Privacy Policy

Enzo Digital ("Company", "we", "our", or "us") is a digital marketing agency registered and operating from Udaipur, Rajasthan, India. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website at enzodigital.in, submit enquiries, or engage our services.

This Policy is published in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 ("IT Act"), along with the rules and regulations framed thereunder. Enzo Digital acts as a Data Fiduciary with respect to the personal data it processes.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our website and refrain from submitting personal data.

This Policy was last updated on January 1, 2025. We will notify you of material changes via email or a prominent notice on our website.

We collect personal data only to the extent necessary for providing our services and improving your experience. The categories of data we may collect include:

Contact & Identity Data: Full name, email address, phone number, job title, and company name — collected when you fill in our contact form, apply for a position, or enter into a service engagement.

Usage & Device Data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and clickstream data — collected automatically via cookies and analytics tools when you visit our website.

Communications Data: The content of messages, enquiries, feedback, or support requests you send to us, including via email or our contact form.

Business & Engagement Data: Information shared during onboarding, such as business objectives, target audiences, advertising account credentials (with your consent), and campaign performance data — collected to deliver contracted services.

We do not knowingly collect sensitive personal data (as defined under the DPDP Act) such as financial credentials, health records, religious beliefs, or biometric data through standard channels. If a specific service engagement requires such data, we will obtain your explicit consent separately.

We process your personal data for the following purposes, each supported by a legitimate legal basis under the DPDP Act, 2023:

Service Delivery: To provide the digital marketing services you have engaged us for, manage your account, communicate project updates, and fulfil contractual obligations.

Responding to Enquiries: To respond to questions, quote requests, and general communications submitted through our contact form or via email.

Recruitment: To evaluate job applications, contact candidates, and manage the hiring process for open positions at Enzo Digital.

Marketing Communications: To send newsletters, thought-leadership content, or service updates — only where you have provided consent or where we have a legitimate interest. You may withdraw consent or opt out at any time.

Analytics & Improvement: To understand how visitors use our website, identify usability issues, and improve our content and user experience through aggregated and anonymised analytics.

Legal Compliance: To comply with applicable laws, respond to lawful requests from government or judicial authorities, and protect the legal rights of Enzo Digital.

We will not process your personal data for any purpose beyond what is listed here without first obtaining your explicit consent.

Under the DPDP Act, 2023, Enzo Digital processes personal data on the following legal grounds:

Consent: Where you have freely, specifically, and unambiguously consented to processing for a stated purpose — for example, by submitting our contact form or signing up for our newsletter. You may withdraw consent at any time by contacting us at info@enzodigital.in.

Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request — for example, to deliver the services you have engaged us for.

Legitimate Interests: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights — for example, using analytics to improve our website, or retaining records of completed engagements.

Legal Obligation: Where processing is required to comply with a legal or regulatory obligation applicable to Enzo Digital under Indian law.

Each communication through which we collect your data will specify the applicable legal basis at the point of collection wherever practically possible.

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

Service Partners: We share data with trusted third-party processors (such as email service providers, analytics platforms, advertising platforms, and cloud infrastructure providers) solely to deliver our services. These parties process data on our behalf under data processing agreements that require them to maintain confidentiality and security.

Advertising Platforms: For performance marketing engagements, we may share anonymised audience data or advertising tags (such as Meta Pixel or Google Ads tags) with platforms like Google and Meta, in accordance with their respective data processing terms.

Legal Requirements: We may disclose personal data if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Enzo Digital, our clients, or others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, subject to the same protections described in this Policy.

We require all third parties with whom we share data to comply with applicable Indian data protection law and to process data only for the specified purpose.

Our website uses cookies and similar tracking technologies (such as web beacons and pixels) to enhance functionality, analyse usage, and deliver relevant content.

Essential Cookies: Necessary for the website to function and cannot be disabled. These include session management and security cookies.

Analytics Cookies: Used to collect anonymised information about how visitors use the site (e.g., pages visited, time on site, referral source). We may use services such as Google Analytics for this purpose.

Marketing Cookies: Used to track visitors across websites for advertising retargeting purposes. These are only placed where you have given consent via our cookie notice.

You may control cookie settings through your browser preferences. Disabling cookies may affect the functionality of certain parts of our website. For more information on managing cookies, visit allaboutcookies.org.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention practices are:

Contact Enquiries: Data submitted through our contact form is retained for 24 months from the date of the last interaction, after which it is securely deleted unless a contractual relationship has commenced.

Client Engagement Data: Data related to active and past client engagements is retained for 5 years from the end of the engagement, in compliance with statutory accounting and tax requirements under Indian law.

Job Applications: Candidate data is retained for 6 months from the date of application for unsuccessful candidates. For hired candidates, data is retained for the duration of employment and 3 years thereafter.

Analytics Data: Aggregated and anonymised analytics data may be retained indefinitely as it cannot be used to identify individuals.

You may request deletion of your personal data at any time (subject to overriding legal obligations) by contacting our Grievance Officer at the details provided in Section 12.

Under the DPDP Act, 2023, you have the following rights with respect to your personal data ("Data Principal Rights"):

Right to Access: You have the right to obtain confirmation of whether we are processing your personal data, and to receive a summary of the data we hold about you and the purposes for which it is being processed.

Right to Correction & Erasure: You have the right to request correction of inaccurate or incomplete personal data, and to request erasure of your personal data where it is no longer necessary for the purpose it was collected.

Right to Grievance Redressal: You have the right to have grievances addressed by our Grievance Officer within a reasonable timeframe. You also have the right to escalate unresolved grievances to the Data Protection Board of India, once constituted.

Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to Nominate: You may nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity.

To exercise any of these rights, please submit a written request to our Grievance Officer at info@enzodigital.in. We will respond within 30 days of receipt, or as required by applicable law. We may need to verify your identity before fulfilling your request.

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors.

Under the DPDP Act, 2023, processing of personal data of children requires verifiable parental or guardian consent. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will promptly delete that data.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@enzodigital.in and we will take immediate action.

Enzo Digital primarily stores and processes data within India. However, certain third-party service providers (such as Google, Meta, and cloud infrastructure providers) may process data in jurisdictions outside India.

Where personal data is transferred outside India, we ensure that appropriate safeguards are in place in accordance with the DPDP Act, 2023 and the IT Act, 2000, and that the recipient country or entity provides a level of data protection that is substantially equivalent to Indian standards.

Transfers to countries notified by the Central Government of India as permissible destinations will be conducted in accordance with the rules framed under the DPDP Act. We will update this section as applicable regulations are notified.

Enzo Digital implements appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, disclosure, or destruction. These measures include:

Access Controls: Strict role-based access controls ensure that personal data is accessible only to employees and contractors who require it to perform their duties.

Encryption: Data transmitted between your browser and our website is protected using TLS (Transport Layer Security) encryption. Sensitive data is encrypted at rest where applicable.

Vendor Assessment: Third-party service providers are assessed for their data security practices before being engaged, and are contractually bound to maintain appropriate security standards.

While we take commercially reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that is likely to result in harm to you, we will notify you and the relevant authorities in accordance with the DPDP Act, 2023.

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, Enzo Digital has designated a Grievance Officer to address concerns or complaints regarding the processing of personal data.

Grievance Officer: Saksham Mehra, Founder & CEO

Email: info@enzodigital.in

Phone: +91 94626 28442

Address: Udaipur, Rajasthan — 313001, India

All grievances will be acknowledged within 48 business hours and resolved within 30 days of receipt. If you are unsatisfied with our response, you may escalate the matter to the Data Protection Board of India, once it is constituted under the DPDP Act, 2023.

Enzo Digital reserves the right to update this Privacy Policy at any time to reflect changes in our practices, applicable law, or regulatory guidance. We will indicate the effective date of the latest revision at the top of this page.

For material changes that affect how we process your personal data, we will notify you by email (if you have provided one) or by displaying a prominent notice on our website at least 14 days before the change takes effect.

Continued use of our website or services after the effective date of any revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.