Legal
GDPR Policy
Aligned with global norms, Newtral's GDPR Policy guarantees transparent data handling and a commitment to privacy protection.
Newtral Technologies Private Limited is committed to ensuring the privacy and protection of personal data. This General Data Protection Regulation (GDPR) policy outlines our practices concerning the collection, processing, and protection of personal data in the context of our ESG Management Software.
Scope
This GDPR policy applies to all personal data processed by Newtral Technologies in the course of its business activities, including the use of our ESG Management Software.
Data Controller and Data Processor
Newtral Technologies acts as both a data controller and a data processor, depending on the context of data processing. In situations where we determine the purposes and means of processing personal data, we act as a data controller. In cases where we process personal data on behalf of our customers, we act as a data processor.
Data Collection and Processing
Lawfulness of Processing
We will only process personal data when there is a lawful basis for doing so, such as the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or the exercise of official authority, and legitimate interests pursued by Newtral Technologies or a third party.
Data Minimization
We will collect and process only the personal data that is necessary for the intended purpose. We will not process excessive or irrelevant data
Purpose Limitation
Personal data will be processed only for the specific purposes for which it was collected, and we will inform individuals of any additional purposes for processing.
Data Security
Technical and Organizational Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymization and encryption of personal data.
Data Breach Response:
In the event of a data breach, Newtral Technologies will promptly assess the situation, take necessary steps to mitigate the breach, and notify the relevant supervisory authority and affected data subjects, as required by law.
Data Subject Rights
We respect the rights of data subjects and will facilitate the exercise of their rights, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.
Data Transfers
When transferring personal data outside the European Economic Area (EEA), Newtral Technologies will ensure that the data transfer complies with GDPR requirements. This may include the use of standard contractual clauses or other lawful mechanisms.
Data Protection Officer (DPO)
Newtral Technologies has appointed a Data Protection Officer to oversee GDPR compliance. The DPO can be contacted at vinod@newtral.io.
What are your privacy rights?
You have the right to access, rectify, erase, restrict, and object to the processing of your personal data. You also have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller without hindrance from us. To exercise your rights, please contact us using the contact details provided below.
How can you contact us about this policy?
If you have any questions or concerns about our privacy policy or our processing of your personal data, please contact us at team@newtral.io.