the GDPR, there must be a legitimate legal basis. According to Article 6 of the GDPR, there are six available permissible bases for processing:

  • Consent: The data subject has provided explicit, unambiguous consent for the processing of their personal data for a specified purpose.
  • Contract: processing is required for the fulfilment of a contract with the data subject or to initiate contract negotiations.
  • Legal obligation: processing is required to comply with a legal obligation. 
  • Vital interests: processing is required to protect the vital interests of a data subject or another individual.
  • Public task: processing is required to perform a task in the public interest or in the exercise of official authority vested in the controller.
  • Legitimate interests: processing is required for the purposes of the controller’s or a third party’s legitimate interests, unless such interests are overridden by the data subject’s interests, rights, or freedoms.

This GDPR policy assures that IT Business Digest:

  • Complies with data protection act and best practises
  • Protects the rights of its employees, clients, vendors, suppliers and partners 
  • Is transparent about how it maintains and processes individuals’ data
  • Shields itself from data protection risks such as breaches of confidentiality, failure to provide choice, and adverse publicity

  The GDPR policy applies to:

  • The head office of VPROSPKTCO ANALYTICS Pvt. Ltd.
  • All branches of VPROSPKTCO ANALYTICS Pvt. Ltd.
  • All brands of VPROSPKTCO ANALYTICS Pvt. Ltd
  • All staff and volunteers of VPROSPKTCO ANALYTICS Pvt. Ltd
  • All contractors, suppliers and other people working on behalf of VPROSPKTCO ANALYTICS Pvt. Ltd

The General Data Protection Regulation (GDPR) enter into force on May 25, 2018, replacing the Data Protection Act of 1998. It applies to both data controllers and data processors, who are in charge of data protection on a daily basis.

Below definitions of GDPR terms used in this document that may be useful:

  • Data Controller (Controller): A legal person, public authority, agency, or other body that, alone or in collaboration with others, sets the aims and means of personal data processing.
  • Processor: A natural or legal person, public authority, agency, or other body that processes personal data on the controller’s behalf.
  • Data subject: An identifiable natural person is one who can be identified, directly or indirectly.
  • Personal data: Any information relating to an identified or identifiable natural person (data subject),
  • Sensitive Personal Data: Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed sensitive under applicable law is referred to as “sensitive Personal Data.”

The GDPR applies to personal data, which means any information belonging to an identifiable person who can be identified directly or indirectly, particularly through the use of an identifier. This definition includes a broad range of personal identifiers, such as name, identification number, location data, or online identity, reflecting changes in technology and the way organisations collect information about people.

IT Business Digest uses personal information to:

  • Provide B2B lead generation and demand generation services to its clients
  • Maintain its own accounts 
  • Manage and support its employees
  • Manages its internal process like payroll with suppliers and vendors

The company processes personal information about customers, clients, advisers, other professional experts and employees.

This information may include: 

  • The person’s name 
  • Office addresses 
  • Email addresses 
  • Phone numbers 
  • Any other information relating to the person
  • Social interest and purchasing habits

IT Business Digest does not process any sensitive information, which may include:

  • Details about physical or mental health
  • Religious or other beliefs 
  • Racial or ethnic origin
  • Membership in a trade union

Obligations as the data controller:

While handling personal information of a Data subject, when processing on data will be done by another party, IT Business Digest acts as the data controller and will therefore comply with the following obligations:-

  • Controllers are responsible for GDPR compliance and must only select processors who can provide “sufficient guarantees” that GDPR standards will be implemented and data subjects’ rights will be maintained. (We check all the GDPR compliance and policies implemented by the parties before selecting them for data processing)
  • When a data controller employs a data processor, a documented contract must be in place with clear understanding of the goal. (We sign NDAs and MOAs with the parties in order to carry out processing tasks)
  • The data controller must ensure written contracts between data controllers and processors comply with GDPR. (proper SOW is prepared wherever necessary)
  • Contracts must include the following information:-
    • The subject matter and duration of the processing
    • The nature and purpose of the processing
    • The type of personal data and categories of data subject
    • The controller obligations and rights
    • The processor obligations
  • Contracts should state that nothing in the contract relieves the data processor of its own direct responsibilities and liabilities under the GDPR. Data controllers must record and report any serious data breaches to the Information Commissioner’s Office (ICO). Controllers have a legal obligation to give effect to data subjects’ rights.

Obligations as the data processor:

When IT Business Digest processes personal data on behalf of its clients, the company functions as the data processor and the client as the data controller. As a result, IT Business Digest will comply with the following GDPR duties as a data processor:

  • The data processor must have adequate security measures in place for processing personal data. (We have IT infra policies and procedures In place, to handle the data processing with the assurance of the security of data)
  • The data processor must only act on the data controller’s documented instruction unless required by law to act without such instruction. (We strictly abide to the contract terms in order to process the personal data)
  • The data processor must ensure that the people processing the data are subject to a duty of confidence. (All the staff in IT Business Digest has to undergo compulsory GDPR and compliances training modules along with other corporate trainings like Ethical Code of Conduct and Data Security modules, to make them aware about the best practices of handling data)
  • The data processor will only engage a sub-processor with the data controller’s prior consent and a written contract. (While processing data, IT Business Digest do not engage any sub-processor, entire processing is done in-house)
  • The data processor is required to keep records of personal data and data processing activities. (We strictly follow this as per GDPR terms of Data Retention)
  • If the data processor becomes aware of a breach of personal data, it must notify the data controller. (We have process in placed to immediate report to the controller in such cases, However so far, there is not even a single data breach incident at IT Business Digest)
  • The processor must assist the data controller in granting subject access and allowing data subjects to exercise their GDPR rights. (We take all the measure to allow data subjects to exercise their GDPR rights)

Sharing Personal Information:

The organization may be required to share the personal information it processes with the individual as well as other organisations. Where this is required, the organisation must comply with all requirements of the GDPR.

When appropriate, the company will share information with:

  • Suppliers
  • Service providers 
  • Local and central government
  • Financial organisations
  • Business associates and professional advisers 
  • Family, associates, and representatives of the individual whose personal data is being processed
  • Regulatory and Examining bodies
  • Current, previous, or potential employers

Personal data transfer to another country:

Personal information may need to be transferred internationally on occasion. When this information is required, it is only shared inside the European Economic Area (EEA). Any transfers will be carried out in complete conformity with the GDPR.

Retention of personal data:

Personal data must not be retained for any longer than is required for the purpose for which it is processed, according to the General Data Protection Regulation (GDPR). This also implies that there is a time limit on how long consumers’ data can be preserved. Despite the fact that there is no time limit.

IT Business Digest keeps the data records for no longer than 2 years. However, it varies based on the type of data and client’s need. Retention of such data in IT Business Digest is decided based on the client’s requirement of requesting the old data.

Company may preserve data for longer, if it deems it has a genuine interest/reason to do so.

Everyone who works for or with VPROSPKTCO ANALYTICS Pvt. Ltd. has accountability for ensuring that data is gathered, stored, and managed lawfully, especially in light of GDPR. Individual data must be handled and treated in accordance with the GDPR policy and data protection principles by all team members who handle it.

Each member must keep records of its processing activities, which must include: 

  • Purposes of the processing; 
  • Categories of data subjects and personal data processed; 
  • Categories of recipients with whom the data may be shared; 
  • Information about Cross-Border Data Transfers; 
  • The Relevant data retention periods; and 
  • Security measures put in place in relation to the processed data

These details must be supplied to data protection authorities upon request.

In IT Business Digest, the only people who should be able to access the data protected by this policy are those who require it for their work.

  • Data is not shared informally among employees.
  • We train all employees to understand their responsibilities when collecting data.
  • We use domain environment to give appropriate permissions in order to access data.
  • Data is evaluated on a regular basis and restructured if it is discovered to be out of date. If it is no longer required, it is deleted and discarded.
  • Data is only stored on protected servers, and is uploaded to cloud computing services, which are in compliant to GDPR.
  • All servers and systems are protected by permitted security software and firewall.
  • Timely backup and checks are done to ensure the safety and accuracy of the data.
  •  The data protection representative handles data protection questions from staff and anyone else covered by this policy.
  • Contracts with third parties and processors who may handle sensitive data for the organisation are evaluated and reviewed.
  • Data protection statements are authorized and updated as needed when attached to communications such as emails.
  • GDPR rules are followed in all our marketing campaigns.

People with key areas of responsibility:
The board of directors is ultimately accountable for ensuring that VPROSPKTCO ANALYTICS Pvt. Ltd meets its legal obligations.

The Data Protection Officer is responsible for:

  • Reviewing all data protection measures and related strategies
  • Keeping the board informed of data protection duties, risks, and issues.
  • Providing data security training and information to those covered by this policy.
  • Reviewing and approving any contracts or agreements with third parties who may handle sensitive data for the organisation.
  • Receiving and responding to data privacy inquiries from personnel and anyone else protected by this policy.

The IT Admin is responsible for:

  • Ensuring that software services used for data storage fulfil the relevant security standards.
  • Conducting regular inspections and scans to ensure that security hardware and software are in good working order.
  • Evaluating any third-party services that the organisation may use to store or handle data. For example, cloud computing services.
  • Handling the domain environment and implementing the Microsoft Security baseline on all machines in the organisation.

In case of any comments, queries or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data carried out by us, or on our behalf, please use the contact form at https://itbusinessdigest.com/contact-us/

The Company has appointed a Data Protection Officer who may be contacted at dpo@itbusinessdigest.com  

it business digest

Welcome to IT Business Digest, your ultimate source for the latest information technology news and updates. Stay ahead with our in-depth coverage of emerging technologies, industry trends, and expert insights.

Linkedin X-twitter Icon-facebook

Quick Links

Products

Legal

Copyright © 2025 IT Business Digest, All rights reserved.