Privacy Policy

Effective date: August 12, 2025

Aligned with GDPR • CCPA/CPRA • DPDP Act
On this page
  1. Scope & Controller
  2. 1) Information We Collect
  3. 2) Purposes & Legal Bases
  4. 3) Cookies & Tracking
  5. 4) How We Share Data
  6. 5) International Transfers
  7. 6) Data Retention
  8. 7) Security
  9. 8) Your Rights
  10. 9) Third‑Party Links
  11. 10) Marketing Comms
  12. 11) Processor Role
  13. 12) Changes
  14. 13) Contact
  15. Region‑Specific Disclosures
Jump to Quick Summary

  • We collect business contact and usage data to run and improve our site and Services.
  • We use ads and analytics; you can manage cookies and opt out of sale/sharing.
  • We keep data only as long as needed and secure it with industry‑standard measures.
  • You have rights to access, delete, correct, and object/opt out.
  • Contact Satish@pivotdigitalmedia.com for any requests.

Pivot Digital Media Solutions Pvt. Ltd. ("Pivot Digital Media", "we", "our", or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use:

  • our website pivotdigitalmedia.com and subdomains;
  • our social pages, ads, and landing pages; and
  • the services we provide to clients and prospective clients (together, the "Services").

This Policy aligns with major privacy frameworks (EU/UK GDPR, California CCPA/CPRA, CalOPPA, and India’s DPDP Act). Local terms may apply where required.

Controller & Contact

Pivot Digital Media Solutions Pvt. Ltd.
Registered address: C-109, Station Plaza, Bhandup Station, Lal Bahadur Shastri Rd, Bhandup West, Mumbai, Maharashtra 400078

Email: Satish@pivotdigitalmedia.com

Data Protection/Grievance Officer:
Name: Satish Prajapati
Email: Satish@pivotdigitalmedia.com
Phone: 8779523595

Role note: We generally act as an independent controller for our own marketing/website operations and may act as a processor for certain client-directed activities under a DPA.

  • Identifiers & contact data — name, company, job title, email, phone, address, country.
  • Commercial & business information — inquiries, project scope, proposals, invoices, contract data, records of Services.
  • Online identifiers & usage data — IP address, device/browser, pages visited, referring/exit pages, timestamps, UTM, user agent, interactions with forms/chat/widgets (via cookies, pixels, SDKs).
  • Marketing preferences — newsletter opt-ins, consent signals, communication preferences.
  • User communications — messages via website forms, WhatsApp, email, calendars, or chat tools.
  • Social & advertising data — engagement with ads on Google, Meta, LinkedIn, X, etc.; audience/conversion data.
  • Payment & billing data (B2B) — billing contacts, GST/Tax IDs, confirmations, transaction metadata (no full card numbers stored).
  • Sensitive data — not intentionally collected; if required, we obtain explicit consent or rely on another legal basis and add safeguards.
  • Children’s data — Services not directed to under 18; not knowingly collected.
  • Sources — directly from you, automatically via site/emails, and from third parties (ad/analytics partners, lead-gen, public sources like LinkedIn, clients/suppliers where lawful).

  1. Providing and operating the Services — respond to inquiries, scope projects, onboarding, deliver work, support, account admin. Legal bases: Contract performance; legitimate interests.
  2. Marketing & business development — updates, case studies, newsletters, events; ads, lookalike/retargeting where permitted. Legal bases: Consent (where required); legitimate interests.
  3. Analytics & improvement — performance measurement, A/B testing, debugging, website/Services improvement. Legal bases: Consent for non‑essential cookies; legitimate interests.
  4. Security & fraud prevention — protect website, accounts, and users; prevent spam/abuse. Legal bases: Legitimate interests; legal obligation.
  5. Compliance & legal claims — records, lawful requests, enforce agreements, tax/audit. Legal bases: Legal obligation; legal claims; legitimate interests.

You may withdraw consent at any time where we rely on consent.

We use cookies and similar technologies (pixels, tags, SDKs) to operate our site, remember preferences, analyze traffic, and measure/serve ads. Non‑essential cookies are set with your consent where required (e.g., EEA/UK). Manage preferences via our cookie banner/consent manager, your browser, and platform tools (Google, Meta, LinkedIn, etc.).

Do Not Track / Global Privacy Control (GPC): We do not respond to browser DNT signals, but for California consumers we treat a valid GPC signal as an opt‑out of “sale”/“sharing” for that browser.

  • Service providers/processors — hosting, CRM, email/SMS, analytics, ad networks, payment processors, security, professional advisors (bound by contracts/DPAs).
  • Advertising/analytics partners — campaign measurement/optimization (e.g., Google Analytics/Ads, Meta, LinkedIn). No direct contact details shared unless you submit them or we have a lawful basis.
  • Business transfers — merger, acquisition, financing, or asset sale (recipient must honor this Policy).
  • Legal & compliance — to comply with laws, lawful requests, protect rights/users/public.
  • With your direction or consent.

We do not sell Personal Data for money. Under CCPA/CPRA, certain sharing for cross‑context behavioral advertising may be deemed a “sale” or “share.” You can opt‑out (see Section 8).

We are headquartered in India and may transfer Personal Data to other countries. Where required, we implement safeguards such as Standard Contractual Clauses (SCCs) for EEA/UK residents and contractual/technical measures (encryption at rest/in transit, access controls). You can request a copy of safeguards by contacting us.

  • Lead/marketing records: up to 24 months after last interaction or until consent is withdrawn.
  • Contract/accounting & project files: 7 years after engagement end (or longer if required by law).
  • Security logs: typically 12 months unless needed for incident investigation.

We keep data only as long as necessary for the purposes described or as required by law, then delete or de‑identify it.

We implement administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., least‑privilege access, MFA for admin accounts, encryption in transit, vendor due diligence). No method of transmission or storage is 100% secure.

Rights to access, rectify, erase, restrict processing, object (including to direct marketing), and data portability. Where processing is based on consent, you may withdraw consent at any time. You also have the right to lodge a complaint with your local DPA.

Rights to know/access, correct, delete, and to opt‑out of “sale” or “sharing” of Personal Information (including cross‑context behavioral advertising). You may also limit use/disclosure of sensitive Personal Information and are protected against discrimination for exercising your rights. We honor GPC signals where feasible. Use unsubscribe links for email and cookie banner/platform settings for ads.

Rights to access, correct, erase, and nominate a contact to exercise rights in case of death or incapacity. You may contact our Grievance Officer for redress. We will make reasonable efforts to resolve grievances within statutory timelines.

You may have similar rights depending on your location. To exercise rights, email Satish@pivotdigitalmedia.com with the subject “Privacy Request” and specify your request. We will verify identity (and agent authority, if applicable) and respond within required timeframes (generally 30–45 days).

Our website and communications may include links to third‑party sites, plug‑ins, and platforms (e.g., Google, Meta, LinkedIn, YouTube, WhatsApp). We do not control these third parties. Their privacy practices are governed by their own policies.

If you subscribe or provide contact details, we may send emails or messages about Services and events. You can unsubscribe or opt‑out at any time using the link in emails or by contacting us. For SMS/WhatsApp, reply STOP or use channel‑specific opt‑outs.

For certain client engagements (e.g., ad operations, analytics deployments, CRM integrations), we may process end‑user data on behalf of a client. In those cases, the client’s privacy notice governs and our processing is subject to a DPA. We will:

  • process data only on documented instructions;
  • implement security;
  • assist with data subject requests and incident notifications as required;
  • ensure sub‑processors are bound by equivalent protections; and
  • delete/return data upon termination, subject to legal retention obligations.

We may update this Policy to reflect changes in law or practices. We will post the updated version with a new Effective date, and provide additional notice if changes are material.

Questions or requests about this Policy?

California (CCPA/CPRA) — Notice at Collection

We collect the categories listed in Section 1 for the purposes in Section 2 and retain Personal Information as described in Section 6. We do not sell Personal Information for money; we may "share" identifiers and internet activity for cross‑context behavioral advertising. Opt‑out via our Do Not Sell or Share controls or by emailing Satish@pivotdigitalmedia.com. We do not use or disclose sensitive Personal Information for purposes other than CPRA‑permitted uses.

EEA/UK Representative

If we appoint an EU/UK representative, we will publish their contact details here.

This page summarizes our current practices. Where local law imposes additional requirements, those apply to residents of that jurisdiction.