1. Introduction
ROR India is committed to protecting the privacy and personal data of all our users, including those located in the European Union (EU) and European Economic Area (EEA). This GDPR Compliance page explains how we comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and your rights under this regulation.
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018, and applies to organizations that process personal data of individuals in the EU/EEA, regardless of where the organization is located.
2. Our Commitment to GDPR
We are committed to:
- Processing personal data lawfully, fairly, and transparently
- Collecting data only for specified, explicit, and legitimate purposes
- Ensuring data is adequate, relevant, and limited to what is necessary
- Keeping data accurate and up to date
- Retaining data only for as long as necessary
- Implementing appropriate technical and organizational measures to protect data
- Respecting and facilitating your data protection rights
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal bases:
3.1 Consent
We process your data when you have given clear consent for specific purposes, such as:
- Marketing communications and newsletters
- Job alerts and notifications
- Non-essential cookies
You can withdraw your consent at any time by contacting us or using the unsubscribe links in our communications.
3.2 Contract Performance
We process your data to perform our contract with you, including:
- Creating and managing your account
- Facilitating job applications
- Providing our core services
3.3 Legitimate Interests
We process data based on our legitimate interests, such as:
- Improving our services and user experience
- Preventing fraud and ensuring security
- Analyzing website usage and performance
3.4 Legal Obligations
We process data to comply with legal obligations, such as tax requirements, employment law, and responding to legal requests.
4. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
4.1 Right of Access (Article 15)
You have the right to obtain confirmation as to whether we process your personal data and, if so, access to that data and information about how it is processed.
4.2 Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
4.3 Right to Erasure ("Right to be Forgotten") (Article 17)
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the original purpose
- You withdraw consent and there is no other legal basis
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required to comply with a legal obligation
4.4 Right to Restrict Processing (Article 18)
You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
4.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
4.6 Right to Object (Article 21)
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
4.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.
4.8 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
5. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
- Email: privacy@rorindia.com
- Subject Line: "GDPR Request - [Your Right]"
- Include: Your name, email address, and a clear description of your request
We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by up to two additional months, and we will inform you of any such extension.
We may need to verify your identity before processing your request to ensure the security of your personal data.
6. Data Transfers Outside the EU/EEA
Your personal data may be transferred to and processed in countries outside the EU/EEA, including India and the United States. When we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses: Approved by the European Commission
- Adequacy Decisions: Transfers to countries with adequate data protection laws
- Binding Corporate Rules: Internal policies ensuring consistent data protection
We take all necessary steps to ensure your data receives an adequate level of protection in accordance with GDPR requirements.
7. Data Protection Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data encryption in transit (SSL/TLS) and at rest
- Access Controls: Limited access to personal data on a need-to-know basis
- Security Monitoring: Regular security assessments and monitoring
- Data Minimization: Collecting only necessary data
- Regular Backups: Secure backup and recovery procedures
- Staff Training: Regular training on data protection and privacy
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:
- The purpose for which the data was collected
- Legal and regulatory requirements
- Statutory limitation periods
- Legitimate business needs
When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Inform you without undue delay if the breach poses a high risk to your rights and freedoms
- Provide clear information about the nature of the breach and steps we are taking to address it
10. Data Protection Officer
While we may not be required to appoint a Data Protection Officer (DPO) under GDPR, we have designated a privacy contact person to handle data protection matters. You can contact our privacy team at:
11. Supervisory Authority
If you are located in the EU/EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. You can find your supervisory authority at:
European Data Protection Board - List of Supervisory Authorities
12. Children's Data
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.
13. Updates to This Policy
We may update this GDPR Compliance page from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes and update the "Last Updated" date.
14. Contact Us
If you have any questions, concerns, or requests regarding GDPR compliance or your data protection rights, please contact us:
We are committed to responding to your inquiries promptly and addressing any concerns you may have about your personal data.
