Data Protection

Purpose

The purpose of this Data Protection Policy is to establish a framework for safeguarding all personal data collected, stored, processed, and/or transferred by Trigyn Technologies Limited and its subsidiaries ("Trigyn"). This policy complies with internationally recognized data protection standards, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and India’s Digital Personal Data Protection Act (DPDP Act).

Objectives

  1. Empower individuals with control over their personal data and protect their fundamental rights and freedoms.
  2. Ensure the lawful collection, storage, processing, and transfer of personal data.
  3. Standardize the treatment of personal data across all Trigyn entities and operations.
  4. Transfer personal data only in accordance with Trigyn’s data privacy standards and applicable laws.

Scope

This policy applies to all individuals/entities within Trigyn’s operations who collect, store, and/or process personal data, including:

  • Trigyn employees,
  • Contractors,
  • Working partners.

Policy statement

Trigyn is committed to ensuring that personal data relating to natural persons—including employees, suppliers, and customers—is processed lawfully, fairly, and transparently in accordance with applicable data protection laws. Trigyn respects individuals' privacy rights and promotes the responsible use of personal information.

Policy Guidelines

Data Collection and Purpose Limitation

  1. Trigyn, as both a data controller and processor, will clearly define the specific purposes for which personal data is collected and ensure that data processing aligns with those purposes.
  2. Personal data collection will be:
    • Adequate, relevant, and limited to what is necessary.
    • Retained only for as long as necessary for the stated purpose.
  3. Trigyn will not process personal data for secondary purposes without obtaining explicit consent from the data subject.

Lawful Processing

Personal data will be processed only when:

  1. Complete a process or deliver a service requested by the data subject.
  2. Consent has been explicitly provided by the data subject.
  3. Processing is necessary for the performance of a contract.
  4. Processing is required to comply with legal obligations.
  5. It is necessary to protect the vital interests of a data subject or another individual.
  6. It is in the legitimate interest of Trigyn or third parties, provided it does not override the rights and freedoms of the data subject.

IT Systems Compliance

Trigyn will utilize IT systems and applications that comply with data protection laws, including:

  • Secure storage and encryption for personal data.
  • Appropriate safeguards for data transfer and access.

Data Protection Impact Assessments (DPIAs)

Where required under GDPR or other laws, Trigyn will conduct Data Protection Impact Assessments to identify and mitigate risks associated with the processing of personal data.

Data Collection, Transfers, and Processing

  1. Data Collection: Personal data, including sensitive personal data, may be collected for purposes such as:
    • Administering business relationships.
    • Operational requirements.
    • Market research or customer satisfaction surveys.
    • Fraud detection and prevention.
    • Legal compliance.
  2. Data Transfers: Personal data will be transferred only:
    • To Trigyn affiliates, authorized third parties, or investigators.
    • When legally required or with the data subject’s explicit consent.
    • Using safeguards like Standard Contractual Clauses (SCCs) for international transfers under GDPR or equivalent mechanisms under DPDP.
  3. Consent: Trigyn will obtain clear, explicit, and informed consent from data subjects before collecting, transferring or processing their personal data. Data subjects can withdraw consent at any time by contacting the appropriate authority within Trigyn.
  4. Third-Party Processing: Trigyn will ensure that third parties processing personal data on its behalf adhere to strict contractual safeguards, including confidentiality and security requirements.

Confidentiality and Security

Trigyn employs robust security measures to protect personal data, including:

  1. Administrative, physical, and technical safeguards to prevent unauthorized access or misuse.
  2. Written agreements with vendors and subcontractors to ensure data confidentiality and compliance with applicable laws.
  3. Regular audits and reviews of security protocols.

Data Subject Rights

Trigyn recognizes the rights of data subjects under applicable laws, including the right to:

  1. Access their personal data.
  2. Rectify inaccuracies or update their personal data.
  3. Request deletion of personal data (right to be forgotten).
  4. Object to or restrict processing in certain circumstances.
  5. Receive personal data in a portable format.
  6. Withdraw consent at any time without affecting the lawfulness of prior processing. Data subjects can exercise these rights by contacting Trigyn’s Data Protection Officer (DPO).

Data Retention

Personal data will be retained only as long as necessary to fulfill the stated purposes or as required by law. Data deletion processes will be evaluated by the DPO to ensure compliance with legal and business requirements.

Breach Notification

In the event of a data breach:

  1. Trigyn will notify affected individuals and regulatory authorities promptly, as required by law.
  2. Steps will be taken to mitigate the breach and prevent future incidents.
  3. All employees must report suspected breaches to the DPO immediately.

Review

This policy will be reviewed at least annually or as necessitated by changes in legal requirements or business operations.

Responsibilities

  1. Trigyn as Data Controller:
    • Ensures compliance with data protection laws and secures personal data.
  2. HR Department:
    • Obtains consent or issues privacy notices to employees in accordance with this policy.
  3. Data Protection Officer (DPO):
    • Oversees the implementation of this policy and ensures compliance in all regions where Trigyn operates.
  4. Employees and Contractors:
    • Must handle personal data responsibly and report potential breaches.

Enforcement

  1. All violations of this policy will be reported to the DPO and may result in disciplinary action, including termination of employment for repeated violations.
  2. Violations will be handled in line with Trigyn’s Breach Notification and Information Security protocols.

Definitions

  1. Data Subject: Any individual whose personal data is processed by Trigyn.
  2. Personal Data: Information related to an identifiable individual, including sensitive data such as biometric or health information.
  3. Lawful Processing: Data processing conducted in accordance with applicable national or international laws.
  4. Data Protection Laws: GDPR, CCPA, CPRA, VCDPA, DPDP Act, and other applicable laws.

Contact Information

For questions or to exercise your rights, contact Trigyn’s Data Protection Officer:

Email: dataprotection@trigyn.com
Address: Data Protection Officer
Trigyn Technologies Limited
27 SDF-1, SEEPZ, Andheri (East)
Mumbai 400 096