Legal
GDPR Compliance
Our commitments under the EU General Data Protection Regulation — and how to exercise your rights.
Last updated: July 7, 2026
1. Our Commitment
Decyb Technology LLP is committed to protecting the personal data of everyone who interacts with us — website visitors, leads, clients, and their end users. Although we are based in India, we serve clients in the EU and apply GDPR principles to all personal data we process.
2. Principles We Follow
- Lawfulness, fairness & transparency — we tell you what we collect and why.
- Purpose limitation — data is used only for the purpose it was collected for.
- Data minimization — we collect the minimum needed (e.g., IPs are stored only as hashes).
- Accuracy — you can request corrections at any time.
- Storage limitation — data is deleted or anonymized when no longer needed.
- Integrity & confidentiality — TLS encryption, hashed credentials, and access controls.
- Accountability — we document our processing activities and processor relationships.
3. What We Process and Why
- Contact & lead data (name, email, phone, message) — to respond to enquiries and deliver services. Legal basis: contract / pre-contractual steps.
- Order & billing data — to fulfil purchases and meet tax obligations. Legal basis: contract and legal obligation.
- Analytics & marketing data (GA4, GTM, Meta Pixel) — only after you consent via the cookie banner. Legal basis: consent.
- First-party usage events (page path, referrer, hashed IP) — to understand site performance without profiling. Legal basis: legitimate interest.
4. Your Rights Under GDPR
If you are in the EU/EEA (and as good practice for everyone), you can exercise these rights free of charge:
- Right of access — get a copy of the personal data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — have your data deleted where no legal retention applies.
- Right to restriction — limit how we process your data.
- Right to data portability — receive your data in a machine-readable format.
- Right to object — object to processing based on legitimate interest or direct marketing.
- Right to withdraw consent — at any time, without affecting prior processing.
- Right to complain — lodge a complaint with your local data protection authority.
5. How to Exercise Your Rights
Send your request via our contact page or email [email protected] with the subject "Data Request". Include enough information for us to verify your identity. We respond to all verified requests within 30 days.
6. Data Processors We Use
We share data only with processors needed to run our business:
- Razorpay — payment processing (PCI-DSS compliant)
- Google — analytics and tag management (consent-based)
- Meta — advertising measurement (consent-based)
- Hosting providers — infrastructure for this website and its database
Where processors transfer data outside the EEA, transfers rely on adequacy decisions or Standard Contractual Clauses.
7. Data Breach Procedure
In the unlikely event of a personal data breach, we will assess the risk, contain the incident, and — where required — notify affected individuals and the relevant supervisory authority within 72 hours of becoming aware, as required by Article 33 GDPR.
8. Working With Us as a Client
If your project involves processing personal data of your users, we act as a data processor on your behalf. We will sign a data processing agreement (DPA) on request, follow your documented instructions, and build systems with privacy by design and by default.