Skip to main content

Data Protection Regulation

Nirmalya prioritizes data security and privacy, ensuring its own and its customers' compliance with the General Data Protection Regulation as it takes effect. By complying with GDPR, Nirmalya assists its customers in attaining their compliance status; however, it emphasizes that compliance remains a collective responsibility.

Nirmalya is steadfast in its commitment to aid customers in meeting GDPR requirements and actively works on improvements to uphold its own and customers' compliance.

Personal Data

Personal Data lies at the core of Compliance, encompassing a vast array of information. The definition of personal data is extensive, including but not limited to name, email address, phone number, physical address, device identifiers such as IP addresses, geolocation details, health records, financial information, age, date of birth, and more. It's important to recognize that even if data, such as an individual's name or email address, is publicly accessible through searches or other records, it still falls within the scope of personal data safeguarded by the Compliance. In situations where organizations are unsure whether data connected to an individual or their device qualifies as personal data, it is generally advised to treat it as such.


A controller refers to an establishment responsible for overseeing the collection, utilization, processing, disclosure, and maintenance of personal data, while adhering to specific objectives. For instance, if a company directly gathers personal data from an individual, or obtains it through a third party acting on behalf of the company, the company typically assumes the role of the controller.


Processing refers to any action carried out on personal data, regardless of whether it is automated or not. These actions encompass the gathering, recording, arranging, structuring, storing, modifying, retrieving, consulting, utilizing, transmitting, sharing, synchronizing, merging, limiting, erasing, or destroying of personal data. Virtually any activity involving personal data can be categorized as processing.


A processor, in the context of data protection, refers to an entity that carries out various operations on personal data. These operations include collection, storage, usage, and disclosure of data, all done exclusively on behalf of a controller. Moreover, the processor strictly abides by the instructions provided by the controller when performing these tasks.

Nirmalya is dedicated to aiding our customers in ensuring adherence to the diverse requirements pertinent to their business operations. We consistently keep track of evolving regulations and industry norms to refine our offerings, agreements, and materials. This enables us to effectively support our customers and help them meet their legal obligations.