Executive Summary

On May 25, 2018, all the EU Members states have implemented a new data privacy and protection related regulation, General Data Protection Regulation (GDPR). The GDPR reinforces existing data protection rights of individuals in the EU, adds new ones and introduces a new “accountability” based regulatory regime.

At CELOXIS, we take compliances very seriously. For GDPR, we are working diligently to ensure that we are compliant with the rules laid out by the law and provide product functionality that enables our customers to remain compliant. In the following sections, we have outlined our approach to comply with the regulations outlined in the law.

Celoxis GDPR Compliance

At CELOXIS, we offer our clients with a very advanced project management software platform to help them plan and manage their project portfolios. The platform includes modules for resource management, budgeting, time and expense tracking, reporting and team collaboration. CELOXIS offers a choice of cloud- based (SaaS) or on-premises deployment. CELOXIS also offers a demo/trial version of our project management software platform through its website www.celoxis.com.

Because our platform and website are used by our clients for the purpose of the project management, we @ Celoxis process certain amount of personal data of our clients in the capacity of a Data Controller (for any personal information submitted on the website) as well as a Data Processor (for our clients, who submit certain personal information as a part of use of our project management platform).

Data Subject Consent

As a Data Controller, Celoxis has updated its Privacy Policies, Cookies Policy and Disclaimer for the usage of the Cookies in as per the requirements of GDPR on its website www.celoxis.com and it requires all the visitors, users of its website to provide an unequivocal consent. Celoxis also provides various rights to such users in relation modification, rectification, deletion of their data provided to Celoxis.

As a Data Processor, we also require the employees and authorised personnel of our clients to sign up using their emails to access our platform and this is achieved through our contractual engagement with our clients.

Data Subject Rights & Transfer of Data Outside EU

Celoxis has in place an article 28 GDPR-compliant data processing addendum including the EU Model Clauses to ensure an appropriate legal basis for data transfers outside the EU.

Record Keeping as per GDPR

According to Article 30 of GDPR, each processor and controller’s representative need to maintain a record of all activities pertaining the personal information of a data subject. Celoxis maintains a controller processing record as required under Article 30(1) of GDPR as well as processor processing record as required under Article 30(2) of GDPR.

Data Breach and Mitigation Process

Article of GDPR 33 says that for any potential data breach, the supervisory authority must be notified within 72 hours of occurrence. Celoxis has sufficient data monitoring mechanisms in place to become aware of any such breach. On discovery of a breach, Celoxis intends to notify the customer (controller) of the occurrence immediately, not exceeding 24 hours after the occurrence. The communication will be sent as per the guideline mentioned in Article 33. This will give sufficient time for our customers to convey the breach to the respective authorities.

Celoxis Promise on GDPR

At Celoxis, maintaining the security, integrity, safety and confidentiality of our client’s data is of a highest priority. Celoxis has already taken adequate measures to ensure that we fulfil our promise of being fully compliant with GDPR! In case you have any queries, please feel free to reach us at privacy@celoxis.com.