GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law in the European Union (EU) that regulates how personal data is collected, handled, and protected.

At Devopstrio, we prioritize the trust, security, and privacy of our global client network. We are fully aligned with the requirements of the GDPR. We ensure that all personal data belonging to EU citizens and residents processed by our co-engineering pipelines, cloud orchestration platforms, and consulting teams is handled with the highest standards of confidentiality, integrity, and safety.

All personal data processing activities conducted by Devopstrio adhere strictly to the fundamental principles set forth in Article 5 of the GDPR:

• Lawfulness, Fairness, and Transparency: We process data lawfully and fair, explaining all data collection operations clearly.
• Purpose Limitation: Personal data is collected only for specified, explicit, and legitimate business purposes, and is not processed in a manner incompatible with those intentions.
• Data Minimization: We limit personal data collection to what is strictly necessary in relation to the purposes for which they are processed.
• Accuracy: We take every reasonable step to ensure inaccurate personal data is erased or corrected without delay.
• Storage Limitation: Data is kept in a form which permits identification of data subjects for no longer than is necessary.
• Integrity and Confidentiality: We handle data using appropriate technical and organizational security measures to prevent accidental loss, damage, or unauthorized access.

Under the GDPR, individuals residing in the European Economic Area (EEA) have specific enforceable rights regarding their personal data:

To submit a Data Subject Access Request (DSAR), please contact our DPO at dpo@devopstrio.com. We will respond to your request within 30 days.

Depending on how we interact with your data, Devopstrio operates under two legal statuses:

• As a Data Controller: We act as a controller for the personal data of our website visitors, newsletter subscribers, job applicants, and client account managers. In these cases, we determine the purposes and means of processing.
• As a Data Processor: We act as a processor when rendering engineering, DevOps, and cloud services for our enterprise clients. In this capacity, we process personal data strictly in accordance with the client's documented instructions and the executed Data Processing Agreement (DPA).

Devopstrio is a global company. In order to provide continuous 24/7 technical engineering, support, and consulting services, personal data may be accessed or processed by our personnel in engineering centers located outside the EU/EEA (such as in the USA and India).

To ensure all personal data receives an adequate level of protection when transferred outside the EEA, we implement:

• Standard Contractual Clauses (SCCs): We use the EU-approved Standard Contractual Clauses for transfers of personal data to controllers and processors established in third countries.
• Supplementary Measures: We apply supplementary security measures, such as encryption before transmission, to shield the data from unauthorized access in transit.

To comply with Article 32 of the GDPR, we have implemented state-of-the-art technical and organizational measures to ensure a level of security appropriate to the risks of data processing:

• Data Encryption: Encryption of all personal data in transit using TLS 1.3 and at rest using AES-256.
• Access Control: Implementing strictly enforced multi-factor authentication (MFA) and Least-Privilege access profiles.
• Security Auditing: Regular vulnerability scanning, internal network pen-testing, and SOC 2 Type II audit alignments.
• Employee Training: Mandatory annual security and privacy compliance training for all Devopstrio developers and engineers.

Devopstrio works with third-party service providers (sub-processors) to deliver cloud hosting, CRM services, and website analytics. All sub-processors are vetted for security and are required to enter into DPAs that match our GDPR commitments.

Devopstrio has appointed a dedicated Data Protection Officer to supervise compliance with data protection laws and serve as a direct point of contact for regulatory bodies and data subjects.