Privacy Policy

§ 01

Introduction & Scope

Customer360.biz is a web-based Marketing Technology (MarTech) platform delivered as Software-as-a-Service (SaaS). It is owned, operated, and managed by CDP360 Technologies Private Limited ("CDP360 Technologies", "C360", "we", "us", or "our"), incorporated under the Companies Act of India and headquartered at 29, 1st Main Road, Gandhi Nagar, Adyar, Chennai – 600020, Tamil Nadu, India.

This Privacy Policy ("Policy") articulates CDP360 Technologies' commitment to protecting personal information and sets out our obligations and your rights regarding the collection, use, storage, disclosure, and protection of personal data processed in connection with the Customer360.biz platform and all related applications and services (collectively, the "Service").

1.1Scope. This Policy applies to: (a) visitors to the customer360.biz website who interact with our website enquiry forms or other data collection mechanisms; (b) Customers — organisations that subscribe to and use the Service; (c) Users — individuals authorised by Customers to access the Service; and (d) End Users — individuals whose data is processed through the Service by our Customers.
1.2Acceptance. By using the Service or submitting personal information to CDP360 Technologies in any manner, you acknowledge that you have read and understood this Policy and consent to the collection and use of your information as described herein. If you do not agree to this Policy, you must not use the Service.
1.3Relationship to Terms of Service. This Policy is incorporated into and forms part of the Customer360.biz Terms of Service. In the event of conflict between this Policy and the Terms of Service on matters of data protection, this Policy shall prevail.
1.4B2B Nature of the Service. Customer360.biz is a business-to-business (B2B) platform. CDP360 Technologies does not directly interact with or market to End Users. CDP360 Technologies processes End User data solely on the instructions of the Customer (Client organisation) and in its capacity as a data processor.

§ 02

Definitions

Customer

A company or organisation that has entered into a subscription or service agreement with CDP360 Technologies to access and use the Service ("Client").

Customer Data

All analytics, behavioural, operational, and profile data relating to a Customer's website or application collected and processed through the Service, including End User Data.

End User

Any individual who visits or uses the Customer's website, application, or digital property in relation to which the Service is configured.

End User Data

The subset of Customer Data that relates to End Users and may include personal data depending on the Customer's configuration.

Personal Data

Any information that identifies or can reasonably be used to identify a natural person, directly or indirectly, including but not limited to name, email address, device identifier, IP address, and behavioural data.

Data Controller

The entity that determines the purposes and means of processing personal data. For website enquiry data and platform-level operational data, CDP360 Technologies acts as data controller. For Customer Data and End User Data, the Customer is the data controller.

Data Processor

An entity that processes personal data on behalf of and on the instructions of a data controller. CDP360 Technologies acts as data processor for Customer Data and End User Data.

Processing

Any operation performed on personal data including collection, recording, organisation, storage, adaptation, use, disclosure, transmission, erasure, or destruction.

Data Processing Agreement (DPA)

The agreement between CDP360 Technologies and each Customer governing the processing of personal data on the Customer's behalf, forming part of the overall Service agreement.

DPDP Act

The Digital Personal Data Protection Act, 2023 (India) and all regulations, rules, and guidelines issued thereunder.

GDPR

The European General Data Protection Regulation (Regulation (EU) 2016/679) and any implementing legislation in EU member states.

Sensitive Data

Categories of personal data that warrant heightened protection, including health data, biometric data, financial data, government identifiers, and children's data, as further described in Section 4.4.

§ 03

Data Controller vs Data Processor — Our Role

Understanding CDP360 Technologies' role in relation to different categories of data is essential for understanding how your rights apply and how we protect your information.

Data Category	CDP360 Tech Role	Customer Role	Governing Framework
Website enquiry form data, contact requests, demo bookings submitted directly to CDP360 Technologies	Data Controller — determines purpose and means of processing	N/A	This Privacy Policy · DPDP Act 2023 · GDPR (where applicable)
Platform account data (Customer Account, User Accounts, billing data)	Data Controller — collects and manages for platform administration	N/A	This Privacy Policy · Terms of Service
Customer Data and End User Data processed through the Service	Data Processor — processes solely on Customer's instructions	Data Controller — determines purpose, obtains consents, manages rights	Data Processing Agreement (DPA) · Customer's own Privacy Policy

Where CDP360 Technologies acts as a Data Processor for Customer Data and End User Data, the Customer is solely responsible for: (a) ensuring lawful collection; (b) providing all required privacy notices to End Users; (c) obtaining all necessary consents; and (d) directing CDP360 Technologies on how to process, modify, or delete that data. CDP360 Technologies processes such data exclusively on the Customer's documented instructions.

§ 04

Data We Collect

4.1 Data Collected Directly by CDP360 Technologies (as Controller)

When you visit customer360.biz or interact with CDP360 Technologies directly, we may collect the following categories of personal data:

Data Category	Examples	Purpose
Contact & Identity Data	Name, job title, company name, work email address, phone number	Responding to enquiries, delivering demo bookings, account registration
Account Data	Login credentials (hashed), subscription details, billing contact information	Platform access, billing, account management
Communication Data	Emails, support tickets, chat transcripts, feedback submitted to CDP360 Technologies	Customer support, service improvement
Usage & Technical Data	Log data, IP address, browser type and version, device type, pages visited, session duration, referring URL	Platform security, analytics, service improvement
Marketing Preferences	Communication preferences, opt-in/opt-out records	Sending relevant service communications with your consent

4.2 Data Processed on Behalf of Customers (as Processor)

When deployed by a Customer, the Service may collect and process the following categories of End User Data on the Customer's behalf and on the Customer's instructions:

4.2.1Behavioural Data: Page views, session duration, click paths, content interactions, onsite searches, and other engagement signals collected via tracking pixels, tags, or server-side collection methods.
4.2.2Device & Technical Data: Browser type, operating system, device identifiers, screen resolution, and cookie identifiers.
4.2.3Location Data: Approximate geographic location derived from IP address (city level only). CDP360 Technologies does not collect precise real-time GPS location data.
4.2.4First-Party Profile Data (1PD): Recommended products, offer data, engagement scores, and Customer-defined profile attributes provided to or generated by the Service.
4.2.5Communication Identifiers: Email addresses and phone numbers provided by the Customer or End User to the Customer, transmitted to the Service for the purpose of enabling marketing communications as instructed by the Customer.

4.3 Data We Do Not Collect

CDP360 Technologies does not collect, knowingly process, or request the transmission of the following categories of data through the Service: (a) payment card numbers, CVV codes, or full financial account credentials; (b) government-issued identification numbers (Aadhaar, PAN, SSN, passport); (c) health, medical, or biometric data; (d) real-time GPS location data capable of identifying an individual's precise location; (e) passwords or authentication credentials; or (f) personal data of children under 18 years of age (India) or under 13 years of age (US) as further described in Section 12. Transmission of such data to the Service is strictly prohibited under the Terms of Service.

§ 05

Legal Basis for Processing

5.1 CDP360 Technologies as Data Controller

When processing personal data in our capacity as data controller, we rely on the following lawful bases:

Lawful Basis	When We Rely on It	Example
Consent	Where you have freely, specifically, and unambiguously indicated agreement to the processing of your personal data for a particular purpose	Marketing emails; newsletter subscriptions; optional analytics cookies
Contract	Processing necessary to perform our obligations under a contract to which you are a party, or to take steps at your request prior to entering into a contract	Processing account data to provide the Service; billing; responding to demo requests
Legal Obligation	Processing necessary for compliance with a legal obligation to which CDP360 Technologies is subject	Retaining transaction records for tax purposes; responding to lawful government requests
Legitimate Interests	Processing necessary for legitimate interests pursued by CDP360 Technologies, provided those interests are not overridden by your fundamental rights and freedoms	Platform security monitoring; fraud prevention; service improvement analytics; B2B outreach to prospective enterprise clients

5.2 CDP360 Technologies as Data Processor

When processing Customer Data and End User Data on behalf of Customers, the legal basis for processing is exclusively determined by the Customer as data controller. CDP360 Technologies does not independently establish or verify the legal basis for Customer-directed processing. Each Customer is solely responsible for: ensuring that a valid legal basis exists for all End User Data transmitted to the Service; providing required notices to End Users; and managing all data subject rights in relation to End User Data.

5.3 Withdrawal of Consent

Where CDP360 Technologies processes your personal data on the basis of consent, you may withdraw that consent at any time by contacting us at privacy@customer360.biz. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal, nor does it affect processing conducted on other lawful bases.

§ 06

How We Use Data

6.1 As Data Controller — Our Direct Purposes

6.1.1Providing, maintaining, and improving the Service and the customer360.biz website.
6.1.2Processing and managing Customer Account registrations, subscriptions, and billing.
6.1.3Responding to enquiries, support requests, demo bookings, and other communications.
6.1.4Sending service-related communications, including billing notices, platform updates, and security alerts.
6.1.5Sending marketing communications about Customer360.biz products and services, subject to your consent and applicable opt-out rights.
6.1.6Monitoring platform activity for security, fraud detection, and enforcement of our Terms of Service.
6.1.7Complying with applicable legal obligations, including responding to lawful requests from regulatory authorities and courts.
6.1.8Analysing aggregated, anonymised usage patterns to improve platform performance, features, and user experience.

6.2 As Data Processor — Customer-Directed Purposes

CDP360 Technologies uses Customer Data and End User Data exclusively in accordance with the instructions of the relevant Customer. Typical Customer-directed processing purposes include:

6.2.1Building unified first-party customer profiles for the Customer's marketing, sales, and personalisation activities.
6.2.2Delivering personalised product recommendations, marketing messages, and content to End Users across specified channels.
6.2.3Generating analytics, attribution reports, and behavioural insights for the Customer's internal business use.
6.2.4Powering journey automation, email, SMS, WhatsApp, and other communication workflows as configured by the Customer.
6.2.5Enabling consent management, audience segmentation, and suppression logic as directed by the Customer.

CDP360 Technologies will never use Customer Data or End User Data for its own commercial advantage, to train proprietary AI or ML models not directly related to the Service, or to target End Users with advertising on behalf of any party other than the relevant Customer.

§ 07

Data Retention & Storage

7.1Customer Data Retention Period. CDP360 Technologies retains Customer Data and End User Data for the duration of the Customer's Subscription and for a period of up to 5 years thereafter, or as otherwise agreed in the Customer's written contract with CDP360 Technologies. Retention beyond 5 years requires explicit written agreement.
7.2Post-Termination Deletion. Upon termination of a Customer's Subscription, all Customer Data will be permanently and irrecoverably deleted within 30 days of the effective termination date, except for residual data in encrypted backup archives and system logs, which will be deleted within 60 days. Customers requesting data export must do so before the expiry of the 30-day period. CDP360 Technologies accepts no liability for the loss of data that was not exported prior to deletion.
7.3Account Enquiry & Marketing Data. Personal data collected through website enquiry forms and marketing activities is retained for as long as necessary to fulfil the purpose for which it was collected, and for a maximum period of 3 years from the date of last meaningful contact, unless a longer period is required by law or you consent to a longer period.
7.4Legal Hold. Notwithstanding the above, CDP360 Technologies may retain personal data for longer periods where required to comply with a legal obligation, to establish or defend legal claims, or where ordered to do so by a court or competent regulatory authority.
7.5Storage Location. Customer Data is stored in CDP360 Technologies-managed Amazon Web Services (AWS) infrastructure. Storage regions include one or more of the following: India, Singapore, and the United States, depending on the Customer's selected configuration and regional data residency requirements. CDP360 Technologies will inform Customers of the primary storage region applicable to their Instance upon request.
7.6Data Localisation. Where a Customer requires data to be stored exclusively within a specific jurisdiction (e.g., within India in compliance with the DPDP Act 2023 sectoral requirements), this must be agreed in writing in the Customer's subscription contract. Additional fees may apply for dedicated regional storage configurations.

§ 08

Security Measures

CDP360 Technologies holds an independently audited ISO/IEC 27001:2022 certification — the globally recognised gold standard for Information Security Management Systems (ISMS). Our security posture encompasses people, processes, and technology, not merely software controls.

8.1Technical Controls: Encryption of data in transit using TLS 1.2 or higher; encryption of data at rest using AES-256 or equivalent; role-based access controls; multi-factor authentication for administrative access; network segmentation; and regular penetration testing and vulnerability assessments.
8.2Organisational Controls: Annual employee training on data privacy and information security; documented security incident response procedures; supplier and third-party security assessments; and a formal information security governance framework.
8.3Regular Audits: Regular internal and external security audits and assessments, including ISO 27001 surveillance audits conducted by an accredited certification body.
8.4Data Breach Notification. In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, CDP360 Technologies will: (a) notify affected Customers without undue delay and in any event within 72 hours of becoming aware of the breach; (b) provide details of the nature of the breach, the categories and approximate number of records affected, and the measures taken or proposed; and (c) cooperate with affected Customers in their own regulatory notification obligations.
8.5No Absolute Security. Notwithstanding the foregoing, CDP360 Technologies cannot guarantee that data transmitted over the internet or stored in any system is completely secure. No security system is impenetrable and CDP360 Technologies's security obligations are of best efforts and reasonable measures, not of result. CDP360 Technologies shall not be liable for breaches caused by Force Majeure events, cyberattacks beyond its reasonable control, or the actions or omissions of the Customer or its Users.

§ 09

Third-Party Transfers & Sharing

9.1 Infrastructure Providers

Customer Data passes through the infrastructure of Amazon Web Services, Inc. ("AWS") as CDP360 Technologies's primary cloud hosting provider. AWS processes data solely as a sub-processor on CDP360 Technologies's instructions and subject to appropriate data processing agreements.

9.2 Customer-Authorised Third-Party Sharing

CDP360 Technologies may share Customer Data with third-party vendors or platforms specifically authorised in writing by the relevant Customer (for example, CRM systems, email service providers, or advertising platforms that the Customer instructs CDP360 Technologies to connect to). Such sharing occurs exclusively on the Customer's instructions and the Customer bears full responsibility for ensuring such sharing is lawful.

9.3 CDP360 Technologies Sub-Processors

CDP360 Technologies may engage sub-processors to assist in delivering the Service (for example, cloud infrastructure, technical support tools, or security monitoring services). All sub-processors are subject to written data processing agreements with obligations no less protective than those in CDP360 Technologies's DPA with the Customer. CDP360 Technologies remains fully liable for the acts and omissions of its sub-processors to the extent they relate to the processing of Customer Data.

9.4 Permitted Disclosures Without Customer Consent

CDP360 Technologies will not share Customer Data or personal data with any external party except in the following limited circumstances:

9.4.1To comply with applicable laws, regulations, legal processes, or legally binding governmental or regulatory orders or requests.
9.4.2To investigate, prevent, or address fraud, security incidents, or technical issues affecting the Service.
9.4.3To protect the rights, property, safety, or integrity of CDP360 Technologies, its Customers, Users, or the public, to the extent required or permitted by law.
9.4.4In connection with a merger, acquisition, restructuring, or sale of all or substantially all of CDP360 Technologies's assets, provided that the acquiring entity assumes equivalent data protection obligations.

CDP360 Technologies does not and will never sell, rent, trade, or otherwise monetise personal data or Customer Data to third-party advertisers, data brokers, or other commercial entities for any purpose.

9.5 Third-Party Sites

The customer360.biz website may contain links to third-party websites, applications, or services. CDP360 Technologies does not control, review, endorse, or accept responsibility for the privacy practices or content of such third-party sites. Your access to and use of third-party sites is governed exclusively by those parties' own terms and privacy policies. CDP360 Technologies is not responsible for and expressly disclaims any liability arising from your use of, or reliance on, any third-party site or service.

§ 10

International Data Transfers

10.1Cross-Border Processing. Customer Data may be transferred to and processed in countries other than the country in which it was originally collected, including India, Singapore, and the United States. These countries may have data protection laws that differ from those of your own country.
10.2Safeguards for International Transfers. Where personal data is transferred internationally, CDP360 Technologies implements appropriate safeguards including: (a) Standard Contractual Clauses (SCCs) approved by the European Commission, where the transfer involves data from the European Economic Area (EEA); (b) equivalent contractual protections where required by the laws of other jurisdictions; and (c) ensuring that recipient entities maintain equivalent data protection standards to those required under this Policy.
10.3India DPDP Act Compliance. CDP360 Technologies complies with the requirements of the Digital Personal Data Protection Act 2023 (India) with respect to cross-border data transfers involving data of Indian residents. Cross-border transfers of Indian residents' personal data occur only to countries notified or permitted under the DPDP Act and applicable Rules.
10.4Data Residency Options. Customers requiring data to be stored and processed exclusively within India or another specific jurisdiction may request dedicated regional configurations. Such requirements must be specified in writing in the Customer's subscription contract and may be subject to additional fees.
10.5No Guarantee of Equivalent Protection. While CDP360 Technologies takes reasonable measures to ensure adequate protection for international transfers, it cannot guarantee that the laws of recipient countries will provide the same level of protection as the laws of your home country. By using the Service, you acknowledge and accept this inherent limitation of cross-border data processing.

§ 11

Data Subject Rights

Depending on your location and the applicable legal framework, you may have the following rights with respect to your personal data. The availability and scope of these rights may vary by jurisdiction.

👁️

RIGHT TO ACCESS

You have the right to request a copy of the personal data CDP360 Technologies holds about you in its capacity as data controller, and information about how it is processed.

Does not extend to Customer Data or End User Data where CDP360 Technologies acts as data processor — direct such requests to the relevant Customer.

✏️

RIGHT TO RECTIFICATION

You have the right to request correction of inaccurate or incomplete personal data that CDP360 Technologies holds about you as data controller.

For corrections to End User Data processed on a Customer's behalf, contact the relevant Customer directly.

🗑️

RIGHT TO ERASURE

You may request deletion of your personal data where there is no compelling lawful basis for continued processing, where consent is withdrawn, or where processing is unlawful.

Subject to CDP360 Technologies's legal retention obligations. Does not apply to Customer Data processed on Customer's instructions.

⏸️

RIGHT TO RESTRICT PROCESSING

You may request that CDP360 Technologies restrict processing of your personal data in certain circumstances, such as where the accuracy is contested or the processing is unlawful.

Applies to data where CDP360 Technologies acts as controller only.

📦

RIGHT TO DATA PORTABILITY

Where processing is based on consent or contract and carried out by automated means, you may request a machine-readable copy of your personal data for transfer to another controller.

Applies to data you directly provided to CDP360 Technologies in its controller capacity.

🚫

RIGHT TO OBJECT

You have the right to object to processing of your personal data on the basis of legitimate interests, including profiling, and to processing for direct marketing purposes.

Objection to direct marketing is absolute. Objection on other grounds will be assessed against CDP360 Technologies's legitimate interests.

11.1 How to Exercise Your Rights

To exercise any of the rights above with respect to personal data processed by CDP360 Technologies as data controller, submit a written request to privacy@customer360.biz. CDP360 Technologies will respond within 30 days (or such shorter period as required by applicable law) and may request reasonable verification of your identity before processing the request.

11.2 End User Rights — Customer Redirection

Where CDP360 Technologies processes End User Data as a data processor on behalf of a Customer, End Users must direct all data subject rights requests to the relevant Customer directly. CDP360 Technologies will cooperate with Customers in fulfilling such requests within agreed timelines. CDP360 Technologies is not independently obligated to respond to End User data subject requests and shall not do so without the Customer's prior authorisation, except where required by law.

11.3 Right to Lodge a Complaint

If you are dissatisfied with how CDP360 Technologies has handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction, including:

India: Data Protection Board of India (once established under DPDP Act 2023)
European Union / EEA: The data protection supervisory authority in your EU member state of residence
United Kingdom: The Information Commissioner's Office (ICO)
Other jurisdictions: The applicable data protection or privacy regulator in your country

§ 12

Children's Privacy

12.1Service Not Directed at Children. The Customer360.biz Service is a business-to-business platform and is not directed to, designed for, or intended for use by children. For the purposes of this Policy, "children" means individuals under the age of 18 years in India (as defined under the DPDP Act 2023) or under the age of 13 years in the United States and other applicable jurisdictions.
12.2No Knowing Collection. CDP360 Technologies does not knowingly collect, solicit, or process personal data from children. If CDP360 Technologies discovers that it has inadvertently collected personal data from a child without the required parental or guardian consent, it will take immediate steps to delete such data.
12.3Customer Obligation. Customers are strictly prohibited from using the Service to collect or process personal data of children without obtaining all legally required verifiable parental or guardian consents. Where a Customer configures the Service in a manner that could result in the collection of children's data, that Customer is solely responsible for ensuring all applicable legal requirements are met, including under the DPDP Act 2023, COPPA, and any other applicable law.
12.4Notification. If you believe CDP360 Technologies has collected personal data from a child, please notify us immediately at privacy@customer360.biz and we will act promptly to investigate and, where appropriate, delete the relevant data.

§ 13

Cookies & Tracking Technologies

CDP360 Technologies uses cookies and similar tracking technologies on the customer360.biz website and, on behalf of Customers, in the Service deployed on Customer websites and applications.

Cookie Type	Purpose	Duration	Consent Required?
Strictly Necessary	Essential for the website and Service to function (login sessions, security tokens, load balancing)	Session / Short-term	No — essential for operation
Functional	Remembering user preferences, language settings, and account configurations	Up to 12 months	No — legitimate interest
Analytics	Understanding how visitors use the customer360.biz website to improve content and navigation	Up to 24 months	Yes — consent required
Marketing	Tracking effectiveness of CDP360 Technologies marketing campaigns (on the CDP360 Technologies website only)	Up to 24 months	Yes — consent required
Customer-Deployed	Cookies deployed on Customer websites via the Service for analytics, personalisation, and marketing — subject to the Customer's own cookie policy and consent management	As configured by Customer	Customer's responsibility

13.1You may manage or withdraw your consent to non-essential cookies on the customer360.biz website at any time through your browser settings or our cookie preference centre. Note that disabling certain cookies may impact your ability to use certain features of the website.
13.2CDP360 Technologies does not control the cookies deployed by Customers on their own websites through the Service. End Users wishing to opt out of Customer-deployed tracking should consult the relevant Customer's privacy policy and cookie consent mechanism.
13.3The Service includes built-in consent management capabilities that enable Customers to collect, store, and honour End User cookie and tracking preferences in compliance with GDPR, DPDP Act 2023, CCPA, and other applicable frameworks.

§ 14

Limitation of Liability in Data Matters

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CDP360 TECHNOLOGIES SHALL NOT BE LIABLE FOR ANY LOSS, DAMAGE, PENALTY, FINE, REGULATORY ACTION, OR OTHER CONSEQUENCE ARISING FROM: (A) THE UNLAWFUL OR UNAUTHORISED COLLECTION, PROCESSING, OR TRANSMISSION OF PERSONAL DATA BY A CUSTOMER OR ITS USERS THROUGH THE SERVICE; (B) A CUSTOMER'S FAILURE TO OBTAIN REQUIRED CONSENTS FROM END USERS OR TO COMPLY WITH APPLICABLE DATA PROTECTION LAWS IN ITS CAPACITY AS DATA CONTROLLER; (C) THE TRANSMISSION OF SENSITIVE INFORMATION THROUGH THE SERVICE IN BREACH OF THE TERMS OF SERVICE; (D) SECURITY INCIDENTS OR DATA BREACHES CAUSED BY THE ACTIONS OR OMISSIONS OF THE CUSTOMER, ITS USERS, OR THIRD PARTIES; OR (E) FORCE MAJEURE EVENTS AS DEFINED IN THE TERMS OF SERVICE.

14.1Processor Not Responsible for Controller Decisions. CDP360 Technologies processes Customer Data and End User Data exclusively on the instructions of the Customer. CDP360 Technologies is not responsible for, and expressly disclaims all liability arising from, the Customer's decisions regarding what data to collect, how to use it, what notices to provide to End Users, or how to configure the Service. All such decisions are the sole responsibility of the Customer as data controller.
14.2Regulatory Fines. Any regulatory fines, penalties, or enforcement actions imposed on a Customer arising from the Customer's failure to comply with applicable data protection laws in connection with the Service are solely the Customer's responsibility. CDP360 Technologies shall not bear any portion of such fines or penalties except where directly caused by CDP360 Technologies's own breach of its processor obligations.
14.3Aggregate Cap. To the maximum extent permitted by applicable law, CDP360 Technologies's total aggregate liability in relation to data processing matters under this Policy and the DPA shall not exceed the amount specified in the limitation of liability provisions of the Customer360.biz Terms of Service.
14.4No Absolute Security Guarantee. While CDP360 Technologies implements robust security measures, no system is completely secure. CDP360 Technologies does not warrant that the Service will be free from all security vulnerabilities and shall not be liable for any loss or damage resulting from security incidents beyond its reasonable control.

§ 15

Grievance Officer — India (DPDP Act 2023)

In compliance with the Digital Personal Data Protection Act 2023 (India) and the Information Technology Act 2000, CDP360 Technologies has designated a Grievance Officer to address data privacy complaints and requests from individuals in India.

Grievance Officer, CDP360 Technologies Private Limited
Address: 29, 1st Main Road, Gandhi Nagar, Adyar, Chennai – 600020, Tamil Nadu, India
Email: privacy@customer360.biz
Response Time: Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.

15.1Any individual domiciled in India who believes their personal data has been collected, processed, or used in contravention of applicable Indian law or this Policy may submit a written grievance to the Grievance Officer at the address or email provided above.
15.2CDP360 Technologies will investigate all grievances received in good faith and respond with the outcome of the investigation and any remedial action taken within 30 days of receipt.
15.3Where a grievance cannot be resolved to your satisfaction, you may escalate your complaint to the Data Protection Board of India once that authority becomes operational under the DPDP Act 2023 and its subordinate rules.

§ 16

Policy Updates

16.1Right to Update. CDP360 Technologies reserves the right to modify this Privacy Policy at any time to reflect changes in law, regulatory guidance, our business practices, or the Service. The current version of this Policy will always be accessible at customer360.biz/privacy.
16.2Notification of Material Changes. Where CDP360 Technologies makes material changes to this Policy that affect how personal data is collected or used, we will provide advance notice by email to the registered account contact (for Customers) or by prominent notice on the customer360.biz website (for all other visitors), with at least 30 days' notice before the changes take effect, where practicable.
16.3Continued Use as Acceptance. Your continued use of the Service following the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not accept the changes, you must discontinue use of the Service and, if applicable, cancel your Subscription in accordance with the Terms of Service.
16.4Version History. The effective date of the current version of this Policy appears at the top of this document. Previous versions of this Policy are available on request by emailing privacy@customer360.biz.

§ 17

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data by CDP360 Technologies, please contact us using the details below:

PRIVACY & DATA PROTECTION

For data subject rights requests, privacy concerns, data breach reports, and DPDP Act / GDPR related enquiries.

privacy@customer360.biz

GENERAL ENQUIRIES

For general questions about this Policy or our data practices, and for previous policy version requests.

growth@customer360.biz

REGISTERED OFFICE

CDP360 Technologies Private Limited
29, 1st Main Road, Gandhi Nagar, Adyar
Chennai – 600020, Tamil Nadu, India

LEGAL & FORMAL NOTICES

For formal legal correspondence, regulatory notices, court orders, and law enforcement requests relating to data.

privacy@customer360.biz
Or by post to the Registered Office above

This Privacy Policy is effective as of 01 January 2026 and supersedes all prior versions. The current version will always be available at customer360.biz/privacy.

YOUR DATA IS YOURS

ISO 27001:2022 CERTIFIED

MULTI-REGULATION COMPLIANT