Privacy Policy
We take your privacy seriously. Here is how we collect, use, and protect your personal information in compliance with GDPR and UK GDPR.
1. Introduction
Digimarketing Art (“we”, “us”, “our”) provides digital marketing services including SEO, PPC, social media marketing, web development, and graphic design.
This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website at digimarketingart.com, engage with our services, or otherwise interact with us.
GDPR
Regulation (EU) 2016/679 compliance for European users.
UK GDPR
Data Protection Act 2018 standards for UK users.
ePrivacy
Directive 2002/58/EC compliance for cookies and tracking.
02. Data Controller & EU Rep.
We act as the Data Controller for the personal data collected through our website and when engaging in business relationships.
Data Controller
Digimarketing Art Pvt. Ltd.
Email: privacy@digimarketingart.com
Phone: +91-90565-44487
EU Representative
Appointed under Art. 27 GDPR
Contact EU representative via privacy@digimarketingart.com
UK Representative
Appointed under UK GDPR Art. 27
Contact UK representative via privacy@digimarketingart.com
03. Scope of This Policy
This Policy applies to personal data we process as a Data Controller — when you visit our website, sign up to our newsletter, request a quote, or become our client.
When we process personal data on behalf of our clients as a Data Processor (such as managing their end-customer campaign lists), the applicable client's privacy notice governs, and our processing is regulated by a Data Processing Agreement (DPA).
04. Categories of Data
Data You Provide Directly
- Name, job title, and employer info
- Business email, phone number, and physical address
- Service preferences, campaign goals, and project briefs
- Contract terms and business billing details
Data Collected Automatically
- IP address (anonymized where feasible)
- Browser type, version, and operating system
- Visited pages, click patterns, and time spent on page
- Tracking data via cookies and analytical tags
Data from Third Parties
- Public professional profiles (e.g. LinkedIn)
- B2B databases and company directories
- Aggregated advertising audience metrics
Special Categories (Art. 9)
- We do not knowingly or intentionally collect sensitive personal data
- Please do not share health, race, religion, or political data
05. Purposes & Legal Bases
Under GDPR Article 6, we process personal data only when we have a valid lawful basis:
| Purpose | Data Category | Lawful Basis (GDPR Art. 6) |
|---|---|---|
| Responding to inquiries & quotes | Name, email, phone, message content | Art. 6(1)(b) - Performance of contract / pre-contractual steps |
| Delivering digital marketing services | Client contacts, billing details, campaign data | Art. 6(1)(b) - Performance of a contract |
| Website performance analytics | Truncated IP, device info, browsing paths | Art. 6(1)(a) - Consent |
| Sending newsletter & marketing emails | Name, email address, subscription details | Art. 6(1)(a) - Consent |
| Ad retargeting & campaign analytics | Cookie identifiers, user behaviors | Art. 6(1)(a) - Consent |
| Financial accounting and tax audits | Invoices, transactional records | Art. 6(1)(c) - Legal compliance obligation |
| Fraud prevention & site security | Server logs, IP address, security events | Art. 6(1)(f) - Legitimate interests (site integrity) |
06. Recipients & Sub-Processors
We share your data with trusted partners and cloud tools to run our business services:
Infrastructure & Cloud
Vercel, Cloudinary, AWS (for secure storage & hosting)
Analytics & Advertising
Google Analytics 4, Meta Pixel, Google Ads (consent-only)
CRM & Messaging
HubSpot, Salesforce, Zoho CRM, Mailchimp
Payments
Stripe, PayPal, Razorpay (fully PCI-DSS compliant)
07. International Transfers
We are established in India. Personal data of individuals residing in the EU, EEA, or UK is transferred and stored securely under these protection mechanisms:
- Standard Contractual Clauses (SCCs): Standardized data protection contractual terms approved by the European Commission.
- UK Addendum: Applied alongside the European SCCs to protect UK citizens' data.
- Transfer Impact Assessments (TIAs): Conducted to confirm the security practices of our data pipelines.
08. Data Retention
We store personal data only as long as required for the purpose of collection or as mandated by law:
| Data Category | Standard Retention Period |
|---|---|
| General web form inquiries (no client contract) | 24 Months |
| Active client marketing campaigns & records | Duration of active contract + 3 years |
| Invoices, tax forms, and transaction receipts | 8 Years (statutory legal requirement) |
| Marketing email newsletters & subscriptions | Until consent is withdrawn or 36 months of inactivity |
| Google Analytics 4 website metrics | 14 Months |
| Server logs and cybersecurity monitoring reports | 12 Months |
09. Your Rights
Under GDPR and UK GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request details and copies of your data.
- Right to Rectification (Art. 16): Request correction of inaccurate information.
- Right to Erasure (Art. 17): Request deletion of data ("Right to be Forgotten").
- Right to Restriction (Art. 18): Request that we pause processing your data.
- Right to Portability (Art. 20): Request data transfer in structured formats.
- Right to Object (Art. 21): Object to processing under legitimate interest bases.
- Right to Withdraw Consent (Art. 7(3)): Opt-out of consent-based setups at any time.
To exercise any of your rights, please contact us at privacy@digimarketingart.com. We will respond within 30 days.
11. Marketing Communications
We send email campaigns and marketing alerts only based on:
- Explicit opt-in consent from the subscriber.
- Soft opt-in (existing clients, with a clear option to unsubscribe).
All promotional emails include a one-click "Unsubscribe" button in the footer.
12. Automated Decisions & AI
We do not perform solely automated decision-making processes that produce legal or significant effects. AI tools assist our staff with copywriting, research, and campaign optimization, under these constraints:
- No personal customer data is uploaded to public AI training models.
- All enterprise AI engines are configured to disable data training on inputs.
- All AI outputs are thoroughly reviewed by our creative staff before delivery.
13. Data Security
We implement industry-standard Technical and Organizational Measures (TOMs) to secure data:
- SSL/TLS encryption in transit (HTTPS) and encryption at rest.
- Multi-factor authentication (MFA) on all access accounts.
- Role-based access permissions restricting records access to authorized team members.
- Regular security scanning and software patch updates.
14. Children's Data
Our marketing services are directed solely to business entities. We do not knowingly collect personal data from children under 16 years of age. If you believe a child has shared data with us, please report it to privacy@digimarketingart.com.
15. Third-Party Links
Our website and blog posts may contain hyperlinks to external sites. We do not control and are not responsible for the privacy practices of external third parties.
16. Changes to This Policy
We may update this Privacy Policy to reflect changing regulatory requirements. Material changes will be highlighted on our homepage or sent via email alerts 30 days prior to taking effect.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please get in touch with our team: