GDPR Compliance Statement
PRANA is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy and personal data of our users. This page outlines our GDPR compliance measures and your rights under the regulation.
Legal Basis for Processing
We process personal data under the following legal bases:
Legitimate Interest
We process data for our legitimate business interests, including:
- Providing and improving our services
- Ensuring platform security and preventing fraud
- Analyzing usage patterns to enhance user experience
- Communicating important updates and announcements
Consent
We process data based on your explicit consent for:
- Marketing communications
- Non-essential cookies and tracking
- Social media integration
- Optional profile information
Contract Performance
We process data necessary to perform our contract with you, including providing tree planting services, community management, and PRAN reward distribution.
Your Rights Under GDPR
Right of Access
You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data and information about:
- The purposes of processing
- The categories of personal data concerned
- The recipients or categories of recipients
- The retention period or criteria for determining it
Right to Rectification
You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update your profile information directly through your account settings.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the original purpose
- You withdraw consent and there is no other legal basis
- The data has been unlawfully processed
- Deletion is required to comply with a legal obligation
Right to Restrict Processing
You have the right to restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes or for processing based on legitimate interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless such processing is necessary for contract performance or based on your explicit consent.
Data Protection Measures
Technical Safeguards
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication systems
- Secure data storage and backup procedures
- Network security and monitoring
Organizational Safeguards
- Data protection training for all employees
- Privacy by design principles
- Regular privacy impact assessments
- Data minimization practices
- Incident response procedures
Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Adequacy decisions by the European Commission
- Standard contractual clauses
- Binding corporate rules
- Certification schemes and codes of conduct
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account data: Until account deletion or 3 years of inactivity
- Tree planting data: 7 years for audit and compliance purposes
- Communication data: 3 years from last contact
- Analytics data: 2 years in anonymized form
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:
- Email: [email protected]
- Address: CarbonX Agri Private Limited, D303, Vertex Plesant apt, Nizampet Road, Hyderabad - 500038
Exercising Your Rights
To exercise any of your GDPR rights, please contact us using one of the following methods:
- Email: [email protected]
- Account settings: Update your preferences directly
- Help Center: Submit a request at prana.green/help
We will respond to your request within one month of receipt. If we need more time, we will inform you of the reason and the expected timeframe.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can find your local supervisory authority at the European Data Protection Board website.
Updates to This Policy
We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes and update the "Last updated" date.