GDPR Compliance

Last updated: 1 July 2026

This notice describes how Ozrit IT Solutions Private Limited (“Ozrit”, “we”, or “us”) complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) for users located in the European Economic Area (EEA) and the United Kingdom. For our general privacy practices, please read our full Privacy Policy.

1. Data Controller

Ozrit IT Solutions Private Limited is the Data Controller for personal data collected through the Rating Star platform. As Data Controller, we determine the purposes and means of processing your personal data. Our contact details for data protection matters are listed at the end of this notice.

2. Legal Basis for Processing

We process your personal data on the following legal grounds:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide the Rating Star services you have subscribed to, including account management, Trust Score computation, and platform features.

Legitimate Interests (Art. 6(1)(f))

Platform security, fraud prevention, service improvement, and communications about material changes to our services. We balance our interests against your rights and freedoms.

Consent (Art. 6(1)(a))

Marketing communications, optional analytics cookies, and certain data sharing. You may withdraw consent at any time without affecting lawfulness of prior processing.

Legal Obligation (Art. 6(1)(c))

Compliance with applicable laws, including financial record-keeping requirements and law enforcement requests.

3. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights. We will respond to all requests within 30 days (extendable by a further two months for complex or multiple requests, with notice given).

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, along with information about how it is processed.

Right to Rectification (Article 16)

You can ask us to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure (Article 17)

Also known as the ‘right to be forgotten’. You can ask us to delete your personal data where there is no compelling reason for its continued processing.

Right to Restriction (Article 18)

You can ask us to restrict the processing of your personal data in certain circumstances — for example, while you contest its accuracy.

Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing that significantly affects you, unless you have given explicit consent.

4. International Data Transfers

Ozrit IT Solutions is based in India. When we transfer your personal data from the EEA to India, we rely on the European Commission's standard contractual clauses (SCCs) or other approved transfer mechanisms to ensure your data receives an equivalent level of protection. India is currently seeking adequacy recognition from the European Commission. Where SCCs are used, copies can be obtained by contacting us.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained for the duration of your account and deleted within 30 days of account deletion, subject to legal retention requirements (typically 7 years for financial records). Anonymised data may be retained indefinitely as it no longer constitutes personal data under GDPR.

6. Automated Decision-Making

The Trust Score is computed algorithmically from ratings, behavioural signals, and activity data. While the Trust Score may influence how your profile appears in search results or job matching, no fully automated decisions with significant legal or similarly significant effects are made solely on the basis of the Trust Score without human review available upon request.

7. Lodging a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence. In the Republic of Ireland (our EU representative jurisdiction): Data Protection Commission (DPC)www.dataprotection.ie. In the UK: Information Commissioner's Office (ICO)ico.org.uk.

We encourage you to contact us first so we can address your concern directly before escalating to a supervisory authority.

8. How to Exercise Your Rights

To submit a GDPR request (access, erasure, portability, objection, restriction, or consent withdrawal):

  1. Email ozrittechnologies@gmail.com.
  2. Use the subject line: “GDPR Request — [Right Type]” (e.g. “GDPR Request — Erasure”).
  3. Include your registered email address and a brief description of your request.
  4. We may ask you to verify your identity before processing the request.
  5. We will confirm receipt within 3 business days and respond fully within 30 days.

9. Data Protection Contact

Ozrit IT Solutions Private Limited

Email: ozrittechnologies@gmail.com

Subject: GDPR Request