GDPR Policy

Introduction

Portion (Private) Limited is committed to protecting the personal data and privacy of their clients, employees, and all the other individuals associated with Portion (Private) Limited.

Therefore, this "GDPR Policy" outlines the commitment of Portion (Private) Limited to comply with data protection regulations and establish best practices for handling personal and sensitive data within their organization.

Scope

This "GDPR Policy" applies to all employees who are working at Portion (Private) Limited, contractors who are working for Portion (Private) Limited, and third parties who are processing personal data on behalf of Portion (Private) Limited. It covers all the personal data which are collected, processed, stored, or transferred, via electronic methods or printed materials.

Data Protection Principles

Portion (Private) Limited is fully committed to adhering to the following data protection principles:

  • Lawfulness, Fairness, and Transparency
    • All the personal data will be processed in a lawful, fair, and transparent manner.
    • The subject of the data will be informed about the processing of their data upon collecting such data.
  • Purpose Limitation
    • Personal data will be only collected for specified, explicit, and legitimate purposes and not be processed further for the purposes which are incompatible with the original purpose.
  • Data Minimization
    • Only the personal data related to the purpose will be collected.
    • Collected and processed data will be kept accurately and will be up to date.
    • Every possible step will be taken to ensure that the personal data are accurate and relevant to the purposes which they are collected. If not immediate measures are taken to erase them, or rectified.
  • Storage Limitation
    • Personal data will be stored only for the necessary time period.
    • Data which is no longer required will be deleted securely.
  • Integrity and Confidentiality
    • All the collected data will be processed in a manner that ensures appropriate security.
    • All the possible measures will be taken to prevent unauthorized access, disclosure, or alteration of data.
  • Accountability and Responsibility
    • Portion (Private) Limited is dedicated to ensure compliance with the principles mentioned above.

Data Subject Rights Portion (Private) Limited is ensuring the rights of data subjects and will provide mechanisms for them to exercise their rights, including: The right to access personal data. The right to rectify inaccurate data. The right to erasure (right to be forgotten). The right to data portability. The right to restrict processing. The right to object to processing. The right not to be subject to automated decision-making, including profiling.

Data Breach Notification In the event of a data breach, Portion (Private) Limited will comply with the GDPR principles to notify the appropriate supervisory authority and affected individuals within 72 hours of becoming aware of the breach. The notification will include all relevant details about the breach and its possible impact.

Data Processing Records Portion (Private) Limited will maintain all the records which are relevant to the data processing activities, including purposes, categories of data, and retention periods. These records will be made available to the supervisory authority upon request.

Employee Training All employees and contractors of Portion (Private) Limited are received GDPR training to ensure that they are understood their responsibilities and obligations under this "GDPR Policy".

Policy Review This "GDPR policy" will be reviewed regularly and updated as necessary to reflect changes in data protection laws, business practices, and technological advancements.