Effective Date: 01st of Jan 2025 | Last Updated: 14th of Nov 2025

Cybit Technologies Private Limited (“Cybit Technologies,” “we,” “us,” or “our”) is fully committed to complying with the European Union’s General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This statement outlines the key principles, procedures, and measures we have implemented to ensure the privacy, integrity, and protection of personal data collected, processed, or stored during the course of our business operations.

1. Our Commitment to Data Protection

Cybit Technologies recognizes the importance of protecting personal data and upholding the privacy rights of individuals. We have implemented internal policies, technical controls, and staff training to ensure that all processing of personal data is lawful, fair, transparent, and secure.

2. Our Role Under GDPR

• As a Data Controller, Cybit Technologies determines the purpose and means of processing personal data collected through our website, recruitment activities, and client relationships.
• As a Data Processor, we process personal data on behalf of our clients during software development, IT projects, or staff augmentation assignments, following their documented instructions and maintaining full confidentiality.

3. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases as defined in Article 6 of the GDPR:

• Contractual necessity – to perform contractual obligations with clients, employees, and vendors.
• Legitimate interests – to operate, improve, and secure our services, ensuring effective communication and project management.
• Consent – when individuals explicitly agree to receive marketing communications or participate in recruitment processes.
• Legal obligation – to comply with applicable laws, audits, or regulatory requirements.

4. Principles of GDPR Compliance

Our approach to data protection aligns with the seven key principles of the GDPR:

• Lawfulness, fairness, and transparency: We process data legally and clearly communicate our data practices.
• Purpose limitation: Data is collected for specified, legitimate purposes and not used for unrelated activities.
• Data minimization: Only the data necessary for stated purposes is collected.
• Accuracy: We ensure that data is kept accurate and up to date.
• Storage limitation: Data is retained only as long as necessary for business or legal reasons.
• Integrity and confidentiality: We implement technical and organizational security measures to protect data.
• Accountability: We maintain records of processing activities and demonstrate compliance upon request.

5. Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data:

• Right to access and obtain a copy of their data.
• Right to rectify inaccurate or incomplete information.
• Right to erasure (“right to be forgotten”).
• Right to restrict processing in certain circumstances.
• Right to data portability.
• Right to object to processing, including for direct marketing.
• Right to withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, individuals may contact us at sales@cybittech.com. We will respond in accordance with GDPR timelines and requirements.

6. Data Security and Technical Measures

We use appropriate administrative, technical, and physical controls to safeguard personal data, including:

• Data encryption and secure transmission protocols (SSL/TLS).
• Access control and role-based permissions.
• Regular security testing, audits, and monitoring.
• Data backup and disaster recovery procedures.
• Employee training on confidentiality and data protection best practices.

7. Data Transfers Outside the EEA

Where personal data is transferred outside the European Economic Area (EEA), Cybit Technologies ensures that such transfers are lawful and protected through one or more of the following mechanisms:

• EU Standard Contractual Clauses (SCCs).
• Data processing agreements with adequate safeguards.
• Transfers to countries recognized by the European Commission as providing an adequate level of data protection.

8. Data Retention Policy

Personal data is retained only as long as necessary to fulfill its intended purpose, comply with legal obligations, or meet business needs. Once no longer required, data is securely deleted or anonymized in accordance with our retention policy.

9. Data Breach Notification

In the unlikely event of a personal data breach, Cybit Technologies will promptly assess the risk to individuals and, where required, notify the relevant supervisory authority within 72 hours. We will also communicate directly with affected individuals if the breach is likely to result in a high risk to their rights or freedoms.

10. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with GDPR and other applicable privacy laws.

Data Protection Officer (DPO):
Name: Kunal V
Email: sales@cybittech.com

11. Updates to This Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our data protection practices or legal requirements. The updated version will always be available on this page, with the revised “Effective Date.”

12. Contact Us

If you have questions about this statement or how we handle personal data, please contact:

Cybit Technologies Private Limited
Email: sales@cybittech.com

© 2025 Cybit Technologies Private Limited. All Rights Reserved.