PRIVACY POLICY

SocialMedias.net – Digital Marketing Agency

Compliant with DPDPA 2023 & DPDP Rules 2025

Document Type: Privacy Policy Statement

Jurisdiction: Republic of India

Legal Framework: Digital Personal Data Protection Act, 2023 (DPDPA) | DPDP Rules, 2025 | IT Act, 2000

Entity: SocialMedias.net (Data Fiduciary)

Effective Date: March 25, 2026   |   Last Reviewed: March 25, 2026

Contact: hello@socialmedias.net

Welcome to SocialMedias.net. This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you access our website or use our services.

This Privacy Policy complies with the Digital Personal Data Protection Act, 2023 (DPDPA), DPDP Rules 2025, and IT Act, 2000.

Why You Can Trust Us:

– We do not sell or rent your personal data

– We only collect data necessary for delivering our services

– You have full control over your data at all times

– We respond to all data-related requests within defined timelines

By accessing our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction
2. Definitions
3. Personal Data We Collect

The following terms used in this document carry the meanings as defined under the DPDPA 2023:

  • ‘Data Principal’ means the individual to whom the personal data relates. For a child (person below 18 years) or a person with disability, the parent or legal guardian is the Data Principal.
  • ‘Data Fiduciary’ means SocialMedias.net, which determines the purpose and means of processing personal data.
  • ‘Data Processor’ means any person who processes personal data on behalf of and under the instructions of SocialMedias.net.
  • ‘Personal Data’ means any data about an individual who is identifiable by or in relation to such data, as defined under Section 2(t) of the DPDPA.
  • ‘Processing’ includes collection, storage, use, sharing, disclosure, and deletion of personal data.
  • ‘Consent’ means a free, specific, informed, unconditional, and unambiguous indication of agreement by the Data Principal to the processing of their personal data.
  • ‘Data Protection Board’ means the Data Protection Board of India established under Section 18 of the DPDPA 2023.

As a Data Fiduciary under DPDPA 2023, we collect the following categories of personal data only for specified, lawful purposes:

3.1 Identity & Contact Data
  • Full name, email address, mobile number, postal address
  • PAN card number, Aadhaar number (only where legally required for service delivery)
  • Designation, company name, and professional details
3.2 Technical & Usage Data
  • IP addresses, device identifiers, browser type and version
  • Cookies, web beacons, pixel tags, session data
  • Pages visited, time spent, click behaviour, referral URLs
3.3 Marketing & Communications Data
  • Email campaign engagement data (open rates, click rates)
  • Social media profile data where you have connected your accounts
  • Client campaign briefs, creative assets, and campaign preferences
3.4 Financial Data
  • Bank account details and GST/PAN information for invoicing purposes only
  • Payment transaction records (processed through secure third-party gateways)

    NOTE: We do not collect biometric data, genetic data, racial or ethnic origin data, political opinions, religious beliefs, or health data unless explicitly required and with your separate, specific consent.
4. Purpose of Processing Personal Data
  • In compliance with Section 6 of the DPDPA 2023 and Rule 3 of the DPDP Rules 2025, we process your personal data solely for the following specified purposes:

    • Service Delivery: To provide digital marketing, SEO, social media management, paid advertising, content marketing, and web analytics services as contracted and more.
    • Client Communication: To communicate about project updates, deliverables, invoices, and service-related notifications.
    • Legal & Regulatory Compliance: To comply with applicable Indian laws including GST, Companies Act, and Income Tax Act obligations.
    • Website Improvement: To analyse website traffic, improve user experience, and resolve technical issues.
    • Marketing (with consent): To send you newsletters, case studies, and promotional communications where you have provided explicit consent.
    • Fraud Prevention & Security: To detect, prevent, and investigate unauthorised access, fraud, or misuse of our services.

    We strictly adhere to the principle of Purpose Limitation – your data is never processed for purposes other than those stated above without a fresh, specific consent.

5. Legal Basis for Processing

As per the DPDPA 2023, we process your personal data on the following legal grounds:

  • Consent (Section 6): For marketing communications, cookie-based tracking, and data sharing with third-party marketing platforms, we process your data only upon receiving your free, specific, informed, unconditional, and unambiguous consent.
  • Contractual Necessity: To fulfil our obligations under service agreements entered into with you or your organisation.
  • Legitimate Uses (Section 7): For purposes specified under Section 7 of the DPDPA, such as compliance with court orders, government requisitions, and national security obligations.
  • Voluntary Data Sharing: Where you voluntarily provide personal data while interacting with our forms, portals, or platforms, and have not indicated non-consent to its processing.
6. Consent Mechanism

Pursuant to Rule 4 of the DPDP Rules 2025, our consent mechanism is designed to ensure:

  • Consent requests are presented in plain, simple language – no legal jargon or ambiguous terms.
  • Consent is never pre-checked or hidden; each consent is granular and purpose-specific.
  • Separate, standalone consent is sought for cookies, marketing communications, and data sharing with third parties.
  • Withdrawal of consent is as easy as granting it – you may withdraw consent at any time through a single-click option on our website or by emailing hello@socialmedias.net.
  • Upon withdrawal of consent, we will cease processing within 72 hours, and delete or anonymise the data within 30 days, unless retention is legally required.

We maintain audit logs of all consent actions as required under the DPDP Rules 2025.

7. Rights of Data Principals

The DPDPA 2023 grants you, as a Data Principal, the following rights:

7.1 Right to Access Information (Section 11)

You have the right to obtain a summary of personal data we hold about you and details of how it is being processed. Requests will be fulfilled within 30 days.

7.2 Right to Correction and Erasure (Section 12)

You may request correction of inaccurate or outdated personal data, completion of incomplete data, and erasure of personal data that is no longer necessary for the stated purpose.

7.3 Right of Grievance Redressal (Section 13)

You have the right to register a grievance with our Data Protection Officer (DPO). If unsatisfied with our response, you may escalate the matter to the Data Protection Board of India.

7.4 Right to Nominate (Section 14)

You may nominate another individual to exercise your rights on your behalf in the event of death or incapacity.

To exercise any of the above rights, please contact us at:

Email: hello@socialmedias.net

Subject: DPDPA Rights Request – [Your Name]

Response Time: We will acknowledge your request within 72 hours and respond within 30 days.

8. Data Sharing & Third-Party Disclosure

We share personal data only under the following circumstances and with appropriate contractual safeguards:

  • Service Providers & Data Processors: Cloud hosting providers, email marketing platforms (e.g., Mailchimp, Sendinblue), analytics tools (e.g., Google Analytics), and payment processors – all bound by Data Processing Agreements (DPAs) as required under DPDPA.
  • Advertising Platforms: Google Ads, Meta (Facebook/Instagram), LinkedIn – only pseudonymised or aggregated data is shared; we do not share raw personal data.
  • Legal Authorities: We disclose personal data to law enforcement, courts, or government agencies when required by law, court order, or national security requirements under Section 17 of the DPDPA.
  • Business Transfers: In the event of a merger or acquisition, personal data may be transferred to the successor entity, subject to the same privacy obligations.

We do not sell, rent, or commercially exploit your personal data. We do not share your personal data with political parties or for political profiling.

9. Cross-Border Data Transfers

Certain digital marketing tools and cloud infrastructure may involve transfer of personal data outside India. In accordance with Section 16 of the DPDPA 2023:

  • We transfer personal data only to countries not notified as restricted by the Central Government.
  • All cross-border data transfers are governed by contractual safeguards equivalent to the protections afforded under the DPDPA.
  • Where required, we implement Standard Contractual Clauses (SCCs) with overseas recipients.
10. Data Retention Policy

In compliance with Rule 8 of the DPDP Rules 2025 (Data Minimisation & Retention):

  • Client data: Retained for the duration of the contract plus 7 years (as required under Indian accounting and tax laws).
  • Prospect/Lead data: Retained for 12 months from the date of last interaction or until consent is withdrawn, whichever is earlier.
  • Website analytics data: Retained for 24 months on a rolling basis.
  • Employee data: Retained as per applicable labour laws.

Upon expiry of the retention period, we securely delete, anonymise, or destroy personal data as per our data disposal procedures. We also instruct all Data Processors to delete the relevant data.

11. Data Security Safeguards

Pursuant to Section 8(5) of the DPDPA 2023, we implement the following technical and organisational security measures:

  • Encryption of personal data in transit (TLS 1.2/1.3) and at rest (AES-256).
  • Role-based access controls (RBAC) and multi-factor authentication (MFA) for all staff.
  • Regular vulnerability assessments, penetration testing, and security audits.
  • Staff training on data protection and privacy best practices.
  • Incident response procedures and data breach notification protocols.
12. Personal Data Breach Notification

In the event of a personal data breach, as per Section 8(6) of the DPDPA 2023 and DPDP Rules 2025:

  • We will notify the Data Protection Board of India within 72 hours of becoming aware of the breach, irrespective of the gravity or risk.
  • We will notify affected Data Principals as soon as practicable, with details of the breach, data affected, and remedial measures.
  • We maintain a breach register and conduct root cause analyses for all security incidents.
13. Children's Data

We are committed to protecting the privacy of children (persons below 18 years of age) as required under Section 9 of the DPDPA 2023:

  • We do not knowingly collect personal data of children without verifiable parental or guardian consent.
  • We implement age-verification mechanisms on our digital platforms.
  • We do not conduct targeted advertising directed at children.
  • We do not engage in tracking, monitoring, or profiling of children’s behaviour.

If we become aware that we have collected personal data of a child without appropriate consent, we will delete such data immediately.

14. Cookies & Tracking Technologies

Our website uses cookies and tracking technologies. In compliance with DPDPA 2023 and the IT Act:

  • Strictly necessary cookies are placed without consent as they are essential for website functionality.
  • Analytics and marketing cookies are placed only with your prior, informed consent.
  • You may manage cookie preferences through our Cookie Consent Banner or browser settings.
  • We conduct weekly automated scans to identify and disclose all cookies, pixels, and scripts operating on our site.
15. Data Protection Officer (DPO)

In accordance with the DPDPA 2023 and DPDP Rules 2025, we have appointed a Data Protection Officer:

Name: Data Protection Officer – SocialMedias.net

Email: hello@socialmedias.net

Website: https://www.socialmedias.net/privacy-policy

Address: 22/5, patel pilla reddy road, 16th main, Hosur Rd, AECS Layout, Singasandra, Bengaluru, Karnataka 560068, India

The DPO is responsible for ensuring compliance with the DPDPA 2023, handling data principal requests, and liaising with the Data Protection Board of India.

16. Grievance Redressal Mechanism

If you have any complaints regarding the handling of your personal data:

  • Step 1: Email your grievance to hello@socialmedias.net with subject line: ‘Data Grievance – [Your Name]’.
  • Step 2: We will acknowledge within 72 hours and resolve within 30 days.
  • Step 3: If unsatisfied, you may escalate to the Data Protection Board of India at http://www.dpboard.gov.in.
17. Amendments to This Policy

We reserve the right to update this Privacy Policy in response to changes in law, business operations, or technology. Material changes will be communicated to you via email and/or a prominent notice on our website. The ‘Last Reviewed’ date at the top of this document will be updated accordingly.

Continued use of our services after notification of changes constitutes acceptance of the updated Privacy Policy.

18. Applicable Law & Jurisdiction

This Privacy Policy is governed by the laws of the Republic of India. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in karnataka, India, unless resolved through the Data Protection Board of India.