top of page

Privacy Policy

 

1. Who We Are & Contact Information

Controller/Data Fiduciary: Pragmatic Digital Solutions Private Limited

Data Protection Officer: Prasanth E G

Email: dpo@pragmaticdigital.in

Phone: +91-9940187006

EU/UK Representative: Not Applicable

 

Queries & Complaints: Contact us first at the Privacy Contact above. For EU/UK data subjects, you may also contact your local supervisory authority. For India, you may approach the Board (as established under DPDP) after using our grievance channel.

 

2. Scope of This Notice

This Notice covers personal data we process through:

• Our websites, portals and support channels

• Our products/services and professional services projects

• HR and recruitment

• Business development and marketing (where permitted)

 

When we act as a Processor for a client, that client's privacy notice governs and your rights requests should be sent to the client (controller). We assist controllers in fulfilling such requests.

3. Key Definitions

Personal Data/PII: Information that identifies or can identify an individual (EU/UK: data subject; India: data principal).

Controller/Data Fiduciary: Determines purposes and means of processing.

 

Processor/Data Processor: Processes personal data on behalf of a controller.

Consent: A freely given, specific, informed and unambiguous indication (GDPR/UK GDPR); valid consent/consent management under the DPDP Act.

DSR (Data Subject/Principal Rights): Rights to access, correction/rectification, erasure, restriction/objection, portability, and consent withdrawal (as applicable).

DPIA/TIA: Data Protection Impact Assessment / Transfer Impact Assessment.

 

4. What Personal Data We Collect

Depending on context, we may collect:

• Identity & Contact: name, email, phone, employer

• Account & Authentication: role, permissions, audit logs

• Usage & Telemetry: device/IP, event logs, app interactions, cookies/online identifiers

• Support & Correspondence: tickets, chat, email

• Recruitment & HR: CV/resume, qualifications, background checks where lawful

 

Note: We do not intentionally collect special category/sensitive personal data. If a service requires it, we will implement additional safeguards and provide specific notice.

 

5. How and Why We Use Personal Data (Purposes & Bases)

We process personal data for purposes including:

• Service delivery & support (contract performance; legitimate interests)

• Account administration & security (legitimate interests; legal obligations)

• Improving services (legitimate interests, with minimization/pseudonymization where feasible)

• Marketing communications (consent or legitimate interests; opt-out available at any time)

• Recruitment & HR (contract, legal obligations, legitimate interests)

 

We rely on the following lawful bases, as appropriate: consent, contract, legal obligation, and legitimate interests (with balancing tests where required).

Under India's DPDP Act, we additionally honour consent and consent withdrawal and fulfill accountability obligations.

6. Sources of Data

• Directly from you (forms, emails, portals, support)

• From your employer or our client (when we act as a processor)

• Through your device/usage of our services (logs, cookies, telemetry)

• From service providers and publicly available sources for business verification or recruitment (where lawful)

7. Cookies & Similar Technologies

We use cookies and similar technologies to operate and improve our sites and services. Where required, we obtain consent (e.g., for non-essential cookies in the EU/UK) and provide granular controls.

See our Cookie Notice for details.

8. How We Share Personal Data

We may share personal data with:

• Service providers/sub-processors (cloud hosting, support tools, analytics, communications) bound by contract and confidentiality

• Clients/controllers (where we act as a processor and support their services to you)

• Affiliates or professional advisers (for limited administrative/legal purposes)

• Authorities where required by law

 

Important: We do not sell personal data.

9. International Transfers

We may transfer personal data across borders. We implement safeguards such as:

• EU Standard Contractual Clauses (SCCs)

• UK IDTA/Addendum

• Adequacy decisions

• Other lawful bases

We also perform Transfer Impact Assessments where required.

 

For India DPDP compliance, we follow applicable government notifications on cross-border transfers.

10. Security of Processing

We operate an Information Security Management System aligned to ISO/IEC 27001 and a Privacy Information Management System aligned to ISO/IEC 27701.

 

Our security measures include:

• Access control and multi-factor authentication (MFA)

• Encryption of data in transit and at rest

• Logging and monitoring

• Backup and recovery procedures

• Vulnerability and patch management

• Supplier due diligence

 

We limit access to those with a need to know and train personnel on privacy and security.

11. Data Retention

We retain personal data only for as long as necessary for stated purposes and legal obligations, following a Retention Schedule.

When no longer required, data is deleted or irreversibly anonymized. Processors are required to delete/return data at contract end.

12. Your Rights & How to Exercise Them

Depending on your location and our role, you may have rights to:

• Access your data and receive a copy

• Correct/rectify inaccurate data

• Erase data in certain circumstances

• Restrict or object to processing

• Port data to another provider

• Withdraw consent at any time where consent is the basis

• Grievance redressal (India) and nomination for certain situations under DPDP

• Complain to a supervisory authority/Board

 

How to Make a Request

Email dpo@pragmaticdigital.in with your request type and identity verification information.

If we are a processor, we will forward your request to the relevant controller and support them in responding.

13. Children's Data

Our services are not directed to children. We do not knowingly collect children's data.

If you believe a child has provided us data, please contact us at dpo@pragmaticdigital.in to request deletion.

14. Automated Decision-Making

We do not use automated decision-making with legal or similarly significant effects.

If this changes, we will provide specific notice and safeguards (including the right to obtain human review).

15. Changes to This Notice

We may update this Notice from time to time. Material changes will be highlighted on this page and, where appropriate, notified to you.

bottom of page