1. Purpose

The purpose of this policy is to establish a framework for safeguarding personal and sensitive data handled by Digitectura Technologies. It outlines principles, processes, and responsibilities to ensure compliance with applicable data protection laws and to protect the confidentiality, integrity, and availability of data throughout its lifecycle.

2. Scope

This policy applies to:

  • All employees, contractors, consultants, and third parties with access to Digitectura Technologies data
  • All personal and sensitive data collected, processed, stored, or transmitted by Digitectura Technologies, regardless of the medium (electronic or physical)
  • All systems, applications, and processes involved in the handling of data within Digitectura Technologies operations globally

3. Objective

The objectives of this policy are to:

  • Ensure compliance with data protection regulations and industry standards
  • Protect the rights and privacy of individuals whose data is collected and processed
  • Minimize risks related to unauthorized access, use, or disclosure of personal and sensitive data
  • Promote a culture of data protection and privacy within Digitectura Technologies

4. Responsibility and accountability

Adherence to Data Protection Policy is the responsibility of the entire organization and its affiliates, subsidiaries, personnel, third-party consultants, contractors, vendors, and any individual or entity that is provided access to the company’s information resources.

The IT Manager will be responsible for the implementation of the Data Protection Policy across organization

Top Management / will be accountable for the overall Data Protection Policy.

5. Non-compliance

Any Non-Compliance with this Data Protection Policy will be dealt with Disciplinary Action as decided by the organization and respective authorities.

6. Exceptions

Any exception/s to the Data Protection Policy is/are subject to management review and approval.

7. Policy Statement

  1. Introduction
    • At Digitectura Technologies, safeguarding the personal data of our employees, customers, suppliers, and business partners is of paramount importance. This Data Protection Policy sets out the principles, guidelines, and practices that Digitectura Technologies follows to ensure compliance with applicable data protection laws and to maintain the trust and confidence of all stakeholders. The policy underscores Digitectura Technologies commitment to processing personal data responsibly, securely, and transparently
  2. Definitions
    • Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). Examples include name, contact details, identification numbers, location data, and online identifiers
    • Processing: Any operation performed on personal data, such as collection, recording, storage, modification, retrieval, disclosure, or destruction
    • Data Controller: The entity that determines the purposes and means of processing personal data
    • Data Processor: The entity that processes personal data on behalf of the data controller
    • Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data
  3. Data Protection Principles 
    Digitectura Technologies adheres to the following principles in the processing of personal data:

    • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner
    • Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes
    • Data Minimization: Only data that is adequate, relevant, and necessary for the intended purposes is collected and processed
    • Accuracy: Personal data is accurate and kept up to date. Inaccuracies are corrected or deleted without delay
    • Storage Limitation: Personal data is retained only as long as necessary for the purposes for which it was collected and processed
    • Integrity and Confidentiality: Personal data is processed securely, ensuring protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage
    • Accountability: Digitectura Technologies takes responsibility for complying with these principles and maintains appropriate documentation to demonstrate compliance
  4. Data Subject Rights
    Digitectura Technologies recognizes and upholds the rights of data subjects under applicable laws, including:

    • Right of Access: Data subjects have the right to obtain confirmation about whether their data is being processed and access to their data
    • Right to Rectification: Data subjects can request correction of inaccurate or incomplete personal data
    • Right to Erasure (“Right to be Forgotten”): Data subjects may request the deletion of their data under specific circumstances
    • Right to Restrict Processing: Data subjects can request the restriction of data processing under certain conditions
    • Right to Data Portability: Data subjects can request their data in a structured, commonly used, and machine-readable format
    • Right to Object: Data subjects may object to the processing of their data, particularly in cases involving direct marketing
    • Rights Related to Automated Decision-Making: Data subjects have the right not to be subject to decisions based solely on automated processing
  5. Data Protection Measures
    Digitectura Technologies implements a comprehensive framework of technical and organizational measures to ensure data protection, including:

    • Access Control: Access to personal data is restricted to authorized personnel based on their roles and responsibilities
    • Data Encryption: Sensitive personal data is encrypted during storage and transmission to prevent unauthorized access
    • Regular Audits: Periodic reviews and audits are conducted to ensure compliance with data protection requirements
    • Incident Management: A structured process is in place for identifying, reporting, and mitigating data breaches
    • Training and Awareness: Employees are regularly trained on data protection practices and policies to maintain awareness of their responsibilities
  6. Third-Party Processing
    When engaging third-party service providers for data processing activities, Digitectura Technologies ensures:

    • Due Diligence: Service providers are evaluated for their ability to comply with data protection standards
    • Contracts: Data processing agreements are established to define responsibilities, processing limits, and security requirements
    • Monitoring: Regular assessments are conducted to ensure third-party compliance with contractual obligations and data protection laws
  7. Cross-Border Data Transfers
     Digitectura Technologies adheres to applicable laws governing the transfer of personal data to other countries. Transfers are conducted only:

    • To countries deemed to provide an adequate level of protection;
    • Under binding corporate rules, standard contractual clauses, or other lawful mechanisms;
    • With the explicit consent of the data subject, where required.
  8. Record Keeping
    Digitectura Technologies maintains detailed records of data processing activities, including:

    • Categories of personal data processed;
    • Purposes of processing;
    • Data retention periods;
    • Data recipients;
    • Security measures in place.
  9. Data Retention 
    Personal data is retained only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or protect Digitectura Technologies legitimate interests. Retention periods are defined in alignment with applicable laws and business requirements.
  10. Data Breach Management
    Digitectura Technologies has established a Data Breach Response Plan to:

    • Identify and assess the scope of breaches;
    • Notify relevant authorities and affected individuals, as required by law;
    • Mitigate potential risks and implement corrective actions;
    • Document incidents and lessons learned to prevent recurrence.
  11. Monitoring and Review
    This policy is reviewed regularly to ensure its relevance and effectiveness. Updates are made to address changes in laws, business operations, or emerging data protection risks.
  12. Communication
    This policy is communicated to all employees, contractors, and relevant third parties. It is also made available to stakeholders upon request to promote transparency in Digitectura Technologies data protection practices.

Get started with GrydSense

Get in Touch
GrydSense logo

GrydSense immerses you in a smart experience. Transform your real estate into an intelligent, sensitive, adaptive, AI-driven space with AI/ML sensors and a cloud based analytics software platform.