GDPR Compliance

Last Updated: May 16, 2025

At QRoom, we are committed to ensuring the privacy and protection of your personal data in compliance with the General Data Protection Regulation (GDPR). This page explains how we adhere to GDPR principles and outlines your rights under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas and aims to give control to individuals over their personal data.

Our Commitment to GDPR Compliance

QRoom is committed to ensuring that all personal data processing activities comply with GDPR principles. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Regular privacy impact assessments
• Data protection by design and by default
• Robust data security measures
• Staff training on data protection
• Clear procedures for data breach notification

Legal Basis for Processing

Under GDPR, we process personal data only when we have a valid legal basis to do so. The legal bases we rely on for processing personal data include:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Your Rights Under GDPR

The GDPR provides the following rights for individuals regarding their personal data:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR Compliance page.

2. Right of Access

You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.

3. Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.

4. Right to Erasure (Right to be Forgotten)

You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.

5. Right to Restrict Processing

You have the right to request that we restrict or suppress the processing of your personal data under certain circumstances.

6. Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services, allowing you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.

7. Right to Object

You have the right to object to the processing of your personal data based on legitimate interests or the performance of a task in the public interest, direct marketing, and processing for purposes of scientific/historical research and statistics.

8. Rights Related to Automated Decision Making and Profiling

You have rights related to automated decision making and profiling, which is the automated processing of your personal data to evaluate certain personal aspects.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance statement and our Privacy Policy. If you have any questions about this GDPR Compliance statement, including any requests to exercise your legal rights, please contact our DPO using the details set out below.

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Data Breach Notification

In the case of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

QRoom
Email: support@qroom.in
Address: 320, Polaris Mall, Vesu Canal Road, Surat - 395010

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

This GDPR Compliance statement was last updated on May 16, 2025.