GDPR Compliance
Last updated:
The General Data Protection Regulation (GDPR) is a European Union regulation (EU 2016/679) that governs the collection, processing, and transfer of personal data of individuals in the EU/EEA. Get Click Media Pvt. Ltd. is committed to handling all personal data in accordance with GDPR requirements.
Our Role Under GDPR
Depending on the context, Get Click Media acts as:
- Data Controller: When we collect and use your personal data to provide our services (e.g., account management, billing, support).
- Data Processor: When we process personal data on your behalf as part of our communication platform (e.g., sending messages to your customers' phone numbers).
Where we act as a Data Processor, our obligations are governed by a Data Processing Agreement (DPA) which is available on request.
Lawful Bases for Processing
We process personal data under the following lawful bases:
- Contract (Art. 6(1)(b)): Processing necessary to perform the services you have contracted with us.
- Legitimate Interests (Art. 6(1)(f)): Analytics, fraud prevention, platform security, and service improvement.
- Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies.
- Legal Obligation (Art. 6(1)(c)): Compliance with applicable Indian and international law.
Your Rights Under GDPR
If you are located in the EU/EEA, you have the following rights:
Right of Access
Obtain a copy of your personal data we process.
Right to Rectification
Correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ('right to be forgotten').
Right to Restrict Processing
Ask us to limit how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
Right to Lodge a Complaint
File a complaint with your local supervisory authority.
To exercise any of these rights, contact our Data Protection Officer at hello@getclickmedia.com. We respond within 30 days.
International Data Transfers
Get Click Media is headquartered in India. When we transfer personal data of EU/EEA residents outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) as adopted by the European Commission.
- Binding Corporate Rules where applicable.
- Adequacy decisions for countries recognised by the European Commission.
Data Processing Agreement (DPA)
As a Data Processor for our customers, we offer a Data Processing Agreement (DPA) that complies with GDPR Article 28 requirements. The DPA covers:
- Subject matter, duration, nature, and purpose of processing.
- Type of personal data and categories of data subjects.
- Obligations and rights of the controller.
- Sub-processor agreements and audit rights.
To request a DPA, email hello@getclickmedia.com with the subject “DPA Request”.
Security Measures
We implement appropriate technical and organisational measures to protect personal data, including AES-256 encryption at rest, TLS 1.3 in transit, access controls, regular security audits, and incident response procedures aligned with GDPR Article 32. In the event of a personal data breach affecting EU/EEA residents, we will notify the relevant supervisory authority within 72 hours where required.