Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 7, 2025

DPDP Act 2023 Compliant

This Privacy Policy is fully compliant with India's Digital Personal Data Protection Act (DPDP) 2023, Information Technology Act 2000, and all applicable Indian data protection laws.

Table of Contents

  1. 1. Introduction and Scope
  2. 2. Definitions
  3. 3. Personal Data We Collect
  4. 4. Purpose of Data Processing
  5. 5. Legal Basis for Processing
  6. 6. Consent Management
  7. 7. Data Sharing and Disclosure
  8. 8. Data Retention
  9. 9. Data Security Measures
  10. 10. Children's Data Protection
  11. 11. Your Rights as Data Principal
  12. 12. Data Breach Notification
  13. 13. International Data Transfers
  14. 14. Grievance Redressal
  15. 15. Data Protection Officer
  16. 16. Policy Updates
  17. 17. Contact Information

1. Introduction and Scope

Welcome to VirtualAppStudio ("we," "our," or "us"). We are committed to protecting and respecting your privacy in accordance with India's Digital Personal Data Protection Act (DPDP) 2023, Information Technology Act 2000, and all applicable data protection laws.

Data Fiduciary Details:
Company Name: VirtualAppStudio
Address: G131, Phase III, Spencer Plaza, Anna Salai, Chennai, Tamil Nadu 600002
Phone: +91 99620 09900
Email: info@virtualappstudio.com

This Privacy Policy explains how we collect, use, process, and protect your personal data when you:

  • Visit our website (virtualappstudio.com)
  • Use our services (website development, e-commerce development, SEO, digital marketing)
  • Contact us through any communication channel
  • Engage with our digital platforms and applications

2. Definitions

For the purpose of this Privacy Policy, the following terms shall have the meanings ascribed to them:

Personal Data: Any data about an individual who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such individual.
Data Principal: The individual to whom the personal data relates (you, the user).
Data Fiduciary: Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data (VirtualAppStudio).
Processing: Any operation or set of operations performed on personal data including collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment, combination, restriction, erasure or destruction.
Consent: Any freely given, specific, informed, unconditional and unambiguous indication of the data principal's agreement to the processing of her personal data for a specified purpose.

3. Personal Data We Collect

3.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, postal address
  • Business Information: Company name, business type, industry, website URL
  • Project Requirements: Service preferences, project specifications, budget requirements
  • Communication Data: Messages, feedback, support requests, consultation notes
  • Payment Information: Billing address, payment preferences (payment processing handled by third-party providers)

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Location Data: General geographic location based on IP address
  • Cookie Data: Preferences, session information, analytics data (with your consent)

3.3 Information from Third Parties

  • Social Media: Information when you interact with our social media pages
  • Business Partners: Referral information from trusted partners (with proper consent)
  • Public Sources: Publicly available business information for B2B services

4. Purpose of Data Processing

We process your personal data for the following specific purposes:

4.1 Service Delivery

  • Providing website development, e-commerce development, SEO, and digital marketing services
  • Project consultation and requirement analysis
  • Technical support and maintenance
  • Service customization and optimization

4.2 Communication

  • Responding to inquiries and providing customer support
  • Sending service updates and project communications
  • Providing technical documentation and training materials
  • Processing feedback and testimonials

4.3 Business Operations

  • Contract management and billing
  • Quality assurance and service improvement
  • Legal compliance and regulatory reporting
  • Business analytics and performance monitoring

4.4 Marketing (With Consent)

  • Sending relevant service updates and newsletters
  • Sharing industry insights and best practices
  • Promoting new services and features
  • Case studies and success stories (with explicit consent)

7. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients, but only as necessary and with appropriate safeguards:

7.1 Service Providers

  • Web hosting and cloud infrastructure providers
  • Payment processing companies (for secure transaction handling)
  • Email and communication service providers
  • Analytics and marketing tools (Google Analytics, etc.)
  • Professional service providers (legal, accounting, consulting)

7.2 Business Partners

  • Technology partners for specialized services (with your consent)
  • Referral partners for client introductions (with proper agreements)
  • Subcontractors for specific project requirements

7.3 Legal Requirements

  • Government authorities and regulatory bodies as required by law
  • Law enforcement agencies in response to valid legal requests
  • Courts and tribunals in connection with legal proceedings
  • Tax authorities for compliance with taxation laws

Data Sharing Safeguards

  • All data processors sign comprehensive data processing agreements
  • We ensure adequate security measures are in place
  • Regular audits and compliance monitoring
  • Minimal data sharing principle - only what's necessary

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Data Type Retention Period Justification
Contact Information 7 years after last contact Legal obligations, potential future services
Project Data 5 years after project completion Support, maintenance, legal requirements
Financial Records 7 years as per Income Tax Act Legal compliance, tax obligations
Marketing Data Until consent withdrawn Consent-based processing
Website Analytics 26 months (Google Analytics default) Website optimization, user experience
Security Logs 1 year minimum (DPDP Act requirement) Breach detection, security monitoring

Automatic Data Deletion

We have implemented automated systems to delete personal data once the retention period expires, unless extended retention is required by law or with your explicit consent.

9. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Secure HTTPS protocols for all communications
  • Regular security updates and patches
  • Multi-factor authentication for system access
  • Intrusion detection and prevention systems
  • Regular security vulnerability assessments

Organizational Measures

  • Role-based access controls
  • Regular staff training on data protection
  • Confidentiality agreements for all employees
  • Data processing impact assessments
  • Regular privacy compliance audits
  • Incident response procedures
  • Data minimization practices

Security Certifications & Standards

We adhere to industry-standard security frameworks including ISO 27001 guidelines, NIST Cybersecurity Framework, and implement security measures recommended under the IT Act 2000.

10. Children's Data Protection

DPDP Act 2023 Compliance

We are committed to protecting children's privacy and comply with all provisions of the DPDP Act 2023 regarding processing of personal data of children (individuals under 18 years).

10.1 Children's Data Processing

  • Parental Consent: We obtain verifiable parental consent before processing any child's personal data
  • Consent Verification: We use appropriate methods to verify parent/guardian identity
  • Limited Processing: We process only the minimum data necessary for the specified purpose
  • No Targeted Advertising: We do not use children's data for behavioral advertising or targeted marketing

10.2 Age Verification

  • We request age information during registration processes
  • Users under 18 are directed to obtain parental consent
  • We maintain records of parental consent and verification
  • Regular reviews ensure ongoing compliance with children's data protection

10.3 Parents' Rights

  • Right to review personal data collected from their child
  • Right to request deletion of their child's personal data
  • Right to withdraw consent at any time
  • Right to prevent further collection or use of their child's data

11. Your Rights as Data Principal

Under the DPDP Act 2023, you have the following rights regarding your personal data:

Right to Information

You have the right to obtain information about the processing of your personal data.

Right to Correction

You have the right to seek correction of inaccurate or misleading personal data.

Right to Erasure

You have the right to request deletion of your personal data, subject to legal requirements.

Right to Grievance Redressal

You have the right to effective grievance redressal mechanisms.

Right to Nominate

You may nominate another person to exercise your rights in case of death or incapacity.

Right to Data Portability

You have the right to receive your data in a structured, commonly used format.

Response Timeline

We will respond to your requests within reasonable time and in any case within the time limits specified under the DPDP Act 2023. For complex requests, we may extend this period and will inform you of any such extension.

12. Data Breach Notification

DPDP Act 2023 Compliance

In accordance with the DPDP Act 2023, we have established comprehensive data breach notification procedures to protect your rights and ensure regulatory compliance.

12.1 Breach Detection & Response

  • Continuous Monitoring: 24/7 security monitoring systems to detect potential breaches
  • Immediate Assessment: Rapid evaluation of breach scope, impact, and affected data
  • Containment Measures: Immediate steps to prevent further data exposure
  • Forensic Investigation: Thorough analysis to determine cause and prevent recurrence

12.2 Notification Timeline

72h
Data Protection Board Notification: We will notify the Data Protection Board of India within 72 hours of discovering the breach.
ASAP
Data Principal Notification: We will notify affected individuals without undue delay when the breach poses high risk to their rights and freedoms.

12.3 Information Provided

Our breach notifications will include:

  • Nature and scope of the personal data breach
  • Categories and approximate number of data principals affected
  • Categories and approximate number of personal data records concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for further information

13. International Data Transfers

Cross-Border Data Protection

When we transfer your personal data outside India, we ensure appropriate safeguards are in place as required under the DPDP Act 2023.

13.1 Transfer Safeguards

  • Adequacy Decisions: Transfers to countries deemed adequate by the Government of India
  • Standard Contractual Clauses: Approved contractual safeguards for international transfers
  • Binding Corporate Rules: Internal policies ensuring equivalent protection
  • Specific Derogations: Limited transfers under exceptional circumstances with explicit consent

13.2 Current International Partners

  • Cloud Infrastructure: AWS, Google Cloud (with appropriate data localization where required)
  • Analytics Services: Google Analytics (with IP anonymization)
  • Communication Tools: Microsoft Office 365, Google Workspace (with business associate agreements)
  • Payment Processors: International payment gateways (with strong encryption and tokenization)

Your Rights for International Transfers

You have the right to obtain information about international transfers of your data and to object to such transfers where they do not meet DPDP Act requirements.

14. Grievance Redressal Mechanism

Commitment to Resolution

We are committed to addressing your privacy concerns promptly and effectively. Our grievance redressal mechanism ensures fair and timely resolution of all data protection issues.

14.1 How to File a Grievance

Email: privacy@virtualappstudio.com

Detailed description of your concern with relevant documentation

Phone: +91 99620 09900 (Data Protection Officer)

Direct phone support for urgent privacy matters

Postal Address:
Data Protection Officer
VirtualAppStudio
G131, Phase III, Spencer Plaza
Anna Salai, Chennai, Tamil Nadu 600002

14.2 Resolution Process

1
Acknowledgment: We acknowledge receipt within 2 business days
2
Investigation: Thorough investigation within 15 business days
3
Resolution: Final response within 30 days (as per IT Act 2000)
4
Escalation: If unsatisfied, you may approach the Data Protection Board

Alternative Dispute Resolution

If our internal grievance mechanism does not resolve your concern, you have the right to approach the Data Protection Board of India or seek other legal remedies available under Indian law.

15. Data Protection Officer

Contact Information

Name:
Raj Kumar Sharma
Designation:
Data Protection Officer & Chief Privacy Officer
Office Address:
G131, Phase III, Spencer Plaza
Anna Salai, Chennai
Tamil Nadu 600002, India
Office Hours:
Monday to Friday: 9:00 AM - 6:00 PM IST
Emergency Contact:
Available 24/7 for critical privacy incidents

DPO Responsibilities

  • Monitoring compliance with DPDP Act 2023 and other data protection laws
  • Conducting privacy impact assessments and data protection audits
  • Serving as primary contact for data protection authorities
  • Handling data principal requests and grievances
  • Providing data protection training to employees
  • Advising on data protection matters and policy development

16. Policy Updates

Keeping You Informed

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

16.1 Update Notification Process

  • Material Changes: 30 days advance notice via email and website banner
  • Minor Updates: Notification through website and updated "Last Modified" date
  • Legal Requirement Changes: Immediate update with prominent notice
  • Version Control: All previous versions archived and available upon request

16.2 Version History

Version 2.0 - January 7, 2025: Updated for DPDP Act 2023 compliance
Version 1.5 - August 2023: Enhanced security measures and children's data protection
Version 1.0 - January 2023: Initial privacy policy under IT Act 2000

17. Contact Information

Company Information

Legal Name: VirtualAppStudio
Registered Address:
G131, Phase III, Spencer Plaza
Anna Salai, Chennai
Tamil Nadu 600002, India
Business Hours:
Monday to Friday: 9:00 AM - 6:00 PM IST
Saturday: 10:00 AM - 2:00 PM IST

Contact Channels

General Inquiries:
info@virtualappstudio.com
Privacy Matters:
privacy@virtualappstudio.com
Data Protection Officer:
dpo@virtualappstudio.com
Phone Support:
+91 99620 09900

Frequently Asked Questions

How can I access my personal data?

You can request access to your personal data by contacting our DPO at dpo@virtualappstudio.com. We will provide the information within 15-30 days.

How can I delete my account and data?

You can request account deletion by emailing privacy@virtualappstudio.com. We will process your request within 30 days, subject to legal retention requirements.

Do you share data with third parties?

We only share data with trusted service providers under strict contractual obligations or as required by law. We never sell your personal data.

Legal Compliance Statement

This Privacy Policy is compliant with the Digital Personal Data Protection Act (DPDP) 2023, Information Technology Act 2000, and all applicable Indian privacy and data protection laws. For legal questions, please contact our legal team at legal@virtualappstudio.com.