GDPR Policy

GDPR At Mastroke

Effective compliance addresses data privacy and security requirements no matter where your business is located, or what industry you belong to. At Mastroke we optimize business value from our products and services by adhering to necessary standards and policies. Hence, our cloud ecosystem is capable of providing a robust and scalable structure for safe processing of your, and your customer's data. All our products are GDPR compliant and come with in-built features that help you meet your compliance needs. GDPR-ready features in all Mastroke products are made available to all our customers worldwide. This means GDPR recommended principles for privacy and security of personal data have been extended to customers even outside the EU.

GDPR compliance practices at Mastroke is supported by 3 principles:


Deliver business value by optimizing service efficiency with secure and scalable systems for collecting, storing and processing data.


Increase customer and partner awareness on regulation requirements, ensuring consistent application of data protection measures.


Drive business performance through continuous improvement, best practices and innovation.

Our comprehensive GDPR program is supported by key privacy principles:

Principles What It Means Mastroke
Data collection, storage & processing
Collect data, only for the purpose its needed for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
Mastroke products provide the convenience of enforcing your company’s defined limitations/policies through the product itself.
Right to rectification
Data controllers must ensure information remains accurate, valid and fit for purpose. To comply with this, organizations must institute a process and policies in place to address this right.
If our customer reaches out requesting correction of their data by contacting our Data Protection officer, we acknowledge and revert with total honesty.
Right to portability
Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format. They have the right to transmit this data to another vendor/company of their choice without hindrance from the existing vendor/company.
Our products directly assist our customer’s need to meet ‘right to portability’ requests from their customers.
Limitation to storage
To ensure compliance, organizations must have control over storage and movement of data. This includes implementing and enforcing data retention policies and not allowing data to be stored in multiple places.
Since all our data are stored on cloud in such a way that data cannot be duplicated over multiple places and also have retention policy.
Right to be forgotten
Data subjects can request erasure of all personal data concerning them. And, the company/business has the obligation to erase all personal data of that individual without undue delay.
If our customer reaches out requesting correction of their data by contacting our Data Protection officer, we acknowledge and revert with total honesty.
Confidential and secure
Businesses must protect the integrity and privacy of data by making sure it's secure. An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.
Mastroke regularly evaluates enforcement of - security policies, utilization of dynamic access controls, identity verification of those accessing data, and implementation of protection mechanisms against data breach. Relevant certifications include ISO 27001, SOC II compliant.
Accountability and liability
Organizations must be able to demonstrate to governing bodies that they have taken necessary steps to protect an individual’s personal data. Be sure every step within the GDPR strategy can be pulled up as evidence.
Mastroke maintains an audit trail to enable you to provide evidence of appropriate actions taken on an individual’s request.

Some aspects of the GDPR program at Mastroke

Individual Rights, Subject Access, and Communication

Mastroke GDPR program thoroughly evaluates how Mastroke, both as a data controller and processor is placed with its existing procedures for readiness to:
  • provide rights of individuals under GDPR and,
  • assist customers in responding to data access requests from individuals.

Lawful processing

Mastroke GDPR program emphasizes on transparency of data processed by establishing processes that help easily respond to requests from customers wanting to know what data Mastroke has about them. Information of what data is collected, stored and processed can be obtained from our Privacy Policy.


Our leaders commit to support and provide guidelines for data protection compliance through a framework of standard policies and procedures. Mastroke defines metrics for monitoring and governing health of the privacy notice which is independently run under the direct control of the Management Steering Committee.

Customer's Personal Data with Mastroke

Mastroke delivers on our customer’s privacy objective by maintaining processing records of customer’s data. Periodic and need based Privacy Impact Analysis (PIA) across data flow and process maps aids in keeping our program aligned with ever changing business and technology landscapes.

Privacy by Design and Default

Programs, projects, and processes at Mastroke are aligned to privacy principles right from inception of an idea or project, thereby supporting Privacy by Design and Default principles.

Data Hosting

Mastroke ensures data is hosted within centers qualified by global IT standards and regulations.

List of sub-processors

Mastroke GDPR program ensures any 3rd party vendor/sub-processors is also accountable for protection of an individual’s personal data. These obligations are established by way of contracts that also include providing sufficient guarantee to implement appropriate technical and organizational measures as specified in the Regulation.

Mastroke Commitment to GDPR

GDPR enforces cross-border data protection mechanisms for businesses with operations in multiple EU member states. Further, GDPR governs data protection issues for all global businesses processing personal data.
Mastroke is committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The enforcement of GDPR is critical to our mission of providing the EU and all our global customers with a safe and dependable business software suite. In support of this commitment, Mastroke extends the same level of privacy and security to all its customers worldwide, irrespective of location.


Users have certain rights under the General Data Protection Regulation (“GDPR”):
  • Right to know : You have the right to request to know more about the categories and specific pieces of personal information that we have collected about you and access a copy of your personal information.
  • Right to deletion : You have the right to request deletion of personal information that we have collected about you.
  • Right to non-discrimination : If you choose to exercise any of your rights under GDPR, we will treat you like all other users. In other words, there is no penalty for exercising your rights under GDPR.
  • Right to opt-out : You have the right to opt-out of the sale of your personal information. We do not sell personal information. However, the Service Providers we partner with (for example, our advertising partners) may use technology on the Service that “sells” personal information as defined by the GDPR. If you wish to opt-out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under GDPR law, you may do so by following the instructions below. Please note that any opt out is specific to the browser you use. You may need to opt out on every browser that you use.
To exercise any of these rights under GDPR, please email at

    Leave your  details  here

    We will get back to you soon

    [cf7mls_step cf7mls_step-1 "Continue" ""]

    [cf7mls_step cf7mls_step-2 "Back" "Step 2"]