GDPR Compliance

Last updated: 7 December 2025

1. Our Commitment to GDPR

Equily HRMS is committed to protecting the privacy and personal data of all our users, including those in the European Union. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

While we are an Indian company, we recognize the importance of international data protection standards and have implemented measures to ensure GDPR compliance for our global users.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

  • Consent: When you explicitly consent to data processing
  • Contract Performance: To fulfill our contractual obligations
  • Legitimate Interest: For legitimate business purposes
  • Legal Obligation: To comply with applicable laws
  • Vital Interest: To protect vital interests of individuals

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

3.3 Right to Erasure (Article 17)

You have the right to request the deletion of your personal data under certain circumstances.

3.4 Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data in certain situations.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data for direct marketing or other legitimate interests.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, that produces legal effects concerning you.

4. Data Processing Principles

We adhere to the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only the data necessary for our purposes
  • Accuracy: We keep personal data accurate and up-to-date
  • Storage Limitation: We retain data only as long as necessary
  • Security: We implement appropriate technical and organizational measures
  • Accountability: We are responsible for demonstrating compliance

5. Data Protection Measures

5.1 Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication for system access
  • Regular security audits and penetration testing
  • Secure data centers with physical security measures
  • Automated backup and disaster recovery systems

5.2 Organizational Safeguards

  • Data Protection Officer (DPO) appointment
  • Employee training on data protection
  • Privacy by design and default principles
  • Regular privacy impact assessments
  • Incident response procedures

6. Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with third parties
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Document all breaches and remedial actions taken
  • Cooperate with authorities during investigations

8. Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Data Protection Officer

Email: hello@equily.in

Phone: +91 7011733681

Address: Gurgaon, Haryana, India

We will respond to your request within one month of receipt. If we need more time, we will inform you of the reasons and the expected timeframe.

9. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your local authority at the European Data Protection Board website.

10. Updates to This Policy

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.