Sahyogi
GDPR Compliance

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Fully GDPR Compliant Since May 2018

1. Our GDPR Commitment

Sahyogi.ai is fully committed to compliance with the General Data Protection Regulation (GDPR). We respect your privacy rights and have implemented comprehensive measures to ensure your personal data is protected according to the highest European standards.

This page outlines your rights under GDPR and how we fulfill our obligations as a data controller and processor.

2. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Portability

Export your data in a machine-readable format

Right to Restrict

Limit how we process your personal data

Right to Object

Object to certain types of data processing

3. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR:

Consent (Article 6(1)(a))

For marketing communications, non-essential cookies, and optional features. You can withdraw consent at any time.

Contract Performance (Article 6(1)(b))

To provide our AI services, process payments, and fulfill our contractual obligations to you.

Legitimate Interest (Article 6(1)(f))

For service improvement, security monitoring, fraud prevention, and business analytics.

Legal Obligation (Article 6(1)(c))

To comply with legal requirements, tax obligations, and regulatory compliance.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the methods below:

Request Process:

  1. Submit Request: Email us at gdpr@sahyogi.ai with your request
  2. Identity Verification: We may ask for identification to verify your identity
  3. Processing Time: We will respond within 30 days (may extend to 60 days for complex requests)
  4. Free of Charge: Most requests are processed free of charge
  5. Follow-up: We will keep you informed throughout the process

Data Access Request

We will provide a comprehensive report of all personal data we hold about you, including sources and processing purposes.

Data Deletion Request

We will permanently delete your data unless we have a legal obligation to retain it.

5. Data Protection Measures

We implement comprehensive technical and organizational measures to ensure GDPR compliance:

Technical Safeguards

  • End-to-end encryption (AES-256) for all data
  • Secure data transmission (TLS 1.3)
  • Regular security audits and penetration testing
  • Multi-factor authentication for all accounts
  • Automated backup and disaster recovery systems

Organizational Measures

  • Data Protection Officer (DPO) appointed
  • Regular staff training on data protection
  • Privacy by design in all new features
  • Data processing impact assessments
  • Incident response and breach notification procedures

International Transfers

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions for approved countries
  • Data localization options available
  • Regular assessment of transfer mechanisms

6. Lawful Basis for Processing

We process personal data only when we have a lawful basis under GDPR Article 6:

Data TypeLawful BasisPurpose
Account InformationContract PerformanceProvide AI services
Usage AnalyticsLegitimate InterestService improvement
Marketing DataConsentMarketing communications
Payment InformationLegal ObligationTax and compliance

7. Data Breach Response

In the unlikely event of a data breach, we have comprehensive procedures in place:

Detection

24/7 monitoring systems detect potential breaches immediately

72-Hour Notification

Supervisory authorities notified within 72 hours as required

User Notification

Affected users notified promptly with clear information

8. Data Protection Officer (DPO)

We have appointed a qualified Data Protection Officer to oversee our GDPR compliance and serve as your point of contact for data protection matters.

DPO Responsibilities:

  • Monitor GDPR compliance across all operations
  • Conduct privacy impact assessments
  • Serve as contact point for supervisory authorities
  • Provide data protection training to staff
  • Handle data subject requests and complaints
  • Advise on data protection matters

Contact Our DPO:

Email: dpo@sahyogi.ai

Subject Line: "GDPR Data Subject Request"

Response Time: Within 72 hours for acknowledgment

9. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the relevant supervisory authority.

EU Residents

Contact your local Data Protection Authority or the European Data Protection Board (EDPB).

Indian Residents

Contact the Data Protection Board of India or relevant state authority.

Before Filing a Complaint

We encourage you to contact us first at gdpr@sahyogi.ai. We are committed to resolving any concerns directly and promptly.

10. Ongoing Compliance

We maintain GDPR compliance through continuous monitoring and improvement:

Quarterly compliance audits by independent third parties
Annual staff training on GDPR requirements and updates
Regular policy reviews to reflect legal changes
Vendor compliance assessments for all third-party services
Privacy impact assessments for new features and processes

GDPR Questions or Requests?

Our Data Protection Officer and privacy team are here to help with any GDPR-related questions or requests.

Data Protection Officer: dpo@sahyogi.ai
GDPR Requests: gdpr@sahyogi.ai
Address: 1225, Shivalik Shilp, Iskcon Cross Road, SG Highway, Ahmedabad - 380015, Gujarat, India

Response Time: We respond to all GDPR requests within 30 days (or 60 days for complex requests) as required by law.