Skip to content
IMAST

GDPR Compliance

Last updated: March 2026

Last updated: March 2026

1. Our Commitment to GDPR

IMAST Operations Private Limited is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This page explains how we meet our obligations as both a data controller and data processor.

2. Roles

  • Controller: IMAST acts as controller for data we collect directly (account info, website analytics, marketing)
  • Processor: IMAST acts as processor for Customer Data entered into the Platform by our clients, processing it strictly per client instructions under a Data Processing Agreement (DPA)

3. Legal Basis for Processing

  • Contract performance: Providing our SaaS services
  • Legitimate interests: Product improvement, security, fraud prevention
  • Consent: Marketing communications, non-essential cookies — withdrawable at any time
  • Legal obligation: Tax reporting, regulatory compliance

4. Data Subject Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion (“right to be forgotten”)
  • Restriction: Limit processing in certain circumstances
  • Portability: Receive your data in machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Automated decisions: Not be subject to solely automated decision-making

Submit requests to gdpr@imast.in. We respond within 30 days.

5. International Data Transfers

Primary data storage: AWS Mumbai (ap-south-1). For EU/EEA data transfers, we use Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by Transfer Impact Assessments.

6. Data Breach Notification

  • Supervisory authority notified within 72 hours of becoming aware of a breach
  • Affected data subjects notified without undue delay when the breach poses high risk
  • All breaches documented with root cause analysis and remedial actions

7. Data Protection Officer

DPO: dpo@imast.in
GDPR inquiries: gdpr@imast.in
IMAST Operations Private Limited, Indore, Madhya Pradesh 452001, India