Legal

GDPR Compliance

General Data Protection Regulation (EU) 2016/679

Last updated: November 22, 2025

Our Commitment to GDPR Compliance

Incresco Technology Solutions Private Limited ("Incresco") is committed to protecting the privacy and personal data of individuals in the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller Information

Data Controller: Incresco Technology Solutions Private Limited

2. Legal Basis for Processing Personal Data

We process personal data under the following legal bases:

2.1 Consent (Article 6(1)(a))

When you provide explicit consent for specific processing activities, such as marketing communications or newsletter subscriptions.

2.2 Contract Performance (Article 6(1)(b))

When processing is necessary to fulfill our contractual obligations to you, such as delivering professional services.

2.3 Legitimate Interests (Article 6(1)(f))

When processing is necessary for our legitimate business interests, such as improving our services, fraud prevention, and network security, provided these interests do not override your fundamental rights.

2.4 Legal Obligation (Article 6(1)(c))

When processing is required to comply with legal obligations, such as tax and accounting requirements.

3. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

3.1 Right to Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data.

3.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

3.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw that consent at any time.

3.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority in your EU member state.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: gdpr@increscotech.com
  • Subject Line: "GDPR Data Subject Request"
  • Include: Your full name, email address, and specific request

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of the extension.

5. Data Processing Activities

5.1 Categories of Personal Data

  • Identity data (name, title)
  • Contact data (email, phone, address)
  • Professional data (company, job title)
  • Technical data (IP address, browser type, device information)
  • Usage data (website interactions, preferences)
  • Marketing data (communication preferences)

5.2 Purposes of Processing

  • Providing and managing our services
  • Customer relationship management
  • Marketing and communications (with consent)
  • Website analytics and improvement
  • Security and fraud prevention
  • Legal compliance

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Client data: Duration of contract + 7 years (legal requirement)
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months
  • Job applications: 12 months after application

7. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules where applicable

8. Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

10. Third-Party Processors

We work with carefully selected third-party processors who are contractually bound to process data only on our instructions and in compliance with GDPR. We conduct due diligence on all processors.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.

12. Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

13. Updates to This Policy

We may update this GDPR compliance statement from time to time. Material changes will be communicated to affected individuals.

14. Contact and Complaints

For GDPR-related inquiries or complaints:

You also have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities can be found at: https://edpb.europa.eu

Back to Home