General Data Protection Regulation (GDPR) Policy

Introduction

The EU General Data Protection Regulation (GDPR) came into force across the European Union on May 25, 2018, introducing significant changes to data protection laws. Built on the principles of privacy by design and a risk-based approach, GDPR is designed to address the challenges of the digital age.

Our Commitment

Callisto Media Private Limited and its subsidiaries are committed to ensuring the security and protection of personal information that we process. We maintain a robust data protection program that complies with existing laws and aligns with GDPR requirements. Our approach includes updating policies, implementing security measures, and training employees to uphold compliance.

GDPR Compliance Preparation

    While we have always maintained strong data protection standards, we have taken additional steps to ensure full compliance with GDPR. These include:
  • Information Audit – Conducting a company-wide review to assess what personal data we collect, its source, purpose, and disclosure process.
  • Lawful Processing – Ensuring all data processing activities are carried out lawfully, with explicit consent obtained where required.
  • Records of Processing – Maintaining documentation of data processing activities, including categories of data, processing purposes, and recipients.
  • Security Measures – Implementing organizational and technical safeguards, such as Encryption and pseudonymization of personal data, Ensuring continuous confidentiality, integrity, and availability of processing systems, Regular security testing and evaluations.
  • Data Breach Management – Establishing procedures to identify, assess, investigate, and report personal data breaches promptly.
  • International Data Transfers – Securing personal data stored or transferred outside the EU through encryption and compliance measures.
  • Subject Access Requests (SARs) – Revising our procedures to comply with the 30-day timeframe for responding to SARs, ensuring transparency and accessibility.

Legal Basis for Processing

We evaluate all processing activities to ensure they are legally justified under GDPR, including:
  • Consent – Obtaining clear, informed consent where applicable.
  • Legitimate Interests – Processing data where necessary for business operations while respecting individual rights.
  • Contractual Necessity & Compliance – Processing data required for contractual obligations or legal compliance.

Privacy Notice & Consent

We have revised our Privacy Policy to provide clear, accessible information regarding:
  • The personal data we collect and process.
  • The purpose of data processing.
  • Data retention periods and rights to erasure.
  • Third-party disclosures and safeguards in place.
  • Options for individuals to manage and withdraw their consent.

Direct Marketing

Our marketing practices ensure:
  • Clear opt-in mechanisms for subscriptions.
  • Easy opt-out and unsubscribe features.
  • Compliance with GDPR standards for consent management.

Data Protection Impact Assessments (DPIA)

For high-risk processing activities, we conduct DPIAs to assess risks and implement mitigating measures. This ensures compliance with GDPR’s Article 35 requirements.

Processor Agreements

Where third parties process personal data on our behalf (e.g., payroll, recruitment, hosting), we implement GDPR-compliant agreements and conduct due diligence to ensure compliance.

Special Category Data

We process sensitive personal data only when necessary, ensuring:

Data Subject Rights

Individuals have the right to:

Information Security Measures

We implement robust security policies, including:

GDPR Compliance & Employee Awareness

Callisto Media Private Limited has appointed a Data Protection Officer (DPO) and established a data privacy team responsible for:

Contact Us

For any questions regarding GDPR compliance, please contact us at: info@callistomediab2b.com

Subscribe to our Newsletter