GDPR Compliance

Data Storage, Security, and Cross-Border Transfers

For US customers, we store customer data in the US in Google Cloud Servers which are highly secure and tamper proof. Google Cloud features a layered security model, including Google Cloud's network security products that include Virtual Private Cloud, Cloud Load Balancing, Encryption, and Application Layer Transport Security to help customers define, enforce, and secure their perimeter. This is one of the most secure clouds on the Planet.
The data would not cross clients’ country/continent as we employ the servers in client’s respective country/continent (US or EU).

Satisfy the Definition of a Data Processor- "Processes Personal Data on behalf of the Controller"

We provide a software tool that allows e-commerce companies to segment and target online shoppers with personalized offerings across web, mobile, email and other channels. As such, EcomEchoTech’s processes its customers’ end-user data, thus, our customers (e-commerce companies) who are deemed as “Data Controllers” under GDPR and the end users (online shoppers) would constitute the “Data Subjects” whose rights must be protected in GDPR.

Act on Behalf of the Controller Based on Controller Authorization

We take data based on a duly executed agreement with the Data Controller. Once the agreement to process data is terminated, EcomEchoTech ceases to collect personal data from the customer’s website and the records are deleted within 24 hours from when a deletion request is made. The purposes of data processing are determined by our customers, i.e. the Data Controllers.

Appointment of a Data Privacy Officer (DPO)

EcomEchoTech co-founder, Mr. Amit Koshal is an Engineer & a lawyer and has an additional charge of being the DPO for the company. He consults with other law firms to ensure that EcomEchoTech has a robust privacy compliance and development program for the same.

Demonstrate Compliance with GDPR

We record processing activities carried out on behalf of the Data Controller. Our DPO (Adv. Amit Koshal) is open for any and all types of questions regarding data privacy.

Processing Personal Data- Purpose Limitation

EcomEchoTech collects data which may be used to analyse user behaviour and to provide personalized experiences. EcomEchoTech does not combine any customer collected data with data collected from other customers, does not determine the purpose of processing, and does not share data with third parties except where required to by law.

Lawfulness, Fairness and Transparency

EcomEchoTech collects and processes Personal Data lawfully and is transparent with its customers about its processing activities.

Appointment of a Data Privacy Officer (DPO)

Appointment of a Data Privacy Officer has been done since the inception of the company.

Demonstrate Compliance with GDPR

We record processing activities carried out on behalf of the Data Controller. Our DPO is open for any and all types of questions regarding data privacy.