Zentrovia Solutions Private Limited ("Zentrovia", "we", "us", or "our") processes personal data of individuals in the European Economic Area (EEA) and the United Kingdom in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR as incorporated by the Data Protection Act 2018.
This page should be read together with our Privacy Policy and, where we process personal data on behalf of a business customer, our Data Processing Agreement.
1. Our Role
Depending on the context, Zentrovia acts as:
- Data controller for personal data we collect directly through our Website (e.g. contact-form inquiries, newsletter subscriptions, cookie data).
- Data processor for personal data we process on behalf of business customers who use our platforms and professional services. Those relationships are governed by a written Data Processing Agreement.
2. Lawful Bases for Processing
We rely on one or more of the following lawful bases under Article 6 GDPR:
- Consent (Art. 6(1)(a)) — e.g. for non-essential cookies and marketing emails.
- Contract (Art. 6(1)(b)) — to deliver services you or your employer have engaged us for.
- Legitimate interests (Art. 6(1)(f)) — e.g. to secure our infrastructure, prevent abuse, and improve our services, where those interests are not overridden by your rights and freedoms.
- Legal obligation (Art. 6(1)(c)) — e.g. to retain invoices and tax records.
3. Your Rights as a Data Subject
Under GDPR you have the right to:
- Access the personal data we hold about you (Art. 15).
- Rectification of inaccurate or incomplete data (Art. 16).
- Erasure — the "right to be forgotten" (Art. 17).
- Restriction of processing (Art. 18).
- Data portability — receive your data in a structured, commonly-used, machine-readable format (Art. 20).
- Object to processing based on legitimate interests or direct marketing (Art. 21).
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3)).
- Lodge a complaint with a supervisory authority — typically the one in the EU/UK country where you live or work.
To exercise any of these rights, please email privacy@zentrovia.tech. We will respond within one month, and may request proof of identity before releasing personal data. There is no charge unless requests are manifestly unfounded or excessive.
4. International Transfers
Zentrovia is headquartered in India. Personal data of EU/UK residents may be transferred to, and processed in, India and other jurisdictions. Where transfers are to countries without an adequacy decision from the European Commission or the UK ICO, we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission (2021/914) and the UK IDTA/SCC Addendum, supplemented by appropriate technical and organizational measures.
5. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Contact-inquiry data is retained for up to 24 months after the last interaction; analytics data is retained per the Google Analytics default for our property.
6. Security
We implement appropriate technical and organizational measures to safeguard personal data, including encryption in transit (TLS) and at rest, access controls, logging, and regular review. See our Security page for detail.
7. Sub-processors
We engage a limited number of sub-processors (including cloud hosting, email delivery, and analytics providers) who act only on our documented instructions and under written contracts that include GDPR Article 28 obligations. A list of current sub-processors is available on request via privacy@zentrovia.tech.
8. Data Protection Contact
While Zentrovia is not currently required to appoint a Data Protection Officer under Article 37, we have designated a privacy contact point:
Zentrovia Solutions Private Limited
Attn: Privacy Team
#499, NGEF Layout, Mallathahalli
Bengaluru, Karnataka 560056, India
Email: privacy@zentrovia.tech
9. EU/UK Representative
If required under Article 27 GDPR, we will appoint an EU representative and publish their contact details here. Customers with a specific contractual requirement to name an EU or UK representative should contact us directly.