DigiSutra Solutions Logo
Digisutra Solutions
CallWA

Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 1, 2026

Version: 1.0 | Compliance: GDPR, CCPA/CPRA, PIPEDA, LGPD

Introduction & Overview

This Privacy Policy ("Policy") describes how Digisutra Solutions Private Limited ("Company", "we", "our", "us"), a digital marketing and web development agency registered in India with its registered office at B-521, iThum Tower, Sector-62, Noida (Uttar Pradesh) – 201301, India, collects, uses, discloses, processes, and protects Personal Information (as defined herein) of users ("you", "your", "User") who:

  • Visit our website at https://digisutrasolutions.com
  • Use our mobile applications (if any)
  • Engage with our digital marketing services
  • Subscribe to our newsletters or communications
  • Participate in our surveys, contests, or promotions
  • Contact us via any communication channel
  • Avail our web development and design services

This Policy is designed to comply with global data protection regulations including but not limited to:

GDPR
EU/EEA/UK
CCPA/CPRA
California
PIPEDA
Canada
LGPD
Brazil

1. Definitions

Personal Information (PI) / Personal Data (PD)
Any information relating to an identified or identifiable natural person.
Sensitive Personal Information
Includes racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation.
Processing
Any operation performed on Personal Data (collection, recording, storage, etc.).
Data Controller
Digisutra Solutions determines purposes and means of processing.
Data Processor
Third-party processing data on our behalf.

2. Information We Collect

2.1 Personal Information Collected

Identifiers

  • • Full name (first, middle, last)
  • • Email address(es)
  • • Phone number(s) (mobile, work, home)
  • • Postal address (billing, shipping, office)
  • • IP address & device identifiers
  • • Social media handles/profiles
  • • Username/password for portals

Commercial Information

  • • Company/business name & registration details
  • • Job title & department
  • • Tax identification numbers
  • • Purchase/service history
  • • Contract documents & proposals
  • • Payment information (via secure processors)
  • • Credit information (where applicable)

2.2 Technical & Usage Data

  • • Browser type & version
  • • Operating system & device type
  • • Screen resolution & color depth
  • • Language preferences
  • • Time zone & location data
  • • Referral URLs & exit pages
  • • Clickstream data & heatmaps
  • • Session recordings (anonymized)
  • • Page load times & performance metrics
  • • Error logs & crash reports

2.3 Professional & Project Data

  • • Project requirements & specifications
  • • Communication transcripts (email, chat, calls)
  • • Feedback, reviews, & testimonials
  • • Marketing campaign performance data
  • • Analytics data from client projects
  • • Content submissions & creative assets
  • • Access credentials for client systems (encrypted)

3. Methods of Data Collection

Direct Collection

  • • Contact forms & quote requests
  • • Newsletter sign-ups
  • • Account registration
  • • Service agreements
  • • Payment processing
  • • Client onboarding forms

Automated Collection

  • • Cookies & local storage
  • • Web beacons/pixel tags
  • • Server logs
  • • Analytics tools
  • • Heat mapping software
  • • Session recording tools

Third-Party Sources

  • • Social media platforms
  • • Business partners
  • • Public databases
  • • Marketing agencies
  • • Event organizers
  • • Referral programs

4. Legal Basis for Processing (GDPR/UK GDPR)

1

Consent

You have given clear consent for specific processing purposes (e.g., marketing emails).

2

Contractual Necessity

Processing is necessary for performance of a contract with you.

3

Legal Obligations

Processing is necessary for compliance with legal obligations (tax, accounting, etc.).

4

Legitimate Interests

Processing is necessary for our legitimate business interests, balanced against your rights.

5. How We Use Your Information

PurposeData TypesLegal Basis
Service DeliveryContact info, project dataContract
Client CommunicationEmail, phone, chat logsLegitimate Interest
Marketing & PromotionsEmail, usage data, preferencesConsent
Billing & PaymentsPayment info, tax detailsLegal
Security & Fraud PreventionIP address, device info, logsLegitimate Interest
Analytics & ImprovementUsage data, cookiesConsent
Legal ComplianceAll relevant dataLegal

6. Cookies & Tracking Technologies

6.1 Types of Cookies Used

Essential

Required for site functionality

Performance

Analytics & performance metrics

Functional

Remember preferences & settings

Marketing

Targeted advertising & tracking

6.2 Cookie Duration

  • Session Cookies: Expire when browser closes
  • Persistent Cookies: Remain for set period (1 month - 2 years)
  • First-Party Cookies: Set by our domain
  • Third-Party Cookies: Set by partners

Cookie Management

You can control cookies through browser settings. Disabling essential cookies may affect site functionality.

7. Data Sharing & Third-Party Disclosure

7.1 Categories of Recipients

Service Providers

  • • Web hosting & cloud services (AWS, Google Cloud)
  • • Analytics providers (Google Analytics, Mixpanel)
  • • Marketing platforms (HubSpot, Mailchimp)
  • • Payment processors (Stripe, PayPal, Razorpay)
  • • CRM systems (Salesforce, Zoho)
  • • Project management tools (Asana, Trello)

Legal & Regulatory

  • • Government authorities (tax, legal requests)
  • • Law enforcement agencies
  • • Regulatory bodies
  • • Courts & judicial systems
  • • Auditors & compliance officers

7.2 International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate safeguards:

  • • Standard Contractual Clauses (SCCs) for EU/UK transfers
  • • Privacy Shield framework (where applicable)
  • • Binding Corporate Rules (BCRs)
  • • Explicit consent for specific transfers
  • • Adequacy decisions recognition

7.3 Data Processing Agreements

All third-party processors sign Data Processing Agreements (DPAs) ensuring GDPR/CCPA compliance, confidentiality, and security standards.

8. Data Security Measures

Technical Measures

  • • 256-bit SSL/TLS encryption
  • • Firewalls & intrusion detection
  • • DDoS protection
  • • Regular security audits
  • • Vulnerability scanning
  • • Data encryption at rest & in transit

Organizational Measures

  • • Role-based access control (RBAC)
  • • Employee training & awareness
  • • Confidentiality agreements
  • • Secure development lifecycle
  • • Incident response plan
  • • Regular policy reviews

Physical Measures

  • • Secure data center facilities
  • • Biometric access controls
  • • 24/7 surveillance monitoring
  • • Environmental controls
  • • Secure document disposal
  • • Visitor logging & escorting

9. Data Retention Schedule

Data CategoryRetention PeriodBasis
Client contracts & agreements7 years after terminationLegal requirement
Financial records10 years (tax compliance)Statutory requirement
Marketing consents2 years after last activityBusiness purpose
Website analytics26 monthsAnalytics purpose
Support communications5 yearsService improvement
Backups & archives90 days (rotational)Disaster recovery

Note: Data may be retained longer if required for legal claims, investigations, or regulatory requirements.

10. Your Data Protection Rights

10.1 Global Rights Summary

Right to Access

Request copies of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restrict

Limit processing of your data

Right to Portability

Receive your data in machine-readable format

Right to Object

Object to certain types of processing

Withdraw Consent

Withdraw consent at any time

Lodge Complaint

File complaint with supervisory authority

10.2 CCPA/CPRA Specific Rights (California)

  • • Right to know categories & specific pieces collected
  • • Right to delete personal information
  • • Right to opt-out of sale/sharing
  • • Right to correct inaccurate information
  • • Right to limit use of sensitive information
  • • Right to non-discrimination for exercising rights

We do not sell personal information as defined by CCPA.

10.3 Exercise Your Rights

To exercise your rights, please contact us at:

Email

info@digisutrasolutions.com

Web Form

https://digisutrasolutions.com/privacy-request

Verification

We may require identity verification

Response time: Within 30-45 days as per regulatory requirements.

11. Special Categories & Children's Data

Children's Privacy

Our services are not directed to children under:

  • • 13 years (United States - COPPA)
  • • 16 years (EU/EEA - GDPR)
  • • 14 years (Brazil - LGPD)
  • • 18 years (other jurisdictions)

If we discover collection from underage users, we will promptly delete such data.

Sensitive Data

We generally do not collect sensitive personal information (racial origin, health data, etc.) unless:

  • • Explicitly provided with consent
  • • Required for specific services
  • • Mandated by law
  • • For employment purposes

12. Automated Decision Making & Profiling

We may use automated processing for:

  • Fraud detection & prevention
  • Marketing segmentation (with opt-out)
  • Customer support routing
  • Analytics & reporting

Your Rights:

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

13. Business Transfers & Succession

In the event of:

  • Merger, acquisition, or consolidation
  • Sale of assets or business units
  • Bankruptcy or reorganization
  • Corporate restructuring

Your personal data may be transferred to the successor entity. We will notify you of any such transfer and your rights regarding your data.

14. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  1. Investigate promptly and contain the breach
  2. Assess the risk to individuals' rights
  3. Notify affected individuals within 72 hours (GDPR)
  4. Notify supervisory authorities as required
  5. Implement remediation measures
  6. Update security protocols to prevent recurrence

Contact Immediately:

If you suspect any security issue, contact: info@digisutrasolutions.com

15. Policy Updates & Notification

We may update this Privacy Policy periodically to reflect:

  • Changes in our data practices
  • New legal or regulatory requirements
  • Service enhancements
  • Feedback from users or regulators

Notification Methods:

Website Notice

Updated effective date displayed

Email Notification

For significant changes

Consent Request

Where required by law

Continued use of our services after updates constitutes acceptance of the revised policy.

16. Jurisdiction & Governing Law

This Privacy Policy is governed by the laws of India, with particular reference to the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

Primary Jurisdiction

Courts in Noida, Uttar Pradesh, India shall have exclusive jurisdiction.

Additional Protections

Your local data protection laws may provide additional protections.

17. Contact Information

Privacy Requests

Email: info@digisutrasolutions.com
Subject: Privacy Request Form
Response: 30-45 days

Headquarters

Digisutra Solutions Private Limited
B-521, iThum Tower, Sector-62
Noida (Uttar Pradesh) – 201301
India

Supervisory Authority (EU/EEA Representative)

For EU/EEA residents, you may lodge complaints with your local Data Protection Authority (DPA).

This Privacy Policy was last comprehensively reviewed on January 1, 2026

We are committed to protecting your privacy and being transparent about our data practices.

WhatsApp
Call +1-888-644-5402