GDPR Compliance Policy

The EU general data protection regulation (GDPR) is the strongest privacy and security law in the world.

1. Introduction
Halal Investments India (hereafter referred to as “the Company”) is committed to protecting the privacy and security of personal data. This GDPR Compliance Policy outlines our approach to ensuring compliance with the General Data Protection Regulation (GDPR).

2. Data Collection and Processing
– Lawfulness, Fairness, and Transparency: The Company ensures that personal data is processed lawfully, fairly, and transparently.
– Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
– Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
– Accuracy: The Company takes reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
– Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
– Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3. Data Subject Rights
– Right to be Informed: Data subjects have the right to be informed about the collection and use of their personal data.
– Right of Access: Data subjects have the right to access their personal data and supplementary information.
– Right to Rectification: Data subjects have the right to have inaccurate personal data rectified or completed if it is incomplete.
– Right to Erasure (Right to be Forgotten): Data subjects have the right to have their personal data erased in certain circumstances.
– Right to Restrict Processing: Data subjects have the right to request the restriction or suppression of their personal data in certain circumstances.
– Right to Data Portability: Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.
– Right to Object: Data subjects have the right to object to the processing of their personal data in certain circumstances.
– Rights Related to Automated Decision Making and Profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

4. Data Protection by Design and Default
The Company implements appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

5. Data Security
– Confidentiality: Ensuring that personal data is accessible only to those authorized to access it.
– Integrity: Safeguarding the accuracy and completeness of personal data.
– Availability: Ensuring that authorized users have access to personal data when required.

6. Data Breach Management
– Breach Notification: The Company has a procedure in place to detect, report, and investigate a personal data breach.
– Notification to Supervisory Authority: The Company will notify the relevant supervisory authority of a data breach within 72 hours of becoming aware of it, where feasible.
– Notification to Data Subjects: Where a breach is likely to result in a high risk to the rights and freedoms of individuals, the Company will inform the data subjects without undue delay.

7. Data Protection Officer (DPO)
The Company appoints a Data Protection Officer to oversee GDPR compliance and to act as a point of contact for data subjects and supervisory authorities.

8. Training and Awareness
The Company provides training to employees and stakeholders to ensure awareness and understanding of GDPR requirements and the importance of data protection.

9. Record Keeping
The Company maintains records of processing activities, including the purposes of processing, data sharing, and retention periods.

10. Data Transfers
The Company ensures that any transfer of personal data outside the European Economic Area (EEA) is subject to appropriate safeguards in compliance with GDPR requirements.

11. Policy Review
This policy is reviewed regularly and updated as necessary to ensure continued compliance with GDPR.

Contact Information
For any queries or concerns regarding this GDPR Compliance Policy or the handling of personal data, please contact our Data Protection Officer at [[email protected]]