GDPR policy

We know the secret of your success

General Data Protection Regulation (GDPR)

Our Compliance for GDPR

Based on the directives set across the General Data Protection Regulation (EU) 2016/679 (“GDPR”) our compliance policy for GDPR sets out the steps that iSN Group (hereinafter referred as iSNGS) is taking to ensure iSNGS complies with the European Union’s new General Data Protection Regulation (GDPR). This regulation is designed to protect an individual’s personal data. In addition to giving citizens control of their personal data, the GDPR also aims to unify data protection laws across the European Union and the European Economic Area (EEA).

In accordance with the directives laid down in GDPR, below are the GDPR principles that iSNGS complies with all the personal data

  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes
  • Accurate and kept up-to-date
  • Kept for no longer than necessary
  • Processed in a manner that ensures appropriate security.

As per the adherence to GDPR directives – we follow the following procedures. These procedures are set out as a data processor, our responsibilities are limited being a data processor under the Data Protection Act.

As a part of our responsibilities in line with the GDPR directives with reference to Article 5 and Article 6 of the GDPR below are procedures implemented and followed by iSNGS.

High Level Data flow Map

We maintain a high level data flow map for all the processing requirements we receive from our client from time to time wherein we act a data processor as per the article 4 of the GDPR. The data flow map help understand our clients how their data flows with the iSNGS environment and how all have access to it.

High Level Data Map

In accordance with GDPR compliances – it is important for iSNGS and its client to understand what data falls under GDPR and how to handle it appropriately. To address this, iSNGS shall use GDPR Data Map template, this will allow iSNGS and its client get a clear understanding of exactly what data is iSNGS in possession of and how that data is moving through iSNGS as an organization. The key elements that shall be maintain in the data map is as below.

1. How was the data collected?

It is essential to understand the source of data collection as from where it has been collected.

2. What personal data is iSNGS collecting?

The personal data of the data subject that is being collected as per the GDPR guidelines. Which doesn’t include processing of mission critical personal data, and/or processing of special category personal data, and/or processing of processing of children data and/or processing data of criminal convictions and offences as per the GDPR article 7,8,9 and 10.

3. Why is the data being collected?

The reason behind collecting the personal data of the subject lies with our data controller which is mostly for Business Marketing purposes.

4. How the data is stored, how it will be processed and person(s) having access to it?

As per the GDPR compliance {reference Article 4(2) and (6) of the GDPR} it is important to know how the data is stored, how it will be processed and who all have access to the data at iSNGS.

5. When is this data disposed?

As per the GDPR compliances it is important to know how and when iSNGS shall dispose all the personal data collected on behalf of the data controller.

All the personal data collected shall be disposed within 6 months (180 days) from the date it is been delivered to the controller or as per the agreed duration with the controller whichever is less.

6. Do we have consents from the data subjects?

As per the GDPR Article 7, conditions for consent wherever iSNGS acts as a Data Controller, as per the definition defined in GDPR Article 4, iSNGS shall only process or acquire the personal information of the data subject(s) wherein it has received appropriate consents from the data subject(s).

7. Right to withdraw

As per the Article 7(3), GDPR, under Conditions for consent, the data subject shall have the right to withdraw his or her consent at any time. iSNGS strictly adheres to this policy, as a data subject you have full rights to withdraw your consent at any time. Please write to info@isngs.com

Data Processing Register

As an adherence to GDPR compliances iSNGS will fully comply with certain important rules required as a data processor and/or as a data controller from time to time. As part of the set rules iSNGS shall duly maintain the data processing register.

For our GDPR Privacy Policy, please refer document iSNGS Privacy Policy.

TOP