Privacy
Policy
We believe privacy is a right, not a feature — here's how we protect yours.
This Privacy Policy describes how GDS Creatives ("we," "our," or "us") collects, uses, stores, and protects your personal information when you visit our website gdscreatives.in or engage our services. We are committed to being transparent about our data practices.
Overview & Scope
This Privacy Policy applies to all personal data collected by GDS Creatives through our website gdscreatives.in, client engagements, project communications, and any other touchpoints where we interact with individuals.
We are committed to complying with applicable data protection laws, including India's Digital Personal Data Protection (DPDP) Act, 2023 and other relevant regulations. This policy explains:
- What personal data we collect and why we collect it
- How we use, store, and protect your personal information
- With whom we may share your data and under what circumstances
- What rights you have regarding your personal data
- How you can contact us with privacy-related queries or requests
By using our website or engaging our services, you consent to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of our website and services.
Data We Collect
We collect personal data through various channels depending on how you interact with us. The categories of data we collect include:
| Category | Data Points | Source |
|---|---|---|
| Identity Data | Full name, company name, job title | You provide directly |
| Contact Data | Email address, phone number, postal address | You provide directly |
| Project Data | Brief details, creative assets, feedback, approvals | Project collaboration |
| Financial Data | Billing details, invoice records (no card data stored) | Payment processing |
| Technical Data | IP address, browser type, device info, pages visited | Automatically collected |
| Communication Data | Emails, messages, enquiry form submissions | You provide directly |
| Usage Data | How you navigate and interact with our website | Cookies & analytics |
We do not collect sensitive personal data such as health information, religious beliefs, financial account credentials, or government-issued ID numbers unless strictly required and explicitly consented to.
How We Use Your Data
We process your personal data only for specific, legitimate purposes. We will never use your data in ways that are incompatible with the purposes for which it was originally collected.
- Service Delivery: To provide, manage, and deliver creative services as outlined in project agreements
- Communication: To respond to enquiries, send project updates, share deliverables, and maintain client relationships
- Billing & Payments: To generate invoices, process payments, and maintain financial records as required by law
- Website Improvement: To analyze how visitors use our website and optimize the user experience
- Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
- Portfolio & Marketing: To showcase completed work (with prior client consent) and promote our studio's capabilities
- Security: To detect, prevent, and address fraudulent activity or technical issues
Our legal basis for processing your data varies by purpose:
- Contractual Necessity: Processing required to fulfill our service agreement with you
- Legitimate Interests: Improving our services, website analytics, and security monitoring
- Legal Obligation: Compliance with applicable laws and regulations
- Consent: Marketing communications, portfolio use, and non-essential cookies
Sharing Your Data
We do not sell, rent, or trade your personal data. We may share your information only in the following limited and controlled circumstances:
- Service Partners: Trusted freelancers or sub-contractors who assist in delivering your project, bound by confidentiality obligations
- Technology Providers: Cloud storage, project management, and communication tools we use to operate our business (e.g., Google Workspace, Notion)
- Payment Processors: Third-party payment gateways to securely process transactions — we do not store card data
- Analytics Providers: Website analytics services (e.g., Google Analytics) to understand visitor behavior in aggregated, anonymized form
- Legal Requirements: Regulatory authorities, courts, or law enforcement when required by applicable law or to protect our rights
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
All third-party partners we work with are carefully vetted and are required to handle your data in accordance with applicable privacy laws and our data protection standards.
Cookies & Tracking
Our website uses cookies and similar tracking technologies to enhance your experience and gather analytical insights. Cookies are small text files stored on your device when you visit our website.
| Type | Purpose | Duration |
|---|---|---|
| Required for the website to function properly — cannot be disabled | Session / 1 year | |
| Help us understand how visitors interact with our site (Google Analytics) | Up to 2 years | |
| Remember your preferences and settings for a better experience | Up to 1 year | |
| Used to deliver relevant ads and track campaign performance | Up to 90 days |
You can control and manage cookies through your browser settings. Disabling certain cookies may impact the functionality of our website. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.
- Client Project Data: Retained for 3 years after project completion for reference and potential follow-up work
- Financial & Billing Records: Retained for 7 years as required by Indian tax and financial regulations
- Email Communications: Retained for 2 years after the end of our business relationship
- Website Analytics: Aggregated data retained indefinitely; raw session data retained for up to 26 months
- Contact Form Enquiries: Retained for 1 year from date of receipt if no project engagement follows
- Marketing Consent Records: Retained until you withdraw consent, plus an additional 1 year for compliance documentation
Once data is no longer needed, we securely delete or anonymize it so it can no longer be associated with you as an individual.
Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure.
- Encryption in Transit: All data transmitted between your browser and our website is protected using SSL/TLS encryption (HTTPS)
- Access Controls: Personal data is accessible only to authorized team members on a strict need-to-know basis
- Secure Storage: Project files and client data are stored on password-protected, access-controlled cloud platforms
- Regular Reviews: Our data handling practices and security measures are reviewed periodically and updated as needed
- Third-Party Security: We only work with service providers that maintain appropriate security standards
- Incident Response: In the unlikely event of a data breach affecting your rights, we will notify you within 72 hours of becoming aware
While we take every reasonable precaution, no method of data transmission or storage is 100% secure. We encourage you to use strong, unique passwords and exercise caution when sharing sensitive information online.
Your Privacy Rights
Under applicable data protection laws, you have a number of important rights regarding your personal data. We respect these rights and will respond to any requests promptly — typically within 30 days.
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Object
Object to processing of your data for certain purposes
Right to Restriction
Request we limit how we use your personal data
Right to Portability
Receive your data in a structured, machine-readable format
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing
Right to Complain
Lodge a complaint with the relevant data protection authority
To exercise any of these rights, please contact us at info@gdscreatives.in. We may need to verify your identity before processing your request.
Children's Privacy
GDS Creatives' services are not directed to individuals under the age of 18. We do not knowingly collect, solicit, or process personal data from children.
- Our website and services are intended for use by adults and business professionals only
- We do not knowingly collect personal information from anyone under 18 years of age
- If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete that information
- If you believe we may have collected information from a minor, please contact us immediately at info@gdscreatives.in
As per India's DPDP Act 2023, we treat any person under 18 as a child. Parental or guardian consent is required for processing data of minors, though we strongly advise that children do not use our services.
International Data Transfers
GDS Creatives is based in India and primarily processes data within India. However, some of the third-party service providers we use may be located in other countries, which means your data may be transferred internationally.
- We take steps to ensure that any international transfers of personal data are done in compliance with applicable data protection laws
- Where data is transferred outside India, we rely on appropriate safeguards such as standard contractual clauses or the recipient country's adequacy decisions
- Our primary cloud services (Google Workspace) may store data on servers located outside India, in accordance with their own privacy and security standards
- We will not transfer your data to countries that do not provide an adequate level of data protection without implementing appropriate safeguards
You may contact us to obtain more information about the specific safeguards we use for international data transfers, or to request a copy of relevant data transfer agreements.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other operational factors. We are committed to keeping you informed of any significant changes.
- Material changes to this policy will be communicated via email to existing clients and/or a prominent notice on our website
- We will provide at least 14 days' notice before any significant changes take effect
- The "Last Updated" date at the top of this page will always reflect the most recent revision
- We encourage you to review this page periodically to stay informed of how we protect your data
- Your continued use of our services after changes take effect constitutes your acknowledgment of the updated policy
Previous versions of this Privacy Policy are available upon request. Contact us if you wish to review an earlier version of this document.
Contact & Data Requests
If you have any questions about this Privacy Policy, wish to exercise your data rights, or would like to report a privacy concern, please do not hesitate to contact us. We are committed to addressing your concerns promptly and transparently.
- Studio: GDS Creatives
- Website: gdscreatives.in
- Privacy Email: info@gdscreatives.in
- Response Time: Within 1–2 business days for general queries; up to 30 days for formal data rights requests
- Applicable Law: India's Digital Personal Data Protection (DPDP) Act, 2023
If you are not satisfied with our response to a privacy concern, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.