The steps we take to ensure your privacy and protection with Convosight
The Company stores a large volume of information electronically. This policy governs the procedures to protect this information and sets out how data should be transferred between Convosight Analytics Pvt Ltd. and Convosight Analytics Inc. in compliance with GDPR.
This policy may be amended by Convosight at any time, consistent with the requirements of applicable laws and regulations. Any revisions will take effect from the date on which the amended Policy is published, as indicated by the version number.
In reference to this policy,
Data Controller means the entity determining the purposes and means of processing personal data.
Data Processor means the entity processing personal data on behalf of the controller.
Personal Data includes any information relating to an identified or identifiable natural person.
Data Subject means the individual to whom the personal data relates.
Transfer means the communication of personal data to a third country or an international organization.
Third Country means any country outside the European Economic Area (“EEA”) and United Kingdom which is not subject to an adequacy decision by the European Commission and United Kingdom government or whose laws do not provide an adequate level of protection for the rights of Data Subjects in respect of their Personal Data.
Convosight Analytics Pvt Ltd: Acts as the data controller for data processed within India and as a data exporter when transferring data to Convosight Analytics Inc.
Convosight Analytics Inc.: Acts as a data importer when receiving data from Convosight Analytics Pvt Ltd.
When transferring Personal Data to Third Countries, in its capacity as a Data Processor, Convosight shall ensure that, prior to any such transfer, such transfers are permissible under the data processing agreement (or other contract containing the relevant provisions required under EU or UK data protection laws) in place between the relevant Convosight entity and the Data Controller on whose behalf such Convosight entity is processing the Personal Data.
When transferring Personal Data to Third Countries, in its capacity as a Data Controller or Data Processor, Convosight shall ensure that, prior to any such transfer:
It has carried out an appropriate transfer risk assessment, the scope of which is reasonable and proportionate taking into account the risk inherent in the data being transferred, the amount of data being transferred and the resources available to Convosight as Data Controller or Data Processor, for each category of Personal Data of which Convosight is making repeated or similar transfers; and it has adopted an appropriate transfer mechanism.
In relation to international transfers of Personal Data, Convosight will apply the appropriate transfer requirements under the Data Protection Laws applicable to that jurisdiction, the Personal Data being transferred or the Data Subject concerned.
The general prohibition on transfers of Personal Data to Third Countries can be derogated from in certain specific situations. A transfer, or set of transfers, may be made where the transfer is:
made with the Data Subject’s informed consent;
necessary for the performance of a contract between the Data Subject and the recipient or for pre-contractual steps taken at the Data Subject’s request;
necessary for the performance of a contract made in the interests of the Data Subject between the controller and another person;
necessary for important reasons of public interest;
necessary for the establishment, exercise or defence of legal claims;
necessary to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent; or
made from a register which, by law, is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).
Convosight shall only transfer any Personal Data in a manner that is consistent with the purposes for which such Personal Data was collected or otherwise processed. Prior to any such transfer, Convosight, shall take reasonable steps to ensure that the Personal Data being transferred is accurate, complete, relevant and up to date.
Convosight shall ensure that any transfers of Personal Data are made within the parameters of any privacy or other notices that have been given to the Data Subjects to which the Personal Data relates. Any such notices about the possibility of transfer will have been given at the time the Personal Data was collected, in clear and transparent language. If no such privacy notices were given, then such notices will be given to the relevant Data Subjects prior to transfer, unless a derogation or exemption applies. This policy constitutes a notice to Data Subjects regarding the possibility of such transfers.
Convosight limits the Personal Data to be transferred to the minimum necessary to fulfil the necessary processing purpose(s). The transfers shall be limited to those who need to know the same in connection with the processing purpose(s).
Any questions regarding this Data Transfer Policy or the information practices should be directed to the Convosight by sending an email at reachus@convosight.com.