GDPR Compliance Statement
Last updated: 1st April 2024
At BriBooks (YouBooks Edtech Pvt. Ltd.), we are committed to ensuring the protection of personal data and maintaining compliance with the General Data Protection Regulation (GDPR) requirements. This statement outlines our dedication to GDPR compliance, our compliance plan, safeguarding measures, data subject rights, privacy policy, third-party processing, and international data transfers.
BriBooks (YouBooks Edtech Pvt. Ltd.), is committed to ensuring the protection and privacy of personal data in accordance with the General Data Protection Regulation (GDPR). As both a data processor and data controller, we recognize the importance of maintaining the confidentiality, integrity, and availability of personal data entrusted to us.
Data Processor Responsibilities:
- Lawful Processing: We only process personal data on behalf of our clients in accordance with their documented instructions, ensuring lawful grounds for processing under the GDPR.
- Data Security: We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- Confidentiality: Our employees who process personal data are bound by confidentiality obligations, ensuring the confidentiality of personal data at all times.
- Data Subject Rights: We assist our clients in fulfilling their obligations regarding data subject rights, including the rights to access, rectification, erasure, and restriction of processing.
- Data Breach Response: In the event of a personal data breach, we promptly notify our clients and provide all necessary assistance in compliance with GDPR requirements.
Data Controller Responsibilities:
- Lawful Processing:We ensure that personal data collected and processed by us is done so lawfully, transparently, and for specified, explicit purposes.
- Data Minimization: We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
- Consent Management: When relying on consent as a legal basis for processing personal data, we obtain explicit consent from data subjects and maintain records of such consent.
- Data Subject Rights: We facilitate the exercise of data subject rights and respond to requests in a timely manner, ensuring transparency and fairness in our data processing activities.
- Data Protection Impact Assessments (DPIAs): We conduct DPIAs where necessary to assess and mitigate risks associated with our data processing activities, particularly those involving high risks to data subjects' rights and freedoms.
Our appointed Data Protection Officer (DPO) is Rupesh Kanth. Our representative can be reached via email at info@brobooks.com or by mail at Youbooks Edtech Pvt. Ltd., 808 French Road, #05-151, Kitchner Complex, Singapore(200808). The DPO serves as the point of contact for data subjects regarding all matters related to personal data processing, GDPR compliance, and data protection concerns.
Our GDPR compliance plan includes the following key components:
- Data Inventory:We maintain a comprehensive inventory of all personal data processed by our organisation.
- Data Protection Impact Assessments (DPIAs):We conduct DPIAs for high-risk processing activities to assess and mitigate potential risks to data subjects.
- Data Protection by Design and Default:We integrate data protection principles into our systems, products, and processes from the outset.
- Employee Training:We provide regular training to employees on GDPR requirements and their responsibilities in ensuring data protection.
- Incident Response Plan:We have an incident response plan in place to promptly address any data breaches and mitigate their impact.
- Data Retention and Disposal:We establish clear retention periods for personal data and implement secure disposal methods when data is no longer needed.
- Compliance Monitoring:We regularly review and update our data processing activities to ensure ongoing compliance with GDPR requirements.
At BriBooks (YouBooks Edtech Pvt. Ltd.), safeguarding personal data is paramount. We implement a comprehensive set of technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, in compliance with the General Data Protection Regulation (GDPR). Our safeguarding measures include:
- Access Controls:We employ strict access controls to limit access to personal data only to authorised personnel who require it for legitimate purposes. Access rights are regularly reviewed and updated based on job roles and responsibilities.
- Encryption:Personal data is encrypted both, at rest and in transit using industry-standard encryption algorithms. This ensures that even if unauthorised access occurs, the data remains unintelligible and unreadable without the appropriate decryption keys.
- Pseudonymization:Wherever feasible, personal data is pseudonymized to reduce the risk of unauthorised identification of individuals. Pseudonymization involves replacing identifying information with artificial identifiers, making it more challenging to link data to specific individuals without additional information.
- Data Minimization:We adhere to the principle of data minimization, ensuring that only the minimum amount of personal data necessary for a specific purpose is processed. Unnecessary or excessive data collection is avoided to mitigate risks associated with data processing.
- Data Integrity Controls:We implement measures to maintain the accuracy and integrity of personal data throughout its lifecycle. This includes implementing mechanisms to prevent unauthorised or accidental alteration, deletion, or destruction of data.
- Security Awareness Training:All employees undergo regular security awareness training to educate them about their responsibilities in safeguarding personal data and to raise awareness about common security threats and best practices.
- Incident Response Plan:We have an incident response plan in place to detect, respond to, and recover from any data breaches or security incidents. The plan includes procedures for promptly notifying relevant authorities and affected individuals in accordance with GDPR requirements.
- Regular Security Assessments:We conduct regular security assessments, including vulnerability scans and penetration testing, to identify and address security vulnerabilities proactively. This helps us ensure that our systems and infrastructure remain resilient against evolving cyber threats.
- Contractual Obligations with Third Parties:When engaging third-party service providers or processors, we enter into contracts that include stringent data protection clauses and requirements. These contracts outline the responsibilities of the third parties in safeguarding personal data and ensure compliance with GDPR requirements.
- Data Protection Impact Assessments (DPIAs):We conduct DPIAs for high-risk data processing activities to assess potential risks to data subjects' rights and freedoms. The findings of DPIAs are used to implement additional safeguards and mitigate identified risks.
- Regular Audits and Compliance Monitoring:We conduct regular audits of our data processing activities and internal controls to ensure ongoing compliance with GDPR requirements. Any identified non-compliance issues are promptly addressed and remediated.
These safeguarding measures demonstrate our commitment to protecting personal data and ensuring compliance with GDPR requirements. We continuously evaluate and improve our security measures to adapt to new threats and regulatory changes, ensuring the highest level of data protection for our customers and stakeholders. Any kind of certification provides a standard.
At Bribooks (YouBooks Edtech Pvt. Ltd.), we respect the rights of individuals, known as data subjects, as outlined in the General Data Protection Regulation (GDPR). These rights empower individuals to have control over their personal data and how it is processed. We are committed to upholding these rights and providing mechanisms for data subjects to exercise them. The following are the data subject rights under GDPR:
- Right to be Informed:Data subjects have the right to be informed about the collection and use of their personal data. This includes providing clear and transparent information about the purposes of processing, the legal basis for processing, the categories of personal data being processed, any recipients of the data, and how long the data will be retained. This information must be communicated in a concise, transparent, intelligible, and easily accessible format.
- Right to Access:Data subjects have the right to obtain confirmation from us as to whether or not personal data concerning them is being processed and, if so, access to that personal data and certain related information. This includes information about the purposes of processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data has been or will be disclosed.
- Right to Rectification:Data subjects have the right to request the correction of inaccurate or incomplete personal data concerning them. Upon receiving such a request, we will promptly rectify any inaccuracies and ensure the data is up to date.
- Right to Erasure (Right to be Forgotten):Data subjects have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed, or when the data subject withdraws their consent and there is no other legal ground for processing.
- Right to Restriction of Processing:Data subjects have the right to request the restriction of processing of their personal data in certain situations, such as when the accuracy of the data is contested by the data subject, or when the processing is unlawful, but the data subject opposes erasure and requests restriction instead.
- Right to Data Portability:Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from us, where technically feasible.
- Right to Object to Processing:Data subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data, including profiling based on those provisions. We will cease processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.
- Rights in Relation to Automated Decision Making and Profiling:Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. However, this right does not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and us, is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or is based on the data subject's explicit consent. To exercise any of these rights or to make inquiries regarding the processing of personal data, data subjects can contact our Data Protection Officer (DPO) at info@bribooks.com. We are committed to promptly addressing and facilitating the exercise of these rights in accordance with GDPR requirements.
Our Privacy Policy, which outlines our data processing practices, rights of data subjects, and contact information for inquiries and complaints, can be accessed at Privacy Policy .
When engaging third-party processors to handle personal data on our behalf, we ensure that they provide sufficient guarantees of GDPR compliance and adhere to contractual obligations regarding data protection and security.
In cases where personal data is transferred outside the European Economic Area (EEA), we ensure compliance with GDPR requirements for such transfers by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or ensuring the receiving country has an adequate level of data protection as determined by the European Commission.
This GDPR compliance statement reflects Bribooks' commitment to protecting personal data and upholding the rights of data subjects in accordance with GDPR requirements. We continuously strive to maintain and improve our data protection practices to ensure the highest standards of compliance and accountability.