Menu
Log In
Sign Up

GDPR Policy

HomeGDPR Policy

THIS DOCUMENT OUTLINES THE SPECIFIC RIGHTS AND PROTECTIONS AFFORDED TO INDIVIDUALS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR) WHEN USING HISABMITRA SERVICES PROVIDED BY ZTXO ARTLFY PRIVATE LIMITED (HEREINAFTER “HISABMITRA”).

1. Introduction and Scope

This GDPR Policy supplements our Privacy Policy and applies specifically to individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland, or in any jurisdiction where the GDPR or substantially similar regulations apply. This policy describes how HisabMitra processes personal data in compliance with the GDPR and outlines the specific rights granted to data subjects under this regulation.

HisabMitra is committed to protecting your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently. As both a data controller and data processor, we implement appropriate technical and organizational measures to ensure the security of your personal data.

2. Definitions

For the purposes of this policy, the following definitions apply:

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Data Subject: An identified or identifiable natural person to whom the personal data relates.

3. Legal Basis for Processing Personal Data

HisabMitra processes personal data under one or more of the following legal bases:

Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This applies when you register for and use our Services.

Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by HisabMitra or by a third party, except where such interests are overridden by your interests, fundamental rights, and freedoms. Our legitimate interests include:

  • Providing, maintaining, and improving our Services
  • Developing new products and features
  • Detecting and preventing fraudulent activities
  • Protecting the security of our systems and users
  • Marketing our Services to existing customers

Consent: You have given explicit consent to the processing of your personal data for one or more specific purposes. We rely on consent for certain types of communications, such as marketing emails to non-customers.

Legal Compliance: Processing is necessary for compliance with a legal obligation to which HisabMitra is subject.

4. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to obtain confirmation as to whether or not your personal data is being processed by HisabMitra and, where that is the case, access to the personal data and the following information:

  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed
  • The envisaged period for which the personal data will be stored
  • The existence of the right to request rectification or erasure of personal data or restriction of processing
  • The right to lodge a complaint with a supervisory authority
  • Information about the source of the data, where it was not collected directly from you
  • The existence of automated decision-making, including profiling

4.2 Right to Rectification

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.3 Right to Erasure (“Right to be Forgotten”)

You have the right to obtain the erasure of your personal data without undue delay where one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or processed
  • You withdraw consent on which the processing is based, and there is no other legal ground for the processing
  • You object to the processing and there are no overriding legitimate grounds for the processing
  • The personal data has been unlawfully processed
  • The personal data must be erased for compliance with a legal obligation
  • The personal data has been collected in relation to the offer of information society services to children

4.4 Right to Restriction of Processing

You have the right to obtain restriction of processing where one of the following applies:

  • You contest the accuracy of the personal data (for a period enabling HisabMitra to verify the accuracy)
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead
  • HisabMitra no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims
  • You have objected to processing pending verification of whether HisabMitra’s legitimate grounds override yours

4.5 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to HisabMitra, in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from HisabMitra, where:

  • The processing is based on consent or on a contract; and
  • The processing is carried out by automated means

This right shall not adversely affect the rights and freedoms of others.

4.6 Right to Object

You have the right to object at any time to processing of your personal data for direct marketing purposes. Additionally, where processing is based on legitimate interests, you have the right to object to such processing. HisabMitra shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

4.7 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where the decision:

  • Is necessary for entering into, or performance of, a contract between you and HisabMitra
  • Is authorized by law
  • Is based on your explicit consent

5. How to Exercise Your Rights

To exercise your rights under the GDPR, please contact our Data Protection Officer at support@hisabmitra.com. We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

If we decide not to take action on your request, we will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

6. Data Transfers Outside the EEA

HisabMitra may transfer your personal data to countries outside the EEA. When we do so, we ensure appropriate safeguards are in place to protect your personal data in accordance with the GDPR requirements. These safeguards may include:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Implementing appropriate contractual clauses, such as Standard Contractual Clauses approved by the European Commission
  • Relying on binding corporate rules for transfers within a corporate group
  • Obtaining your explicit consent to the proposed transfer (in limited circumstances)

7. Data Processing Records

In accordance with GDPR Article 30, HisabMitra maintains records of processing activities under our responsibility. These records include:

  • The name and contact details of HisabMitra, any joint controllers, and our Data Protection Officer
  • The purposes of the processing
  • A description of the categories of data subjects and of the categories of personal data
  • The categories of recipients to whom the personal data has been or will be disclosed
  • Where applicable, transfers of personal data to a third country or an international organization
  • Where possible, the envisaged time limits for erasure of the different categories of data
  • Where possible, a general description of the technical and organizational security measures

8. Data Protection Impact Assessments

For processing operations that are likely to result in a high risk to the rights and freedoms of natural persons, HisabMitra conducts Data Protection Impact Assessments (DPIAs) prior to the processing. These assessments include:

  • A systematic description of the envisaged processing operations and the purposes of the processing
  • An assessment of the necessity and proportionality of the processing operations
  • An assessment of the risks to the rights and freedoms of data subjects
  • The measures envisaged to address the risks and demonstrate compliance with the GDPR

9. Data Breach Notification

In the event of a personal data breach, HisabMitra shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the relevant supervisory authority, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

When the personal data breach is likely to result in a high risk to your rights and freedoms, HisabMitra shall communicate the personal data breach to you without undue delay. This communication will describe in clear and plain language the nature of the personal data breach and contain at least:

  • The name and contact details of the Data Protection Officer or other contact point
  • A description of the likely consequences of the personal data breach
  • A description of the measures taken or proposed to address the breach and mitigate its possible adverse effects

10. Data Protection Officer

HisabMitra has appointed a Data Protection Officer responsible for overseeing our compliance with the GDPR. You may contact our Data Protection Officer directly with any queries related to this GDPR Policy or our processing of your personal data at support@hisabmitra.com.

11. Complaints

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

12. Changes to This GDPR Policy

We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and, where appropriate, through other means of communication. The latest version of this policy will always be available on our website.

13. Contact Information

If you have any questions about this GDPR Policy or our data processing practices, please contact us at:
Email: support@hisabmitra.com

Effective Date: 19/04/2025

HisabMitra