AAP Overseas Portal

GDPR Compliance

Your data rights under the General Data Protection Regulation

AAP Overseas Portal is committed to protecting the privacy and personal data of all our users, including those in the European Union. This page explains how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to:

  • Organizations operating within the European Union (EU)
  • Organizations offering goods or services to EU residents
  • Organizations monitoring the behavior of EU residents

GDPR gives individuals greater control over their personal data and imposes strict requirements on organizations that process such data.

Legal Basis for Processing Your Data

We process your personal data under the following legal bases:

Consent (Article 6(1)(a))

When you create an account and provide personal information, you give us explicit consent to process your data for membership purposes.

Contractual Necessity (Article 6(1)(b))

Processing is necessary to fulfill our membership agreement with you, including verifying your identity and providing portal services.

Legitimate Interests (Article 6(1)(f))

We may process data based on our legitimate interests in operating and improving our portal, preventing fraud, and ensuring security.

Legal Obligation (Article 6(1)(c))

In some cases, we are legally required to process your data, such as for tax purposes or to comply with legal requests.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

Also known as "right to be forgotten." You can request deletion of your personal data in certain circumstances.

Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

Right to Restrict Processing

You can request limitation of processing of your personal data in certain situations.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing.

How to Exercise Your Rights

To exercise any of your GDPR rights, please:

  1. Send an email to gdpr@aapoverseas.org
  2. Include your full name and registered email address
  3. Clearly state which right you wish to exercise
  4. Provide any additional information to help us verify your identity

Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months and will inform you of the extension and reasons.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure GDPR compliance:

  • Data Minimization: We collect only the data necessary for specific purposes
  • Encryption: All data is encrypted in transit (SSL/TLS) and at rest
  • Access Controls: Strict authentication and role-based access controls
  • Regular Audits: Periodic security audits and vulnerability assessments
  • Data Breach Procedures: Established protocols for breach notification within 72 hours
  • Staff Training: Regular training on data protection and GDPR compliance
  • Privacy by Design: Privacy considerations integrated into system development
  • Data Processing Agreements: Contracts with third-party processors ensure GDPR compliance

International Data Transfers

Our servers are located in regions that may be outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions by the EU
  • Binding Corporate Rules where applicable
  • Your explicit consent for specific transfers

We work only with service providers who demonstrate adequate data protection standards.

Data Retention Periods

We retain your personal data only for as long as necessary:

  • Active Membership Data: While your membership is active and for 2 years after termination
  • Financial Records: 7 years for tax and accounting purposes
  • Identity Documents: While your account is active or as required by law
  • Communications: 3 years unless there's a legal requirement for longer retention
  • Logs and Analytics: 2 years maximum

After retention periods expire, we securely delete or anonymize your data.

Right to Lodge a Complaint

If you believe we have not complied with GDPR or your data protection rights, you have the right to lodge a complaint with a supervisory authority. You can contact:

  • Your local Data Protection Authority (DPA) in the EU member state where you reside or work
  • The supervisory authority where the alleged infringement occurred

However, we encourage you to contact us first so we can address your concerns directly.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO for any questions or concerns about data protection:

Email: dpo@aapoverseas.org

Address: Data Protection Officer, AAP Overseas, New Delhi, India

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated page and updating the last updated date.

Contact Us

For any questions about GDPR compliance or data protection:

GDPR Inquiries: gdpr@aapoverseas.org

Data Protection Officer: dpo@aapoverseas.org

General Contact: contact@aapoverseas.org

Phone: +91 123 456 7890

← Back to Home