Client Data Protection & GDPR Compliance Policy

Company: VRL PRO DIGITAL
Website: www.vrlpro.com
Registered Location: Vadodara, Gujarat, India
Contact: info@vrlpro.com
Effective Date: 01/01/2016
Last Updated: 27/09/2025

1. Purpose

This Policy explains how VRL PRO DIGITAL (“Company,” “we,” “our,” or “us”) protects client data, ensures compliance with international data protection regulations, and implements technical, organizational, and legal safeguards.

We are committed to meeting the requirements of:

  • GDPR (General Data Protection Regulation – EU & UK)
  • CCPA (California Consumer Privacy Act – USA)
  • Indian IT Act 2000 & amendments (DPDP Bill 2023)
  • Other applicable international data protection frameworks.

2. Scope

This Policy applies to all data shared by clients (“Client,” “you,” or “your”), including but not limited to:

  • Personal information (name, email, phone).
  • Business data (brand materials, campaign data, client lists).
  • Payment details (handled via third-party processors).
  • Access credentials (website, ad platforms, hosting).
  • Project-related documents, communications, and files.

3. Data Collection Principles

We follow these data protection principles:

  1. Lawfulness, Fairness & Transparency – Data is collected and processed with consent, for legitimate business purposes, and with transparency.
  2. Purpose Limitation – Data is only used for the purposes agreed (e.g., service delivery, communication, billing).
  3. Data Minimization – We collect only the information necessary to perform services.
  4. Accuracy – Clients may request correction or updates to inaccurate data.
  5. Storage Limitation – Data is retained only as long as necessary for business/legal purposes.
  6. Integrity & Confidentiality – Strong security measures protect against unauthorized access, loss, or misuse.

4. Client Rights Under GDPR/CCPA

Depending on jurisdiction, clients have the following rights:

  • Right of Access – Request a copy of personal/business data we hold.
  • Right to Rectification – Correct inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten) – Request deletion of data.
  • Right to Restrict Processing – Limit how data is processed.
  • Right to Data Portability – Receive data in a machine-readable format.
  • Right to Object – Opt-out of direct marketing or certain processing.
  • Right to Withdraw Consent – At any time, without affecting prior lawful processing.
  • CCPA Rights (for California clients): Request disclosure of data collected, opt-out of “sale” of data, request deletion.

Requests can be made via info@vrlpro.com. We will respond within 30 days (or as required by law).

5. Data Security Measures

We implement a layered approach to data security:

Technical Safeguards

  • SSL encryption on all communications.
  • Secure cloud storage (Google Workspace, encrypted backups).
  • Encrypted file transfers (password-protected links, limited access).
  • Two-factor authentication (2FA) for internal tools and accounts.

Organizational Safeguards

  • Role-based access (only authorized staff access client data).
  • Confidentiality agreements for employees, contractors, and partners.
  • Regular staff training on data protection and compliance.

Physical Safeguards

  • Restricted access to servers and workstations.
  • Secure office environment (CCTV, access control).

6. International Data Transfers

Since VRL PRO DIGITAL serves global clients, data may be transferred internationally. We ensure:

  • GDPR-compliant safeguards, such as Standard Contractual Clauses (SCCs).
  • Data centers used by third parties (Google, AWS, etc.) comply with EU/US privacy frameworks.
  • Clients are informed when data is processed outside their jurisdiction.

7. Third-Party Processors

We may engage trusted third-party service providers for:

  • Payment processing (Stripe, PayPal, Razorpay).
  • Hosting and storage (Google Cloud, AWS, Hostinger).
  • Analytics and tracking (Google Analytics, Meta Pixel, LinkedIn Insight).
  • Project management and communication (Slack, Trello, Asana, Zoom).

All third parties are required to comply with applicable privacy laws.

8. Data Retention Policy

  • Project files, reports, and communications: 12 months post-project unless otherwise requested.
  • Payment and financial records: 7 years (for compliance/tax purposes).
  • Backups: Rotated periodically and deleted after expiry.
  • Marketing communications: Until you unsubscribe.

9. Breach Notification

In the unlikely event of a data breach:

  • Clients will be notified within 72 hours of discovery (as per GDPR).
  • Affected data and corrective actions will be clearly communicated.
  • Remediation steps will be taken immediately to secure systems.

10. Client Responsibilities

Clients agree to:

  • Provide accurate and lawful data.
  • Maintain security of their own systems and accounts.
  • Change all shared passwords after offboarding (as per Offboarding Policy).
  • Comply with third-party platform terms (Google, Meta, LinkedIn, etc.).

11. Liability & Limitations

  • VRL PRO DIGITAL takes every reasonable precaution to safeguard client data.
  • However, we are not liable for breaches caused by:
    • Third-party platform vulnerabilities,
    • Client-side negligence (e.g., weak passwords, phishing attacks),
    • Force majeure events beyond our control.

12. Governing Law

This Policy is governed by the laws of India and applicable international data protection laws. Disputes will fall under the jurisdiction of Vadodara, Gujarat, India.

13. Updates to Policy

We may update this Policy to comply with evolving laws and industry standards. Updated versions will be posted on our Website with a revised effective date.

14. Contact Us

For data protection or GDPR-related queries, please contact:

VRL PRO DIGITAL
Vadodara, Gujarat, India
📧 info@vrlpro.com
🌐 www.vrlpro.com