Ayzen Private Limited
Brand: Ayzen Creatives
Effective Date: March 15, 2026
1. Introduction
Ayzen Private Limited, operating as Ayzen Creatives, is committed to maintaining robust information security to protect Client data, project assets, and operational systems. This Policy describes our technical and organisational measures and compliance with the EU GDPR and applicable U.S. data protection standards.
2. Security Commitment
We take a risk-based approach to information security, including:
- Regular risk assessment and mitigation.
- Continuous monitoring of systems and access logs.
- Prompt response to identified vulnerabilities or incidents.
- Staff training and awareness on information security best practices.
3. Access Control
- Client files are accessible only to personnel directly working on the relevant project.
- Role-based access controls (RBAC) are implemented across all systems.
- Strong password policies and multi-factor authentication (MFA) for critical systems.
- Access credentials are reviewed and revoked promptly upon staff departure or role change.
4. Data Storage and Encryption
- Data at rest: encrypted using AES-256 or equivalent.
- Data in transit: encrypted using TLS 1.2 or higher.
- Storage in reputable cloud infrastructure facilities with physical security controls.
5. Confidentiality of Client Assets
All Client files and project materials are treated as strictly confidential:
- Accessible only to personnel working on the relevant project.
- Not shared with third parties without the Client’s explicit written consent.
- Retained only as long as necessary, then securely deleted.
6. Incident Response and Breach Notification
We maintain an Incident Response Plan. In the event of a personal data breach:
- EU/EEA Clients: The Company notifies the Client within 72 hours as required by Art. 33 GDPR. The relevant Data Protection Authority (DPA) is notified where required.
- USA Clients: Notifications are made per applicable U.S. state breach notification laws.
- All breaches are logged, investigated, and remediated with corrective action.
7. Third-Party and Vendor Security
All third-party vendors with access to Client data are required to:
- Enter into data processing agreements with equivalent security standards.
- Comply with applicable data protection laws.
- Undergo periodic security reviews.
8. Business Continuity
- Critical data is backed up regularly and backup integrity is tested periodically.
- Business continuity procedures ensure continued service delivery during disruptions.
9. GDPR Compliance (EU/EEA)
- Privacy by design and by default principles.
- Documented data processing records (Art. 30 GDPR).
- Data subject rights procedures (Arts. 15–22 GDPR).
- Data Protection Impact Assessments (DPIAs) for high-risk processing.
10. U.S. Compliance
- California Consumer Privacy Act (CCPA) and CPRA.
- Applicable state-level data protection regulations.
- FTC guidelines on data security.
11. Policy Review
This Policy is reviewed at least annually or upon material regulatory or operational changes. Clients will be notified of material updates.
12. Reporting Security Concerns
To report a security vulnerability or concern:
Ayzen Private Limited | Ayzen Creatives | Email: info@ayzencreatives.com | Website: www.ayzencreatives.com
Address: Ayzen Private Limited, [Registered Office Address]
