GDPR Compliance
Our Commitment to Data Protection
DevSimplex is committed to protecting your personal data and privacy rights in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Understanding GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to any organization that processes personal data of individuals in the European Union, regardless of where the organization is located. As a global software development company, DevSimplex ensures full GDPR compliance for all our EU clients and website visitors.
Your Data Protection Rights
Under GDPR, you have several important rights regarding your personal data. Here's what each right means and how you can exercise it:
Right to Information
Know what personal data we collect, why we collect it, and how we use it.
Right of Access
Request copies of your personal data and information about how it's processed.
Right to Rectification
Correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data under certain circumstances.
Right to Restrict Processing
Limit how we process your personal data in specific situations.
Right to Data Portability
Receive your personal data in a structured, commonly used format.
Right to Object
Object to processing of your personal data for certain purposes.
Right to Withdraw Consent
Withdraw your consent for processing at any time where consent is the legal basis.
How to Exercise Your Rights
You can exercise your GDPR rights by contacting us through any of the following methods:
- Email: privacy@devsimplex.com
- Subject Line: "GDPR Data Subject Request"
- Response Time: We will respond within 30 days (1 month) as required by GDPR
- Verification: We may need to verify your identity to protect your data
- Free of Charge: Exercising your rights is generally free, unless requests are excessive
Our GDPR Compliance Measures
DevSimplex has implemented comprehensive measures to ensure GDPR compliance across all aspects of our business:
Data Protection by Design
- Privacy impact assessments for all new projects
- Data minimization principles in all systems
- Privacy settings designed as user-friendly defaults
- Regular security and privacy audits
Technical Safeguards
- End-to-end encryption for data in transit and at rest
- Multi-factor authentication and access controls
- Regular security updates and vulnerability assessments
- Secure cloud infrastructure with GDPR-compliant providers
Organizational Measures
- GDPR training for all employees and contractors
- Designated Data Protection Officer (DPO)
- Data processing agreements with all third parties
- Incident response procedures for data breaches
Transparency and Accountability
- Clear and accessible privacy policies
- Records of processing activities
- Regular compliance reviews and updates
- Proactive communication about privacy practices
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
Legal Basis | Purpose |
---|---|
Contractual Necessity | Providing software development services, project management, invoicing |
Legitimate Interest | Business operations, website analytics, security monitoring |
Consent | Marketing communications, non-essential cookies, newsletters |
Legal Obligation | Tax compliance, accounting records, regulatory requirements |
Data Transfers and International Processing
As a global company, we may transfer your personal data to countries outside the EU. We ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate protection as determined by the EU Commission
- Standard Contractual Clauses (SCCs): EU-approved contracts ensuring GDPR-level protection
- GDPR-Compliant Service Providers: All third parties must demonstrate GDPR compliance
- Data Processing Agreements: Formal contracts governing data processing activities
Data Security Measures
We implement state-of-the-art security measures to protect your personal data:
Technical Measures
- • AES-256 encryption for data at rest
- • TLS 1.3 encryption for data in transit
- • Multi-factor authentication
- • Regular security audits and penetration testing
- • Automated security monitoring
Organizational Measures
- • Access controls and role-based permissions
- • Regular employee training on data protection
- • Confidentiality agreements with all staff
- • Incident response and breach notification procedures
- • Regular compliance reviews and updates
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Inform affected individuals without undue delay if the breach poses a high risk
- Provide clear information about the nature of the breach and the measures being taken
- Implement immediate containment and remediation measures
- Conduct a thorough investigation and implement additional safeguards as needed
Children's Data Protection
We do not knowingly collect personal data from children under 16 years of age. Our services are directed at businesses and professional users. If we become aware that we have collected personal data from a child under 16, we will delete such information immediately.
Supervisory Authority
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority:
For EU Residents:
Contact your local data protection authority. You can find a list of EU supervisory authorities at:EDPB Member List
Regular Compliance Reviews
We regularly review and update our GDPR compliance measures to ensure they remain effective and current. This includes annual assessments of our data processing activities, security measures, and privacy policies.
Contact Our Data Protection Officer
Data Protection Officer (DPO)
Email: dpo@devsimplex.com
Alternative: privacy@devsimplex.com
Response Time: Within 30 days of receipt
Languages: English, Urdu
Questions about GDPR or your data rights?
Our Data Protection Officer is available to help you understand your rights and assist with any data protection concerns. We're committed to transparency and will work with you to address any questions.