GDPR Compliance
Your rights under the General Data Protection Regulation and how we protect your privacy.
Right to Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data
Right to Restriction
Limit how we process your data
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. It gives individuals greater control over their personal data and imposes strict requirements on organizations that collect, process, or store personal data. Even though SocietyWaley operates primarily in India, we comply with GDPR standards to ensure the highest level of data protection for all our users, including those in the EU.
2. Your GDPR Rights
Under GDPR, you have several important rights regarding your personal data:
Right to Access (Article 15)
You can request information about what personal data we hold about you, including the purposes of processing, categories of data, and recipients.
Right to Rectification (Article 16)
You can have your personal data rectified if it is inaccurate or incomplete.
Right to Erasure (Article 17)
You can request deletion of your personal data in certain circumstances.
Right to Restriction (Article 18)
You can request limitation of processing in certain situations.
Right to Data Portability (Article 20)
You can receive your personal data in a structured, commonly used format.
Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing.
3. Lawful Basis for Processing
We process your personal data based on the following lawful bases under GDPR:
Contract (Article 6(1)(b))
Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legitimate Interests (Article 6(1)(f))
Processing necessary for our legitimate interests, provided your rights don't override those interests.
Consent (Article 6(1)(a))
Processing based on your explicit consent, which you can withdraw at any time.
Legal Obligation (Article 6(1)(c))
Processing necessary to comply with legal obligations.
4. Data Protection Measures
We implement comprehensive technical and organizational measures to protect your personal data:
Technical Measures
- • 256-bit AES encryption
- • Secure data transmission (HTTPS/TLS)
- • Regular security audits
- • Multi-factor authentication
Organizational Measures
- • Staff training on data protection
- • Access control policies
- • Incident response procedures
- • Regular compliance reviews
5. International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection:
Transfer Safeguards
- • Standard Contractual Clauses approved by the European Commission
- • Adequacy decisions for certain countries
- • Binding Corporate Rules for multinational organizations
- • Certification schemes and codes of conduct
6. Data Breach Notification
In the event of a personal data breach, we will:
7. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO for any questions or concerns about your personal data:
Exercise Your GDPR Rights
Ready to exercise your GDPR rights? Contact our Data Protection Officer to get started.
Last Updated: January 15, 2025 | Effective Date: January 15, 2025