GDPR Compliance

Learn how Geinforce Technology protects your data rights and complies with the General Data Protection Regulation.

Last Updated: May 15, 2024

1. Introduction

At Geinforce Technology ("Geinforce," "we," "our," or "us"), we are committed to protecting the privacy and security of your personal data. This GDPR Compliance Statement outlines how we comply with the European Union's General Data Protection Regulation (GDPR) and your rights under this regulation.

The GDPR is a comprehensive data protection law that applies to organizations operating within the EU as well as organizations outside the EU that offer goods or services to individuals in the EU. It strengthens the protection of personal data and gives individuals greater control over their data.

This statement should be read alongside our Privacy Policy, which provides detailed information about how we collect, use, share, and protect your personal information.

GDPR Compliance Badge

GDPR Compliant

Geinforce is fully committed to GDPR compliance. Our internal processes, platform, and services are designed with data protection as a priority.

2. Your Rights Under GDPR

The GDPR provides individuals in the EU with the following rights regarding their personal data:

Right to Information

You have the right to be informed about the collection and use of your personal data, including the purpose of processing, retention periods, and who the data will be shared with.

How to exercise: Information about our data practices is provided in our Privacy Policy.

Right of Access

You have the right to access your personal data and receive information about how we process it.

How to exercise: Submit a request through your account settings or contact us at [email protected].

Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete.

How to exercise: Most information can be updated directly in your account settings. For assistance, contact [email protected].

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in certain circumstances.

How to exercise: You can delete your account from your account settings or contact [email protected] with your request.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

How to exercise: Contact [email protected] with your specific request.

Right to Data Portability

You have the right to obtain and reuse your personal data across different services in a structured, commonly used, and machine-readable format.

How to exercise: Contact [email protected] to request an export of your data.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including direct marketing.

How to exercise: You can opt out of marketing communications through the unsubscribe link in our emails or by contacting [email protected].

Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.

How to exercise: Geinforce does not currently make automated decisions that have legal or similarly significant effects on individuals.

We are committed to facilitating the exercise of these rights. We will respond to your requests within one month, which may be extended by two further months when necessary, taking into account the complexity and number of requests.

3. Lawful Basis for Processing Data

Under the GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on include:

3.1 Contract

We process your personal data as necessary to fulfill our contractual obligations to you, such as providing our services after you sign up for an account.

3.2 Consent

Where required by law, we process your personal data based on your consent, such as for certain marketing communications or optional features. You can withdraw your consent at any time.

3.3 Legitimate Interests

We process certain data based on our legitimate interests, such as improving and securing our services, provided that these interests are not overridden by your rights and freedoms.

3.4 Legal Obligation

We process personal data as necessary to comply with applicable laws and regulations.

3.5 Processing of Special Categories of Data

Geinforce does not generally collect or process special categories of personal data (sensitive data) as defined by the GDPR. In the rare cases where such data might be processed (e.g., for specific research purposes), we would only do so with explicit consent or under another valid legal basis.

Research Data Processing

While we process molecular structures and other research data submitted to our platform, we do not consider these to be personal data unless they can be linked to an identified or identifiable natural person. However, we still apply high security standards to all data processing operations.

4. International Data Transfers

As a global company headquartered in India, Geinforce may transfer personal data internationally. We ensure that any international transfers of personal data comply with the GDPR through the following mechanisms:

4.1 Standard Contractual Clauses (SCCs)

We implement the Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards for data transfers outside the EEA.

4.2 Adequacy Decisions

When transferring data to countries that have received an adequacy decision from the European Commission, we rely on those decisions as a legal basis for transfer.

4.3 EU-US Data Privacy Framework

For transfers to certain US-based service providers, we ensure they participate in the EU-US Data Privacy Framework, where applicable.

4.4 Additional Safeguards

Following the Schrems II decision by the Court of Justice of the European Union, we implement additional safeguards as necessary, including:

  • Data minimization and encryption
  • Technical measures to prevent unauthorized access
  • Contractual commitments from our processors regarding government access requests

If you have questions about our international data transfer practices or wish to obtain a copy of the safeguards we implement, please contact our Data Protection Officer at [email protected].

5. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

5.1 Technical Measures

  • Encryption of personal data both in transit (using TLS) and at rest
  • Multi-factor authentication for accessing our systems
  • Regular security testing, including vulnerability scanning and penetration testing
  • Intrusion detection and prevention systems
  • Regular system updates and security patches
  • Data loss prevention controls

5.2 Organizational Measures

  • Comprehensive information security policies and procedures
  • Regular employee training on data protection and security
  • Restricted access to personal data on a need-to-know basis
  • Data protection impact assessments for high-risk processing activities
  • Incident response plans and procedures
  • Regular audits and assessments of our security measures

5.3 Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay and within 72 hours of becoming aware of the breach. We will also notify affected individuals directly when the breach is likely to result in a high risk to their rights and freedoms.

6. Data Processing Agreement

When we process personal data on behalf of our customers (e.g., when customers upload data to our platform), we act as a data processor. In these cases, we provide a Data Processing Agreement (DPA) that outlines our responsibilities and commitments in accordance with Article 28 of the GDPR.

6.1 Key Elements of Our DPA

  • Processing data only according to the customer's documented instructions
  • Implementing appropriate security measures
  • Assisting customers in fulfilling their obligations to data subjects
  • Assisting with data protection impact assessments and prior consultations
  • Deleting or returning data at the end of the service provision
  • Contributing to audits and inspections
  • Ensuring subprocessors provide the same level of data protection

If you are a customer and need a copy of our Data Processing Agreement, please contact us at [email protected].

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our specific retention periods are outlined in our Privacy Policy.

7.1 Retention Criteria

We consider the following criteria when determining how long to retain data:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data and whether we can achieve those purposes through other means
  • Legal, regulatory, and contractual requirements

7.2 Account Data

We retain your account data for the duration of your account. After account deletion, we retain certain information for a limited period to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Protect against fraudulent activity

7.3 Research Data

Retention of molecular structures and analysis results depends on your subscription plan:

  • Free accounts: Data retained for 90 days
  • Paid accounts: Data retained for the duration of the subscription
  • Enterprise accounts: Custom retention periods available

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. In accordance with the GDPR and the ePrivacy Directive, we:

  • Obtain consent before placing non-essential cookies
  • Provide clear and comprehensive information about the cookies we use
  • Make it easy for users to withdraw consent and manage cookie preferences
  • Only use strictly necessary cookies without consent

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. Currently, there is no standard for how online services should respond to these signals. Geinforce does honor these signals, by default disabling any tracking cookies for users with the DNT setting enabled.

9. How to Submit a Data Subject Access Request

A Data Subject Access Request (DSAR) is a request made by an individual to exercise their rights under the GDPR, such as the right to access, rectify, or erase their personal data.

9.1 Submission Process

You can submit a DSAR in the following ways:

  • Through your account settings (for certain rights)
  • By emailing [email protected]
  • By submitting the form below
  • By mail to our registered address (see Contact section)

9.2 Verification

To protect your privacy and security, we will verify your identity before fulfilling your request. We may ask you to provide additional information to confirm your identity, such as:

  • Email address associated with your account
  • Account username
  • Proof of identity (such as a copy of a photo ID)

9.3 Response Timeline

We will respond to your request within one month of receipt. If your request is complex or we receive a large number of requests, we may extend this period by up to two additional months. In this case, we will inform you of the extension within the first month and explain the reason for the delay.

Data Subject Access Request Form

10. Contact Information

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us using the information below:

Data Controller

Geinforce Technology Private Limited
Office No. 003, VBC Complex, B1 Building
Radheshwari Society, Bakori Road, Wagholi
Pune, Maharashtra 412207
India

Data Protection Officer

Email: [email protected]
Phone: +91 9834300355

EU Representative

As required by Article 27 of the GDPR, Geinforce has appointed an EU representative:

EU Data Protection Representative
Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. While you may lodge a complaint in your country of residence or place of work, our lead supervisory authority is:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland