IT Origin Logo
EU Data Protection

GDPR Compliance

Our commitment to protecting your personal data in accordance with the General Data Protection Regulation.

Our Commitment to GDPR

IT Origin is committed to ensuring the security and protection of the personal information that we process. We provide a compliant and consistent approach to data protection that is aligned with the General Data Protection Regulation (GDPR).

The GDPR is a regulation in EU law on data protection and privacy that applies to all organizations operating within the EU, as well as organizations outside the EU that offer goods or services to EU residents.

GDPR Principles We Follow

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and in a transparent manner. We always inform individuals about how their data will be used.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We only collect and process personal data that is necessary for the purposes we have specified.

Accuracy

We take reasonable steps to ensure personal data is accurate, up-to-date, and corrected or deleted when inaccurate.

Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

Integrity & Confidentiality

We implement appropriate security measures to protect personal data against unauthorized access, loss, or destruction.

Your Rights Under GDPR

Under the GDPR, EU residents have the following rights regarding their personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You have the right to request that we delete your personal data in certain circumstances.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects on you.

Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: You have given explicit consent for processing your personal data for a specific purpose.
  • Contract: Processing is necessary for the performance of a contract with you or to take steps before entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided these are not overridden by your rights.

Data Protection Measures

As a cybersecurity company, we implement comprehensive technical and organizational measures to protect personal data, including:

  • Encryption of personal data both at rest and in transit
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response procedures for data breaches
  • Regular backups and disaster recovery planning
  • Privacy by design and default in our systems

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Other approved transfer mechanisms under GDPR

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay when the breach is likely to result in high risk
  • Document all breaches, including their effects and remedial actions taken

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO for any questions or concerns regarding the processing of your personal data:

Data Protection Officer

Email: dpo@itorigin.com

Address: 8/14, Sahid Nagar, Wing-A, Kolkata 700078, India

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at privacy@itorigin.com. We will respond to your request within one month, as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Related Policies

Privacy PolicyCookie PolicySecurity Policy