Data Protection & GDPR

Last updated: December 10, 2025

1. Introduction

Ingress IT Solutions is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our commitment to the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) and provide the following guarantees:

  • Lawful basis for data processing
  • Data minimization practices
  • Purpose limitation
  • Accuracy and integrity of data
  • Storage limitation
  • Security of personal data

3. Your Data Protection Rights

Under GDPR, you have the following rights:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Oppose certain types of processing
  • Rights Related to Automated Decision Making: Know how automated decisions are made

4. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Consent: You have explicitly given consent for processing
  • Contract: Processing is necessary to perform a contract with you
  • Legal Obligation: We are required to process data by law
  • Vital Interests: Processing is necessary to protect vital interests
  • Public Task: Processing is necessary for a public task
  • Legitimate Interests: Processing is necessary for our legitimate interests

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Retention periods vary depending on the context of the processing:

  • Customer data: Retained for the duration of the contract plus 7 years for tax purposes
  • Marketing data: Retained until consent is withdrawn
  • Website analytics: Retained for 26 months
  • Support communications: Retained for 3 years

6. Data Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption of data in transit and at rest (SSL/TLS protocols)g
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Data processing agreements with third parties
  • Incident response procedures

7. International Data Transfers

Some of your personal data may be transferred to countries outside the European Economic Area (EEA). We ensure such transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) or your explicit consent.

8. Data Processing Agreements

We have executed Data Processing Agreements (DPAs) with all processors who handle personal data on our behalf. These agreements ensure processors comply with GDPR requirements.

9. Data Protection Officer

Ingress IT Solutions has appointed a Data Protection Officer (DPO) who oversees our data protection compliance. You can contact our DPO with any data protection concerns.

10. Exercising Your Rights

To exercise any of your data protection rights, please contact us with your request. We will respond within 30 days (extendable by 60 days for complex requests). You may need to provide proof of identity for verification purposes.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of discovery, as required by GDPR.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In the EU, each member state has a Data Protection Authority.

13. Contact & Requests

For data protection inquiries, requests, or complaints, please contact us at:

Ingress IT Solutions Data Protection Officer
Email: [email protected]
Phone: +91 (79) 4848-0404
Address: Ahmedabad, Gujarat, India

14. Changes to This Policy

We may update this Data Protection Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes via email or prominent notice on our website.