GDPR Compliance | IndyLead by IndiaExcite

Statement of Compliance for IndyLead

At IndiaExcite, we respect the privacy of global citizens and strictly adhere to the General Data Protection Regulation (GDPR) standards for our European users and clients interacting with European data subjects.

1. Roles: Controller vs. Processor

Under GDPR definitions:

The User (You/Your Business): Acts as the Data Controller. You decide which leads to fetch from IndiaMART and what messages to send them via WhatsApp.
IndyLead (IndiaExcite): Acts as the Data Processor. We process the lead data strictly on your instructions to automate the messaging workflow.

2. Lawful Basis for Processing

We process your personal account data based on the necessity to perform a contract (providing the IndyLead software). You, as the Data Controller, must ensure you have a lawful basis (e.g., Legitimate Interest or Consent) to process the personal data of the IndiaMART leads you contact.

3. Data Subject Rights

We assist you in fulfilling data subject requests. If a lead requests to be removed from your database (Right to Erasure/Right to be Forgotten), IndyLead provides the necessary dashboard tools to delete their records and communication logs from our servers permanently.

4. Cross-Border Data Transfers

IndyLead hosts data on secure servers. If data is transferred outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs), ensuring compliance with international data transfer laws.

5. Breach Notification

In the highly unlikely event of a data breach compromising your Lead Data or API keys, IndyLead will notify you (the Data Controller) without undue delay, and no later than 72 hours after becoming aware of the breach, assisting you in your GDPR reporting obligations.