GDPR Compliance

Techbuddy is committed to full compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all our users, including those in the European Union.

Last Updated: July 28, 2025

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU), regardless of where the organization is located.

GDPR aims to give individuals greater control over their personal data and to simplify the regulatory environment for international business by unifying data protection regulations within the EU.

2. Our Commitment to GDPR Compliance

At Techbuddy, we are fully committed to GDPR compliance and have implemented comprehensive measures to ensure the protection of your personal data. Our compliance framework includes:

Our GDPR Compliance Checklist

Data Protection Officer: Appointed a dedicated DPO to oversee compliance
Data Inventory: Complete mapping of all personal data processing activities
Legal Basis: Clear legal grounds for all data processing activities
Consent Management: Robust consent collection and management systems
Data Subject Rights: Processes to handle all GDPR rights requests
Security Measures: Technical and organizational security safeguards
Data Breach Procedures: Incident response and notification protocols
Vendor Management: Due diligence and contracts with all data processors

3. Your GDPR Rights

Under GDPR, you have several important rights regarding your personal data. We are committed to helping you exercise these rights:

Right to Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You can request deletion of your personal data in certain circumstances (also known as the "right to be forgotten").

Right to Restriction

You can request that we limit how we process your personal data in certain situations.

Right to Portability

You can request a copy of your personal data in a structured, machine-readable format.

Right to Object

You can object to our processing of your personal data in certain circumstances.

Right to Automated Decision Making

You have rights regarding automated decision-making and profiling of your personal data.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of previous processing.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can contact us through the following methods:

Primary Contact Methods

  • Email: Techbudyinterprises@outlook.com (Subject: GDPR Rights Request)
  • Phone: +91-7300533353
  • Online Form: Use our data subject rights request form below
  • Postal Address: H NO 473, Village Batnour Post Phalauda, Batnour Meerut, UP 250401, India

What We Need from You

To process your request efficiently, please provide:

  • Your full name and contact information
  • Specific details about the right you want to exercise
  • Any relevant account information or identifiers
  • Proof of identity (for security purposes)

Response Timeline

We will respond to your request within:

  • Initial Response: Within 1 month of receiving your request
  • Complex Requests: May take up to 3 months (we'll notify you if this applies)
  • Urgent Requests: We prioritize requests related to data breaches or urgent matters

5. Data Processing Activities

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

We process your data to provide our services and fulfill our contractual obligations to you.

Legitimate Interests

We process data for our legitimate business interests, such as improving our services and preventing fraud.

Consent

For marketing communications and certain optional services, we rely on your explicit consent.

Legal Obligations

We may process data to comply with legal requirements, such as tax obligations or regulatory reporting.

Data Categories We Process

  • Identity Data: Name, email address, phone number, postal address
  • Technical Data: IP address, browser type, device information, cookies
  • Usage Data: Website interactions, service usage patterns
  • Marketing Data: Communication preferences, marketing responses
  • Financial Data: Payment information, billing details

6. International Data Transfers

As a global company, we may transfer your personal data to countries outside the European Economic Area (EEA). We ensure adequate protection through:

Transfer Safeguards

  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Certification Schemes: Industry-recognized privacy certifications
  • Technical Measures: Encryption and security protocols

Countries We Transfer Data To

  • India (our primary operations location)
  • United States (for certain cloud services)
  • Other countries as required for service delivery

7. Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

  • End-to-end encryption for data transmission
  • Encryption at rest for stored data
  • Multi-factor authentication for system access
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems

Organizational Safeguards

  • Employee training on data protection and GDPR
  • Confidentiality agreements with all staff
  • Access controls and role-based permissions
  • Incident response procedures
  • Regular policy reviews and updates

8. Data Breach Procedures

In the unlikely event of a data breach, we have established procedures to:

Our Response Process

  • Immediate Assessment: Evaluate the scope and impact of the breach
  • Containment: Take immediate steps to contain and mitigate the breach
  • Notification: Notify relevant authorities within 72 hours if required
  • Communication: Inform affected individuals without undue delay
  • Documentation: Maintain detailed records of the breach and response

9. Data Retention

We retain your personal data only for as long as necessary to:

  • Provide our services and support
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records for operational purposes

Retention Periods

  • Account Data: Retained while your account is active, plus 7 years for legal compliance
  • Transaction Data: Retained for 7 years for tax and accounting purposes
  • Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
  • Technical Data: Retained for 2 years for security and analytics purposes

10. Contact Our Data Protection Officer

For any GDPR-related questions or concerns, you can contact our Data Protection Officer:

Data Protection Officer

Email: dpo@techbuddy.com

Phone: +91-7300533353

Subject Line: "DPO Inquiry - [Your Name]"

Address:
Data Protection Officer
Techbuddy Interprises
H NO 473, Village Batnour Post Phalauda
Batnour Meerut, UP 250401
India

11. Supervisory Authority

If you believe we have not addressed your GDPR rights properly, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your authority's contact information at:

European Data Protection Board (EDPB)

12. Updates to This Policy

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or direct communication.

Related Legal Pages

Privacy Policy
How we protect your data
Terms of Service
Our service terms
Refund Policy
Refund terms and conditions
Cookie Policy
How we use cookies

Exercise Your GDPR Rights