InfiGrowth

Data Processing Policy

Introduction

Infidigit Consultants Private Limited (“Infidigit”) is committed to protecting the privacy and security of personal data. This Data Processing Policy outlines our approach to processing personal data in compliance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This policy is also designed to comply with applicable Indian laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.

Data Controller and Processor

Infidigit may act as both a data controller and a data processor, depending on the specific context. As a data controller, we determine the purposes and means of processing personal data. As a data processor, we process personal data on behalf of our clients.

Personal Data We Process

We may process various categories of personal data, including:

  • Customer Data: Name, contact information, billing address, payment information, and other relevant details.
  • Employee Data: Name, contact information, employment history, payroll information, and other relevant details.
  • Website Visitor Data: IP address, browser type, device information, and website usage data.

Purpose of Processing

We process personal data for various purposes, including:

  • Providing Services: Delivering our services, such as digital marketing, SEO, and content marketing.
  • Customer Support: Responding to customer inquiries and resolving issues.
  • Billing and Payments: Processing payments and issuing invoices.
  • Marketing and Sales: Sending marketing communications and promoting our services.
  • Website Analytics: Analyzing website traffic and user behavior.
  • Security: Protecting our systems and data from unauthorized access.
  • Legal Compliance: Complying with legal obligations and regulatory requirements.

Legal Basis for Processing

We rely on the following legal bases for processing personal data:

  • Contractual Necessity: Processing personal data is necessary for the performance of a contract with the data subject.
  • Legitimate Interest: Processing personal data is necessary for our legitimate interests, such as improving our services, protecting our business, or enforcing our rights.
  • Consent: We may obtain explicit consent from data subjects for specific processing activities.
  • Legal Obligation: We may process personal data to comply with legal obligations.

Data Security

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:  

  • Access Controls: Limiting access to personal data to authorized personnel.
  • Data Encryption: Encrypting sensitive data to prevent unauthorized access.
  • Regular Security Assessments: Conducting regular security assessments to identify and address vulnerabilities.
  • Incident Response Plan: Having a plan in place to respond to data breaches and security incidents.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected. We may also retain personal data to comply with legal obligations or to resolve disputes.

Data Transfer

We may transfer personal data to third-party service providers located within and outside the European Economic Area (EEA). We ensure that appropriate safeguards are in place to protect personal data when it is transferred to third-party countries.

Data Subject Rights

Data subjects have the following rights:

  • Access: The right to access their personal data and obtain a copy.
  • Rectification: The right to request the rectification of inaccurate or incomplete personal data.
  • Erasure: The right to request the erasure of personal data under certain circumstances.
  • Restriction of Processing: The right to request the restriction of processing of personal data under certain circumstances.
  • Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
  • Objection: The right to object to the processing of personal data.

Contact Us

If you have any questions or concerns about our Data Processing Policy or the processing of your personal data, please contact us at [email protected].