GDPR Compliance Framework & Privacy Policy
Artigor India Pvt. Ltd. | Last Updated: June 15, 2026
This document establishes the comprehensive Data Protection and GDPR Compliance Framework for ARTIGOR INDIA PVT LTD. As a B2B software solutions provider, we are committed to safeguarding user information, establishing clean lawful processing baselines, and ensuring transparency regarding international data flows, cookies, and data subject rights.
1. Company Profile & Regulatory Scope
- Legal Name: ARTIGOR INDIA PVT LTD
- CIN: U62091HR2025PTC136378
- Registered Address: 143 F Block, Rajendra Park, Sector-105, Gurugram, Haryana 122001, India
- Contact Email: info@artigorindia.com
- Customer Support: 0124-4917763
- E-commerce / B2C Accounts: None
- Products & Services: On-premise/Cloud Digital Signatures, PKI Solutions, Bulk PDF Signers, ERP, HRMS, CRM
- EU Shipping / Operations: No direct shipping, B2B exposure only
GDPR Applicability Determination: Even though ARTIGOR operates primarily in India and does not engage in direct B2C EU e-commerce, the General Data Protection Regulation (GDPR) applies to our data processing activities because: (a) our digital portals are accessible globally, (b) website analytics tools process IP addresses and behavior identifiers of EU residents, and (c) we support B2B clients who may maintain EU footprints or employ EU citizens.
2. Lawful Basis for Processing (GDPR Article 6)
All personal data processing activities conducted by ARTIGOR are mapped to an established lawful basis:
| Processing Activity | Lawful Basis (GDPR Art. 6) | Justification |
|---|---|---|
| Website contact form submissions | Legitimate Interest (Art. 6(1)(f)) | Necessary to respond to business inquiries; minimal necessary details collected. |
| Google Analytics | Consent (Art. 6(1)(a)) | Non-essential analytics; requires explicit user opt-in before initialization. |
| Google Ads conversion tracking | Consent (Art. 6(1)(a)) | Marketing tracking; requires explicit consent. |
| Meta/Facebook Pixel | Consent (Art. 6(1)(a)) | Marketing tracking; requires explicit consent. |
| WhatsApp Chat support | Legitimate Interest (Art. 6(1)(f)) | Necessary for providing real-time customer and support communications. |
| Server logs (IP addresses) | Legitimate Interest (Art. 6(1)(f)) | Required for platform security, infrastructure debugging, and fraud prevention. |
Note: As no user accounts or online sales exist on our portal, we do not process data under the basis of Contractual Necessity (Art. 6(1)(b)) for website visitors.
3. Privacy Disclosures (Section A to J)
ARTIGOR INDIA PVT LTD acts as the Data Controller. You can contact our privacy desk at info@artigorindia.com or via phone at 0124-4917763.
While ARTIGOR is not legally required to designate a formal Data Protection Officer (DPO) under GDPR Article 37 (due to B2B-only non-sensitive operations), we have appointed a voluntary privacy representative. Direct inquiries can be directed to: info@artigorindia.com (Subject: Privacy Request).
We collect and process the following categories of data:
- Website Visitors: IP addresses, browser types, device specifics, page-view behavior (via Google Analytics).
- Form Enquiries: Names, business email addresses, contact numbers, organization name, and enquiry message.
- Support Chat: Phone numbers and chat transcripts (via WhatsApp Business).
- Infrastructure Logs: Security logs, server access lists, and transaction timestamps.
We share data only with trusted processors necessary to provide services:
- Infrastructure Hosting: Webyne
- Analytics: Google LLC (via Google Analytics, Google Tag Manager)
- Advertising: Google LLC (Google Ads), Meta Platforms, Inc. (Facebook Pixel)
- Payment Processors: Razorpay, PayU (for invoicing and billing)
- Communications: WhatsApp Business (Meta Platforms)
Third-party services (such as Google Analytics and Meta tools) transfer data to servers based in the United States. To safeguard these transfers, ARTIGOR utilizes vendors certified under the EU-US Data Privacy Framework (DPF) and executes standard Standard Contractual Clauses (SCCs) to secure data flows.
Data is retained only as long as necessary:
- Contact Forms: 2 years from last active correspondence (or upon deletion request).
- Google Analytics: 14 months (GA4 default).
- Server Logs: 90 days for security analysis.
- WhatsApp Support History: 1 year.
ARTIGOR does not engage in any automated profiling or decision-making processes that produce legal or significant effects on individuals.
4. Data Subject Rights (DSAR Protocol)
Under GDPR, EU residents have specific rights regarding their personal data. You may exercise these rights at any time by contacting us:
- Right of Access: Request a copy of the data we hold about you.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal details.
- Right to Restriction: Limit the processing of your data.
- Right to Object: Object to legitimate interest processing or direct marketing.
- Right to Withdraw Consent: Revoke consent for cookies or newsletters at any time.
How to submit a request:
Email your request to info@artigorindia.com with the subject line "Data Subject Rights Request". We verify the identity of the requester to safeguard security and respond within 30 days free of charge.
5. Cookie Consent & Script Blocking
Our platform uses **Cookiebot** (a Consent Management Platform) to manage compliant cookie loading.
- Consent Banner: Shows automatically on your first visit, offering options to Accept All, Reject All, or customize.
- Google Consent Mode v2: Built into the core architecture. All tracking cookies remain in a "denied" state and are blocked from loading until explicit consent is given by the user.
- Withdrawing Consent: You can click the **"Cookie Settings"** button in the footer at any time to modify or revoke your consent.
Manage Your Cookie Preferences
You can review or change your cookie consent preferences at any time by clicking the button below:
6. Data Processing Agreements & Sub-processors
To ensure compliance with GDPR Article 28, ARTIGOR executes written Data Processing Agreements (DPAs) with all vendors handling personal data, including Google (Analytics and Ads), Meta (Pixel and WhatsApp Business), and our web hosting providers.
Our public list of sub-processors can be accessed by contacting our privacy desk.
7. Data Breach Response Plan
In compliance with GDPR Articles 33 and 34, ARTIGOR maintains an active Data Breach Response Plan. In the event of a security breach that poses a risk to personal data, we will notify the competent Supervisory Authority within **72 hours** of becoming aware. If the breach poses a high risk to the rights and freedoms of individuals, we will notify the affected data subjects without undue delay.