The Digital Personal Data Protection Act 2023 (DPDP Act) is India’s primary law for handling personal data. Blue360 follows the principles of this law to protect client and user data. However, compliance is a shared responsibility between Blue360 and our clients. This article explains how Blue360 complies with the DPDP Act, what clients must do, and the limitations of our responsibility.
How Blue360 Complies with the DPDP Act
- Collects only necessary personal data for marketing and project execution
- Uses secure systems and popular tracking tools responsibly
- Does not sell personal data to unauthorized third parties
- Shares data with third parties only if required by their platform policies or by law
- Protects CRM data and restricts access to authorized Blue360 staff only
- Provides a grievance contact email for legal or data-related queries
Client Responsibilities Under the DPDP Act
- Provide accurate and lawful data for marketing campaigns
- Obtain consent from end users before sharing their data with Blue360
- Inform Blue360 if any data shared is sensitive or requires special handling
- Maintain proper backups and access control for business-side data
- Do not misuse analytics or tracking tools integrated by Blue360
Limitations of Blue360 Responsibility
- Blue360 is not liable for misuse of data by clients or their staff
- Blue360 cannot control how third-party platforms such as Google, Meta, or Razorpay handle data
- Blue360 does not guarantee compliance if clients bypass or disable recommended data practices
- Long-term storage or archival of client data is the client’s responsibility unless included in a specific plan
Best Practices for Clients
- Display a clear privacy policy on your website
- Use cookie consent banners if you use analytics or advertising pixels
- Store only the data you truly need for business operations
- Limit access to sensitive data to authorized team members only
- Delete data that is no longer needed for business or legal purposes
FAQs
Q: Does Blue360 act as a data processor or controller?
Blue360 acts as a processor when handling client data for campaigns, but each client is the controller of their customer data.
Q: Will Blue360 handle international data compliance like GDPR or CCPA?
No. Blue360 serves only Indian clients, so DPDP Act rules apply. Clients with international users must handle foreign compliance separately.
Q: How long does Blue360 store my project data?
Data is retained only as long as required for the active project or plan. Clients should keep their own long-term archives.
Q: Can Blue360 guarantee that third-party tools are DPDP compliant?
No. Compliance of third-party platforms is controlled by the platform provider, not Blue360.
Q: How do I raise a concern about data handling?
Email legal queries to blue360.in@gmail.com. Complaints are logged and acknowledged through our grievance redressal process.