GDPR Compliance

Your rights under the General Data Protection Regulation

Committed to GDPR Compliance

Pravi is fully committed to compliance with the General Data Protection Regulation (GDPR). We respect your privacy rights and provide transparent information about how we process your personal data.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to obtain confirmation that we process your data and request a copy of your personal information we hold.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Additional Rights

  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

How We Process Your Data

We process your personal data in accordance with GDPR principles:

  • Lawfulness, fairness, and transparency: We process data lawfully and inform you clearly about how we use it
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimization: We only collect data that is necessary for our purposes
  • Accuracy: We take steps to ensure personal data is accurate and up-to-date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our services to you

Legitimate Interests

Processing necessary for our legitimate business interests, balanced against your rights

Legal Obligation

Processing necessary to comply with legal requirements

Consent

Processing based on your explicit consent, which you can withdraw at any time

Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally compliant transfer mechanisms.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR requirements. You can contact our DPO with any questions or concerns about how we handle your personal data.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month, though this may be extended by two additional months in complex cases.

Submit a Request

To make a request regarding your personal data, please email us with details of your request and proof of identity.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include encryption, access controls, regular security assessments, and staff training on data protection.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any case within 72 hours of becoming aware of the breach.

Contact Our Data Protection Officer

For any questions about GDPR compliance or to exercise your rights:

Data Protection Officer

Email: [email protected]

Address: 123 Innovation Drive, San Francisco, CA 94105

Phone: +1 (555) 123-4567

You also have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR requirements.