Z
Zentiya
HomeLegalGDPR Compliance
GDPR Compliant Since 2018

GDPR Compliance

Our commitment to protecting your personal data under the General Data Protection Regulation (GDPR)

Last Updated: January 15, 2025

Quick Summary

  • We are fully compliant with the EU General Data Protection Regulation (GDPR)
  • You have complete control over your personal data and can exercise your rights at any time
  • We process data lawfully, transparently, and only for specified purposes
  • Your data is protected with enterprise-grade security measures
  • We have appointed a dedicated Data Protection Officer (DPO)

1. Introduction

Zentiya by LTK Soft Pvt Ltd ("Zentiya," "we," "us," or "our") is committed to protecting the privacy and security of your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

This GDPR Compliance Statement explains how we comply with GDPR requirements and outlines your rights as a data subject. This document should be read in conjunction with our Privacy Policy and Cookie Policy.

Our GDPR Commitment

We are fully committed to GDPR compliance and have implemented comprehensive technical and organizational measures to ensure the protection of personal data. We continuously monitor and update our practices to maintain the highest standards of data protection.

2. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under Article 6 of the GDPR:

Consent (Article 6(1)(a))

You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).

Contract (Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations (e.g., tax, accounting, regulatory requirements).

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests.

3. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data. We are committed to facilitating the exercise of these rights:

Right of Access

Request a copy of your personal data we hold

You can request a complete copy of all personal data we process about you, free of charge.

Right to Rectification

Correct inaccurate or incomplete data

You can request corrections to any inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data

Also known as the "right to be forgotten" - request deletion of your data under certain conditions.

Right to Restriction

Limit how we use your data

Request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

Receive your data in a portable format

Receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

Object to certain types of processing

Object to processing based on legitimate interests, direct marketing, or research purposes.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

dpo@zentiya.com

We will respond to your request within one month. In complex cases, we may extend this period by two additional months.

4. Data Protection Principles

We adhere to the six data protection principles outlined in Article 5 of the GDPR when processing personal data:

Lawfulness, Fairness & Transparency

We process data lawfully, fairly, and in a transparent manner.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes only.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary.

Accuracy

Personal data is kept accurate and up to date.

Storage Limitation

Data is kept only as long as necessary for the purposes it was collected.

Integrity & Confidentiality

Data is processed securely with appropriate technical and organizational measures.

5. Data Processing Activities

We maintain a Record of Processing Activities (ROPA) as required by Article 30 of the GDPR. Our main processing activities include:

Customer Account Management

Purpose:To create and manage customer accounts, process orders, and provide customer support
Data Processed:Name, email, phone number, billing address, payment information
Retention Period:Duration of customer relationship + 7 years for accounting purposes

Service Delivery

Purpose:To provide our POS and retail management services
Data Processed:Business information, transaction data, inventory data, employee data
Retention Period:Duration of subscription + 90 days for backup purposes

Marketing Communications

Purpose:To send promotional emails and product updates (with consent)
Data Processed:Name, email address, communication preferences
Retention Period:Until consent is withdrawn or 3 years of inactivity

Analytics & Improvement

Purpose:To analyze service usage and improve our platform
Data Processed:Usage data, device information, IP addresses (pseudonymized)
Retention Period:24 months

6. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place as required by Chapter V of the GDPR:

Transfer Mechanisms

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers to third countries
  • Adequacy Decisions: We transfer data to countries with EU adequacy decisions where applicable
  • Data Processing Agreements: All processors sign DPAs with appropriate safeguards

Our Data Centers

We primarily store data in EU-based data centers. When using non-EU processors, we ensure they meet GDPR requirements.

Primary: Frankfurt, Germany | Secondary: Dublin, Ireland

7. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR:

End-to-End Encryption

AES-256 encryption for data at rest and in transit

Access Controls

Role-based access control (RBAC) and multi-factor authentication

Data Pseudonymization

Personal identifiers separated from sensitive data

Regular Audits

Quarterly security audits and penetration testing

Staff Training

Mandatory GDPR and data protection training for all employees

Incident Response

24/7 security monitoring and incident response team

8. Data Breach Procedures

We have established procedures to detect, report, and investigate personal data breaches in compliance with Articles 33 and 34 of the GDPR:

Our Breach Response Process

1

1. Detection & Assessment

24/7 monitoring systems detect potential breaches. Immediate assessment of severity and impact.

Timeline: Within 24 hours

2

2. Containment

Immediate action to contain the breach and prevent further unauthorized access.

Timeline: Within 24-48 hours

3

3. Notification to Supervisory Authority

If the breach poses a risk to rights and freedoms, we notify the relevant supervisory authority.

Timeline: Within 72 hours

4

4. Notification to Data Subjects

If the breach poses a high risk, we notify affected individuals without undue delay.

Timeline: As soon as possible

5

5. Investigation & Remediation

Full investigation to determine cause and implement measures to prevent recurrence.

Timeline: Ongoing

9. Data Protection Officer (DPO)

In accordance with Article 37 of the GDPR, we have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance:

Contact Our DPO

Postal Address

Data Protection Officer
Zentiya by LTK Soft Pvt Ltd
#79/3, Outer Ring Road, Bellandur
Bangalore, Karnataka 560103
India

Our DPO is responsible for monitoring compliance, advising on data protection obligations, and serving as a contact point for data subjects and supervisory authorities.

10. Cookies & Tracking

We use cookies and similar tracking technologies in compliance with the ePrivacy Directive and GDPR. For detailed information, please see our Cookie Policy.

11. Third-Party Processors

We work with carefully selected third-party processors. All processors are bound by Data Processing Agreements (DPAs) that meet GDPR requirements under Article 28.

12. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

13. Children's Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children without parental consent as required by Article 8 of the GDPR.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined in Article 22 of the GDPR.

15. Complaints & Supervisory Authority

If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with a supervisory authority.

How to File a Complaint

  1. Contact our DPO first at dpo@zentiya.com - we aim to resolve issues directly
  2. If unresolved, contact your local supervisory authority (e.g., ICO in UK, CNIL in France)
  3. You can also contact the supervisory authority in our main establishment (Ireland)

Questions About GDPR Compliance?

Our Data Protection Officer is here to help. Contact us for any questions about how we process your personal data.

Contact DPO

Related Legal Documents

Privacy Policy

Read More

Terms of Service

Read More

Cookie Policy

Read More

Effective Date: May 25, 2018 (GDPR enforcement date)

Last Updated: January 15, 2025