GDPR Policy - Digitised Energy

1. Introduction

Digitised Renewables Energy Tech Pvt. Ltd. ("the Company") is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This policy outlines the Company's approach to data protection within the context of our B2B Software as a Service (SAAS) product, "Digitised Energy."

2. Scope

This GDPR policy applies to all personal data collected, processed, and stored by Digitised Energy in the course of providing our SAAS product and related services to business clients ("Clients").

3. Data Collection and Processing

Digitised Energy collects and processes personal data from Clients solely for the purpose of providing and improving our SAAS product. This may include:

• Contact information (such as names, email addresses, phone numbers) of Client representatives.

• User data generated through the use of our SAAS product, including but not limited to user activity logs, preferences, and settings.

4. Lawfulness of Processing

The Company ensures that all personal data processing activities are conducted in accordance with the principles of lawfulness, fairness, and transparency as outlined in the GDPR. Personal data is processed on the basis of one or more of the following legal grounds:

• The data subject (Client representative) has given consent to the processing of their personal data for one or more specific purposes.

• Processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract.

• Processing is necessary for compliance with a legal obligation to which the Company is subject.

• Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party.

5. Data Security

Digitised Energy implements appropriate technical and organizational measures to ensure the security of personal data against unauthorized access, disclosure, alteration, or destruction. This includes but is not limited to:

• Encryption of personal data during transmission and storage.

• Access controls and authentication mechanisms to limit access to personal data to authorized personnel only.

• Regular security assessments and audits to identify and address vulnerabilities.

• An overview of our security protocols is available here.

6. Data Retention

Personal data collected and processed by Digitised Energy is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Upon the termination of the Client's contract, personal data will be securely deleted.

7. Data Subject Rights

Digitised Energy respects the rights of data subjects (Client representatives) as outlined in the GDPR, including the right to:

• Access their personal data and receive information about how it is processed.

• Rectify inaccuracies in their personal data.

• Erase their personal data under certain circumstances.

• Restrict or object to the processing of their personal data.

• Data portability, where applicable.

Requests to exercise these rights can be made by contacting Digitised Energy's Data Protection Officer (DPO) using the contact details provided in this policy.

8. Data Transfers

In the event that personal data is transferred to third parties or outside the European Economic Area (EEA), Digitised Energy ensures that appropriate safeguards are in place to protect the data in accordance with the requirements of the GDPR.

9. Data Breach Notification

In the event of a personal data breach, Digitised Energy will promptly assess the breach, take necessary steps to mitigate its impact, and notify the relevant supervisory authority and affected data subjects in accordance with the GDPR requirements.

10. Compliance Monitoring and Review

Digitised Energy regularly monitors compliance with this GDPR policy and reviews its effectiveness to ensure ongoing adherence to data protection principles and regulatory requirements. This policy is subject to periodic review and may be updated as necessary to reflect changes in applicable laws, regulations, or Company practices.

11. Contact Information

For inquiries regarding this GDPR policy or the processing of personal data by Digitised Energy, please contact:

ATTN: Venkat Y. Data Protection Officer (DPO)
info@digitised.energy
Digitised Renewables Energy Tech PVT. LTD.
1112 Assetz East Point. Bengaluru - 560103. Karnataka. India.

12. Acceptance of Policy

By using Digitised Energy's SAAS product and related services, Clients acknowledge and agree to the terms of this GDPR policy.

Date of Last Revision: 18-May-2024