โ๏ธ Compliance with Indian Data Protection Framework
This Privacy Policy is designed to meet the requirements of the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Indian Contract Act. ZapDial acts as a Data Fiduciary with respect to business contact information and communication logs processed for enterprise clients.
๐ Personal Data We Collect (Consent-based)
Under the DPDP Act, we process only such personal data that is necessary for lawful business purposes. Categories include:
- Business Identifiers: Organization name, GST (optional), contact person name, office address, email, phone number.
- User Credentials & Role: Employee login ID (encrypted), role-based privileges, activity logs โ processed with user consent.
- Call & CRM Activity: Call records, campaign performance, lead interaction data, agent performance metrics (pseudonymized where possible).
- Device & Network Info: IP address, browser type, session tokens โ used strictly for security and fraud detection.
We never collect sensitive personal data (financial passwords, health, biometrics) unless explicitly authorized under separate agreement.
๐ฏ Lawful Use of Data (DPDP Act, 2023)
Processing is based on (i) consent of data principal, or (ii) legitimate business functions permitted under Schedule 1 of DPDP Act. We use data exclusively for:
- Delivering and improving the ZapDial CRM & telecalling platform.
- Compliance with legal obligations (court orders, statutory requests).
- Security monitoring, audit trails, and dispute resolution.
- Business analytics and performance enhancement (no automated decisions with legal effects without transparency).
๐ NO DATA SALE
We do not sell, rent, or trade personal data to third parties for any consideration. Data is used only for internal CRM operations alongside authorized clients.
๐ฑ Platform Permissions (As per IT Rules)
To enable calling, data synchronization, and session management, ZapDial may request:
๐ Internet & Network
Real-time sync of contact lists, dialer records, dashboard updates.
๐ Phone & Dialer
Initiate calls via native dialer (with explicit user approval). No call recording without separate consent.
๐พ Local Storage
Maintain secure session and preferences โ no sensitive data stored persistently on device.
Permissions can be withdrawn anytime; however, certain features may be limited. We follow the "notice-and-consent" framework under Rule 4 of the SPDI Rules.
๐ Data Sharing & Cross-Border Transfer (DPDP Sec 16-17)
ZapDial may engage trusted subprocessors (cloud infrastructure, analytics, support) that adhere to equivalent data protection standards. Where data is transferred outside India:
- Such transfer is permitted under Section 16(1)(b) of DPDP Act with explicit consent or contractual necessity.
- We execute standard contractual clauses (SCCs) and maintain a register of subprocessors.
- No government access except under due legal process (warrant or court order).
All subprocessors are bound by confidentiality and data breach notification obligations.
๐ก๏ธ Security & Data Retention (Reasonable Security Practices)
We comply with Section 43A of IT Act & DPDP Act through:
- Encryption (AES-256 at rest, TLS 1.3 in transit).
- Regular vulnerability scans, access logging, RBAC.
- Data retention: call logs, CRM records stored for 24 months or as per client contract, after which secure deletion/anonymization.
- Breach notification to Data Protection Board and affected data principals within 72 hours as required.
๐ Data Retention Principle: Personal data is retained no longer than necessary to fulfil the stated purpose, unless required by Indian law (e.g., tax, litigation). Client administrators can request earlier deletion.
๐ Your Rights as a Data Principal (India)
Under the Digital Personal Data Protection Act, 2023, you (or your organization's designated representative) have the right to:
- Right to Access: Obtain confirmation and summary of personal data processed.
- Right to Correction & Erasure: Rectify inaccurate data or request deletion (subject to legal retention).
- Right to Withdraw Consent: Withdraw previously given consent at any time (with form of withdrawal).
- Right to Grievance Redressal: Lodge complaint with our Grievance Officer or Data Protection Board of India.
- Right to Nominate: Nominate another individual to exercise rights in case of death or incapacity.
To exercise these rights, please contact our Grievance Officer / Data Protection Officer at dpo@zapdial.in. We respond within 15 business days as required under Rule 3 of the SPDI Rules.
๐จโโ๏ธ Grievance Officer & Consent Manager
In compliance with the DPDP Act and Rule 3(11) of the Information Technology (Intermediary Guidelines) Rules, 2021, we appoint a Grievance Officer for privacy matters:
You may also reach out to our designated Consent Manager (as per DPDP Act, Sec 10) to manage, review, or withdraw consent: consentmanager@zapdial.in.
๐ช Cookies & Tracking
ZapDial uses session cookies and minimal analytics only for platform functionality and security. No third-party marketing trackers are deployed. You can manage cookie preferences via browser settings; essential cookies cannot be disabled as they ensure authentication and stability.
๐ข Changes to this Privacy Policy
We may update this policy to reflect changes in law, particularly amendments to the DPDP Act or new rules by MeitY. Material changes will be notified via email to account administrators and through in-app notification at least 30 days prior to effective date. The "effective date" at the top indicates the latest revision.
By continuing to use ZapDial after such changes, you acknowledge the revised policy.
๐ฌ Contact & Legal Disputes
For any questions, data breach reporting, or to file a complaint with the Data Protection Board of India, contact:
Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in Mumbai, India, and governed by Indian law including the DPDP Act, 2023.