GDPR
Compliance.
XC0MRADE Technologies is committed to protecting personal data and respecting the privacy rights of all users, including those protected under the EU General Data Protection Regulation (GDPR).
Data Controller
The data controller responsible for your personal data is:
Legal Bases for Processing
Under GDPR Article 6, we process personal data only when we have a valid legal basis. Below are the legal bases we rely on:
| Legal Basis | Description |
|---|---|
| Consent | When you create an account or opt-in to communications. |
| Contract | Processing necessary to perform our services to you. |
| Legal Obligation | Processing required by Indian law. |
| Legitimate Interest | Processing necessary for our business operations. |
Your Data Subject Rights
Under GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please email privacy@xcomrade.tech with your request. We will respond within 30 days.
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format within 30 days.
Right to Rectification
You have the right to request correction of inaccurate personal data or to have incomplete data completed. You can update most profile information directly from your dashboard.
Right to Erasure
You have the right to request deletion of your personal data when it is no longer necessary for the purpose it was collected. Some data may be retained where required by Indian law (PMLA, IT Act).
Right to Restriction
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, machine-readable format and to transmit that data to another controller without hindrance.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
International Data Transfers
Your data may be processed and stored in India and by third-party service providers located in other jurisdictions. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Adequacy decisions by the European Commission
- Encryption in transit and at rest for all cross-border data transfers
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. For detailed retention periods, please refer to our Privacy Policy.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk, we will also notify the affected individuals directly.
Data Protection Contact
For any questions or requests relating to GDPR compliance or your personal data rights, contact our Data Protection Officer: