Eminenture is an incredible transformer that promises to have a great digital future pillared on the best strategic approach. Our disruptive technologies collate innovation & upskills to onboard new partners and hundreds of associates for living up to promises. These are to change for better future, faster growth and greater opportunities.
Efforts need a boost, which motivates customers and employees to go some extra miles with us. Excelling in delivering premium quality, value-additions, excellent performance and timely feedbacks drives the way we engage & onboard to pinnacle, crowning us with more opportunities & leadership.
Home
GDPR FAQs
Being a trustworthy & reputed Data Processor & Controller, Eminenture is firmly committed to protect the personal information of the data subjects or users through our well-defined Privacy Policies. Here are a few concerns that you may want to know about the GDPR compliance and what roles we play to keep its soul alive.
It expands as General Data Protection Regulation, which improves and enhances data privacy & protection of the European Union and European Economic Area (EEA). Presently, it has 28 member countries from European Union with Norway, Liechtenstein and Iceland.
It was stated in the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
The GDPR is globally applied to those who control and process data within the European Union (EU) or Outside the EU, which broadly include the offering of goods and services or monitoring the behavior of data subject when in the Union.
It can be, but not limited to hosting, encrypting, decrypting, examining, modifying, storing, backups or retrieving, destroying, deleting or removing EU personal data, which can be manual, automated or semi-automated.
These are a few examples, but not limited to EU citizen’s email address, phone number, name, work place or any other ID (as Skype or Twitter ID) etc.
Eminenture has proactively revised Data Privacy Policies & Protection Programs while keeping the GDPR into account. A special task force is formed to work on all new requirements that are concerned with this new law.
Even, we frequently reach out to you for upgrading about these policies.
Eminenture has predefined the process of Access Request, encompassing various rights of the data subject. The data subject can raise his request upon registering with us via a defined channel. Later, the concerned authority shall respond clearly (underlining reasons for rejections, if there is any) in a timely manner.
For monitoring the compliance, we have employed a Data Protection officer to look into various requirements of GDPR. We administer every request as a data processor while considering all clauses in the contract with the client (Data Controller).
We mandate every employee to take up a training course or session on the information security and data privacy. Even, we host a specialized session on the newly introduced privacy policies like GDPR to inform our employees and other stakeholders about.
We take all necessary actions as being a Data Processor, together with providing assistance with respect to the GDPR when a specific contracted requirement is raised by our clients.
We have already set up the defined processes for IT Security, Data Incident and Fraud Management, which we frequently revise to avoid GDPR or privacy infringement. We shall stick to mandatory breach notification timelines as per GDPR.
Being a data processor, Eminenture religiously informs clients about the contractually agreed terms and conditions. If required, we help them meet the GDPR requirements.
Eminenture has a robust and well-defined mechanism to legitimate data transfers outside European Economic Area (EEA), in-house transfers, client to Eminenture or Eminenture to its suppliers (sub-processors).
We have drafted a blueprint of the Standard Contractual Clauses to protect privacy of data during such transfers. These clauses are published by the European Commission to allow private data transfers to other countries from the European Economic Area.
Eminenture has already defined the way we process activities in the Data Flow Diagram (DFD), which touches all aspects of information, technical and organisational controls. We have separately put the Service Agreements (Master Services Agreement & Data Processing Practices) in place, defining client and supplier specific processing activities.
We have set up an Information Security Management System, involving privacy policies & programs, to manipulate the technical and organizational controls for managing information.
Our “Information Security Management System (ISMS)” comprises the adopted international standards stated in the rule-book of NASSCOM, ISO 27001:2013 and other legislative requirements like HIPAA.
Parental consent comes foremost when we need to process the personal data of the data subjects that under the age of 16. The member states may pass the provision to redefine the lower age. But, this shall not be below 13.
Eminenture keeps an eye on the Member State Law, if there is any, to consider if it is worth to append with ours. Besides, we frequently host internal and external audits to abide by the guidelines in the ISO 27001:2013, as we are certified for the same reasons.
No. The GDPR allows EU data transfers to the third country subject to set conditions compliance, which includes terms and conditions for further transfers.
Data protection by design and by default determines implementing appropriate technical and organization measures by the Data Controller at the time of determining the means for processing and at the time of processing itself so that the soul of data protection principles can be kept alive.
Make sure that personal data only are collected & then, processed, which is corresponding to the necessity of having only personal data for achieving a specific purpose.
You will receive a GDPR communication package from Eminenture, which clears all doubts. In case the doubts still persist, contact our Procurement Representative.
Yes, this is a standalone document, which mandates us to comply with the GDPR obligations for different engagements. It amends all agreements between your company and Eminenture.
Yes. You have to ensure that your processing practices are compliant with this law, which includes but not limited to abiding by the technical and operational measures to protect EU personal data, screening your company’s compliance together with the GDPR compliance for your sub processors. It’s an obligation to do so under the DPA. We contact you if there are some additional Eminenture Supplier GDPR requirements.
