Privacy & Data Protection Policy
This Privacy Policy describes how Brandigo Private Limited collects, uses, and protects personal and organisational data when you access www.brandigo.in and engage with our BFSI & Enterprise services.
This Policy applies to B2B clients, enterprise users, authorised representatives, and all visitors to the Brandigo BFSI portal. For PrintStore (www.printstore.world), a separate Privacy Policy applies.
1. Introduction and Scope
Brandigo Private Limited ("Brandigo", "we", "us", "our") is committed to protecting the privacy and security of personal data collected in the course of providing BFSI & Enterprise services through www.brandigo.in.
This Privacy & Data Protection Policy ("Policy") explains what data we collect, how and why we process it, with whom we share it, and the rights available to you. It applies to all users of the Brandigo BFSI portal, including authorised representatives of client organisations, prospective clients, and portal visitors.
By accessing the Portal or engaging with Brandigo's services, you acknowledge that you have read and understood this Policy.
2. Who is Responsible for Your Data
Brandigo Private Limited is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 and, where applicable, the Data Controller for personal data collected through www.brandigo.in. All data processing activities are conducted in compliance with applicable Indian data protection laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDPA") as applicable.
- Data Fiduciary / Data Controller: Brandigo Private Limited
- Address: Plot No. D-222/20, MIDC Shirvane, Nerul, Navi Mumbai – 400706
- Data Protection Contact: contact@brandigo.in
- Grievance Officer: Vijay Gaikwad | contact@brandigo.in
3. What Data We Collect
Depending on how you use the Portal and engage with Brandigo's services, we may collect the following categories of data:
3.1 Account and Registration Data
Data collected when you register for a portal account or initiate an engagement:
- Full name and designation
- Business email address and phone number
- Organisation name, registered address, and GSTIN
- Login credentials (username and password)
3.2 Technical and Usage Data
Data automatically collected when you access or navigate the Portal:
- IP address and device identifiers
- Browser type, version, and operating system
- Pages visited, time and date of access, and session duration
- Referral URL and clickstream data
- Cookie and similar tracking technology data (see Section 10)
3.3 Transaction and Commercial Data
Data collected when you place orders, request services, or execute commercial agreements:
- Purchase and order history
- Billing and invoicing details, including GSTIN and bank details for refunds
- Signed agreements, POs, and SOWs
- Payment records
3.4 Communication Data
Data collected when you contact Brandigo's support, sales, or operations teams:
- Name, email, and phone number
- Content of correspondence, queries, and complaints
- Records of calls, emails, or chat interactions
3.5 Operational and Project Data
Data shared with Brandigo in the course of service delivery, including:
- Merchant data, field deployment data, and operational datasets shared by client organisations
- Artwork, design files, brand assets, and content submitted for printing or production
- API credentials and integration parameters
- Any personally identifiable information of third parties (e.g., merchants, end-users) submitted by the client as part of managed service delivery
4. Why We Process Your Data
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Account creation and portal access management | Account, Technical | Contractual necessity |
| Delivering BFSI & Enterprise services as agreed | Account, Transaction, Operational | Contractual necessity |
| Invoicing, GST compliance, and financial record-keeping | Account, Transaction | Legal obligation |
| Customer support and issue resolution | Account, Communication, Transaction | Legitimate business interest |
| Security monitoring and fraud prevention | Technical, Usage, Account | Legitimate business interest |
| Service improvement and analytics | Technical, Usage | Legitimate business interest |
| Marketing and promotional communications (with consent) | Account, Marketing | Consent |
| Compliance with legal and regulatory obligations | All categories as required | Legal obligation |
| Protecting Brandigo's rights in disputes or legal proceedings | All relevant categories | Legitimate business interest |
5. Handling of Third-Party Personal Data (Merchant and End-User Data)
Where Brandigo processes personal data of merchants, end-users, or other third parties on behalf of a client organisation as part of a managed service (e.g., merchant onboarding, field deployment, payment infrastructure management), Brandigo acts as a Data Processor on behalf of the client, which acts as the Data Fiduciary / Data Controller for such data.
In such cases:
- The client organisation is solely responsible for ensuring lawful collection and disclosure of such data to Brandigo
- Brandigo will process such data only as instructed by the client and in accordance with a Data Processing Agreement (DPA)
- Brandigo will implement appropriate technical and organisational measures to protect such data
- Brandigo will not use third-party personal data submitted by clients for any purpose other than delivery of the agreed service
Clients are required to enter into a Data Processing Agreement with Brandigo before sharing any third-party personal data. Please contact contact@brandigo.in to initiate a DPA.
6. Data Sharing and Disclosure
Brandigo may share your data with the following categories of parties, only to the extent necessary:
| Recipient | Purpose and Basis |
|---|---|
| Technology and IT service providers | Portal hosting, cloud infrastructure, software tools — contractual necessity |
| Logistics and field operations partners | Service delivery, last-mile deployment — contractual necessity |
| Payment processors and banking partners | Invoice processing and payment collection — contractual necessity |
| Legal and professional advisors | Legal advice, compliance, dispute resolution — legitimate interest |
| Regulatory and government authorities | Compliance with applicable law — legal obligation |
| Auditors and compliance bodies | ISO 27001, internal and external audits — legal obligation / legitimate interest |
| Successor entities in restructuring | Business reorganisation, merger, or acquisition — legitimate interest |
Brandigo does not sell or rent your personal data to third parties for their independent marketing purposes.
7. Data Security
Brandigo maintains an Information Security Management System (ISMS) aligned with ISO 27001 standards. We implement the following technical and organisational measures to protect your data:
- Encryption of data in transit (TLS) and at rest
- Role-based access controls and least-privilege principles
- Multi-factor authentication for portal and system access
- Regular security assessments, vulnerability scanning, and penetration testing
- Incident response and breach notification procedures
- Employee information security training and awareness programmes
In the event of a personal data breach that is likely to result in a risk to your rights or interests, Brandigo will notify affected data principals and the Data Protection Board of India as required under the DPDPA and applicable law. Internal breach response procedures ensure that incidents are assessed, contained, and reported within the prescribed regulatory timelines.
8. Data Retention
Brandigo retains personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention principles apply:
| Data Category | Retention Period |
|---|---|
| Account and registration data | Duration of engagement + 3 years post-termination |
| Transaction and invoicing data | 7 years (as required by GST and Companies Act) |
| Communication records | 3 years from last interaction |
| Operational / project data | As specified in the applicable MSA or DPA |
| Security and access logs | 1 year from date of creation |
| Legal hold data | Until resolution of relevant proceedings |
Upon expiry of the applicable retention period, data will be securely deleted or anonymised.
9. Your Rights
As a Data Principal, data subject, or authorised representative, you have the following rights in relation to your personal data, subject to applicable law:
- Right to Access: Request a copy of personal data Brandigo holds about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of data where it is no longer necessary or lawfully held
- Right to Restrict Processing: Request restriction of processing in certain circumstances
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent where processing is consent-based, without affecting prior lawful processing
To exercise any of these rights, please contact our Grievance Officer at contact@brandigo.in. We will respond within 30 (thirty) days of receiving your request. We may ask you to verify your identity before processing your request. Under the Digital Personal Data Protection Act, 2023, you also have the right to nominate an individual to exercise your data rights on your behalf in the event of your death or incapacity. If you are dissatisfied with our response, you may escalate your complaint to the Data Protection Board of India or any other relevant regulatory authority under applicable Indian law.
10. Cookies and Tracking Technologies
The Brandigo BFSI portal uses cookies and similar technologies to enable portal functionality, maintain session security, and analyse usage patterns.
| Cookie Type | Purpose |
|---|---|
| Essential / Session Cookies | Required for portal login, navigation, and security. Cannot be disabled. |
| Analytics Cookies | Understand portal usage and improve user experience. Can be disabled. |
| Preference Cookies | Remember your settings and preferences across sessions. |
| Security Cookies | Detect and prevent fraudulent activity and unauthorised access. |
You may manage cookie preferences through your browser settings or through the cookie consent banner displayed on your first visit to the portal. The banner allows you to accept or decline non-essential cookie categories (analytics, marketing) independently. Essential and security cookies cannot be disabled as they are required for portal operation. You may withdraw consent to non-essential cookies at any time by updating your browser settings or contacting us at contact@brandigo.in. For more details, please refer to our Cookie Notice at www.brandigo.in/cookie-policy.
11. Marketing Communications
Brandigo may send marketing communications about its services, updates, and industry insights to registered users and clients. You may opt out of marketing communications at any time by:
- Clicking the "Unsubscribe" link in any marketing email
- Contacting us at contact@brandigo.in with your opt-out request
Please note that opting out of marketing communications will not affect operational or transactional communications related to your active engagements with Brandigo.
12. Children's Data
The Brandigo BFSI portal is intended solely for business users and authorised representatives of organisations. It is not directed at or intended for use by individuals under the age of 18. Brandigo does not knowingly collect personal data from minors. If we become aware that data of a minor has been inadvertently collected, we will delete it promptly.
13. International Data Transfers
Brandigo processes and stores data primarily within India. Where data is transferred to or processed by third-party service providers located outside India (e.g., cloud infrastructure or analytics providers), Brandigo ensures that appropriate contractual safeguards are in place to maintain an adequate level of data protection consistent with applicable Indian law.
14. Changes to This Policy
Brandigo reserves the right to update this Policy at any time to reflect changes in our services, technology, or applicable law. The revised Policy will be posted at www.brandigo.in/privacy-policy with an updated "Last Updated" date. For material changes, we will notify registered users via email or a prominent notice on the Portal. Continued use of the Portal after notification constitutes acceptance of the revised Policy.
15. Contact and Grievance
- Grievance Officer: Vijay Gaikwad
- Email: contact@brandigo.in
- Address: Brandigo Private Limited, Plot No. D-222/20, MIDC Shirvane, Nerul, Navi Mumbai – 400706
- Response Time: Within 30 (thirty) days of receipt of complaint or request
- For data protection queries: contact@brandigo.in
If you are dissatisfied with our response, you may escalate your grievance to the relevant regulatory authority under applicable Indian law.
Brandigo Private Limited | www.brandigo.in | contact@brandigo.in | MIDC Shirvane, Nerul, Navi Mumbai – 400706