+1 872 219 0417help@kaisoresearch.com
Loading...

General Data Protection Regulation (GDPR) Compliance Policy

Kaiso Research and Consulting LLP

Last updated: 2 July 2025

Introduction

In today's global digital economy, personal data is created, shared, and stored at an unprecedented scale. As a firm engaged in market intelligence, consulting, and data licensing, Kaiso Research and Consulting LLP acknowledges the critical importance of safeguarding personal information and upholding the principles of responsible data governance.

In alignment with the General Data Protection Regulation (GDPR) enforced across the European Union since 25 May 2018, we have instituted comprehensive measures to ensure lawful, transparent, and accountable processing of personal data. This commitment applies to all personal data we handle, irrespective of the country or platform from which it is collected or processed.

Our Commitment to GDPR Compliance

At Kaiso Research and Consulting LLP ("Kaiso", "we", "our", or "us"), we are committed to maintaining high standards of data privacy, security, and ethical handling of personal information. Whether working with enterprise clients, research respondents, or digital audiences, we strive to process all personal data in compliance with applicable laws, including the GDPR, India's data protection regulations, and other international frameworks.

Our privacy and compliance efforts are rooted in transparency, accountability, and respect for individual rights.

Scope of Applicability

This GDPR Policy applies to:

  • Data subjects located within the European Economic Area (EEA)
  • Clients and users of our services worldwide whose data is collected, processed, or transferred by us or on our behalf
  • All employees, partners, service providers, and contractors working with or on behalf of Kaiso

Key Areas of GDPR Alignment

Kaiso Research and Consulting LLP has adopted the following steps to support GDPR compliance and responsible data practices:

1. Data Processing & Security Controls

  • We continuously refine our information security policies, aligned with best practices in encryption, access control, and breach prevention.
  • Our internal systems and procedures minimise unauthorised access, disclosure, or modification of personal data.

2. Privacy Impact & Gap Assessments

We conduct regular data privacy audits and risk assessments to evaluate our compliance posture and ensure readiness for regulatory obligations.

3. Customer Support for GDPR Readiness

  • We offer guidance to clients on data governance, data usage rights, and proper disclosures in line with GDPR standards.
  • Contractual amendments are implemented to reflect GDPR requirements for joint controllers or processors where applicable.

4. Data Subject Rights Enablement

Kaiso supports the exercise of GDPR rights, including:

  • Right to Access
  • Right to Rectification
  • Right to Erasure (Right to be Forgotten)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights related to Automated Decision Making and Profiling

We provide mechanisms to submit, verify, and respond to such requests within GDPR-defined timeframes.

5. Consent Management

  • All consents obtained for data processing are freely given, specific, informed, and unambiguous.
  • We maintain time-stamped audit trails and provide data subjects with easy opt-out mechanisms.

6. Third-Party Engagement & Data Transfers

When transferring data across borders (including outside the EEA), we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements (DPAs)
  • Due diligence on third-party sub-processors

Use of third-party platforms (e.g., Zoom, Google Forms, analytics tools) is governed by strict data-sharing protocols and compliance checks.

7. Breach Notification Protocol

In the event of a data breach affecting EEA residents, we have in place an incident response protocol that includes timely notification to relevant supervisory authorities and affected individuals, by Articles 33 and 34 of the GDPR.

8. Employee Training & Awareness

  • All Kaiso personnel undergo mandatory GDPR training, with annual refreshers covering personal data handling, consent rules, breach reporting, and data subject rights.
  • New hires receive training during onboarding, specific to their roles in sales, research, IT, or project delivery.

Our Ongoing GDPR Journey

Compliance is not a one-time activity; it is an ongoing effort. Kaiso Research and Consulting LLP maintains a dedicated privacy compliance team that oversees our GDPR initiatives, ensures alignment with evolving regulations, and fosters a culture of accountability.

We recognise that protecting personal data is a shared responsibility. We encourage our clients and partners to implement strong data practices in alignment with their legal obligations.

Your Rights and How to Contact Us

If you are a data subject protected by the GDPR and wish to exercise any of your rights under the Regulation, or if you have questions about how your data is processed, please contact our Privacy Team at:

We will respond to all legitimate requests within one month by GDPR Article 12. For complex or multiple requests, this period may be extended by two additional months.