Supista
Contact Us

GDPR Compliance and Data Protection

Last updated: 26 May 2025

Supista is the brand of APICON SOLUTIONS PRIVATE LIMITED. We design, develop, and operate the Supista platform with a strong commitment to regulatory compliance, data protection, and responsible data governance under the General Data Protection Regulation (GDPR) and related global privacy frameworks.

Our GDPR commitment

APICON SOLUTIONS PRIVATE LIMITED applies privacy by design and privacy by default principles across all Supista services and deployments. We collect and process only the data required to deliver platform functionality, maintain transparent processing practices, and support audit-ready environments for organizations using the Supista platform.

Lawful basis and scope of processing

  • Data is processed to operate and improve Supista services, fulfill customer agreements, and support legitimate operational, analytical, and security functions within the platform.
  • We minimize personal data collection and prioritize business-context information, pseudonymization, and structured access controls wherever possible.
  • Processing activities are documented and maintained in internal records of processing by APICON SOLUTIONS PRIVATE LIMITED.

Data subject rights

  • Individuals may request access, correction, deletion, restriction, or portability of personal data processed through Supista.
  • Requests are reviewed and fulfilled within the timelines defined by GDPR.
  • Objections to processing, including marketing communications, are respected and recorded by APICON SOLUTIONS PRIVATE LIMITED.

Data processing and retention

  • Personal data is retained only as long as necessary to deliver Supista services or to meet legal and contractual obligations.
  • Organizations using Supista may configure data retention policies aligned with their internal governance and regulatory requirements.
  • APICON SOLUTIONS PRIVATE LIMITED executes Data Processing Agreements (DPAs) with customers and subprocessors to maintain GDPR-compliant safeguards across the service ecosystem.

Security and subprocessors

  • Supista implements enterprise security controls including role-based access management, encryption in transit and at rest, monitoring systems, and platform security reviews.
  • Subprocessors engaged by APICON SOLUTIONS PRIVATE LIMITED undergo security and privacy assessments and operate under contractual obligations aligned with GDPR requirements.
  • We maintain security incident response procedures and perform periodic security validation and testing.

International data transfers

  • When personal data is transferred outside the EEA or UK, APICON SOLUTIONS PRIVATE LIMITED applies appropriate lawful transfer mechanisms such as Standard Contractual Clauses and additional safeguards.
  • Customers may select hosting regions for their Supista environments in order to align with internal compliance policies and regional data regulations.

Incident response and notifications

  • Security incidents are classified, investigated, and addressed using documented response procedures and escalation paths.
  • If a breach affecting personal data occurs, APICON SOLUTIONS PRIVATE LIMITED will notify affected customers and applicable regulators without undue delay, providing details about scope, mitigation actions, and response measures.

Contact APICON SOLUTIONS PRIVATE LIMITED

For privacy inquiries, data processing agreements, or GDPR rights requests related to Supista, contact APICON SOLUTIONS PRIVATE LIMITED at privacy@supista.com. Please include your name, contact details, and request description so our team can respond within the appropriate regulatory timeframe.

AI-Powered Operational Intelligence for Growing Businesses

Automate your operations. Orchestrate your workflows. Scale with confidence.

Book a free strategy session with our Automation Experts and discover how Supista’s AI-Composable ERP can transform your operations into a scalable and intelligent system.

Schedule Your Free Call