Privacy Policy - 360BC

Effective Date: 06/05/2025

360BC ("we," "our," "us," or "Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you visit our website [360bc.co.in], use our services, or interact with us.

This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000 (IT Act), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and other applicable Indian laws.

1. Information We Collect

1.1 Personal Data

We collect the following categories of personal data:

Contact Information:

  • Full name

  • Email address

  • Phone number

  • Business address

  • Company name and designation

Technical Information:

  • IP address

  • Browser type and version

  • Operating system

  • Device information

  • Cookies and tracking data

  • Website usage analytics

Business Information:

  • Industry sector

  • Business requirements

  • Project specifications

  • Marketing preferences

  • Communication history

Sensitive Personal Data:

  • Financial information (for billing purposes only)

  • Any other information classified as sensitive under SPDI Rules

1.2 Methods of Collection

We collect personal data through:

  • Website contact forms

  • Email communications

  • Phone calls and meetings

  • Social media interactions

  • Business cards and networking events

  • Cookies and tracking technologies

  • Third-party service providers

2. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on:

Consent: For marketing communications, newsletters, and non-essential services Contract Performance: For providing requested services and fulfilling contractual obligations Legitimate Interest: For business operations, fraud prevention, and service improvement Legal Obligation: For compliance with applicable laws and regulations

3. Purpose of Data Processing

We use your personal data for the following purposes:

3.1 Service Delivery

  • Providing brand strategy, marketing, and creative services

  • Project management and client communication

  • Invoice generation and payment processing

  • Customer support and technical assistance

3.2 Business Operations

  • Maintaining client relationships

  • Improving our services and website functionality

  • Conducting market research and analysis

  • Internal record keeping and administration

3.3 Marketing and Communication

  • Sending service updates and project communications

  • Marketing our services (with your consent)

  • Conducting promotional activities and campaigns

  • Sharing industry insights and thought leadership content

3.4 Legal Compliance

  • Complying with legal obligations under Indian laws

  • Responding to legal requests and court orders

  • Preventing fraud and unauthorized access

  • Maintaining data security and privacy

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your data with trusted third-party service providers who assist us in:

  • Cloud hosting and data storage

  • Email marketing and communication platforms

  • Analytics and website optimization tools

  • Payment processing and financial services

  • Professional services (legal, accounting, consulting)

4.2 Legal Disclosures

We may disclose your personal data when required by:

  • Indian courts or legal authorities

  • Law enforcement agencies

  • Regulatory bodies and government authorities

  • Legal proceedings or investigations

4.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity with appropriate safeguards.

4.4 Data Sharing Restrictions

We do not sell, rent, or lease your personal data to third parties for their marketing purposes without your explicit consent.

5. Data Security Measures

5.1 Technical Safeguards

  • SSL encryption for data transmission

  • Secure cloud storage with encryption at rest

  • Regular security audits and vulnerability assessments

  • Access controls and authentication mechanisms

  • Firewall protection and intrusion detection systems

5.2 Administrative Safeguards

  • Data access on need-to-know basis

  • Employee training on data protection

  • Confidentiality agreements with staff and vendors

  • Regular review of data handling practices

  • Incident response and breach notification procedures

5.3 Physical Safeguards

  • Secure office premises with restricted access

  • Locked storage for physical documents

  • Secure disposal of confidential information

  • CCTV monitoring and security systems

6. Data Retention

6.1 Retention Periods

  • Client Data: 7 years after contract termination (as per Indian Companies Act)

  • Marketing Data: Until consent is withdrawn or 3 years, whichever is earlier

  • Website Analytics: 2 years from collection

  • Financial Records: 7 years (as per Indian taxation laws)

  • Legal Documents: As required by applicable laws

6.2 Data Deletion

We will securely delete or anonymize your personal data when:

  • Retention period expires

  • You withdraw consent (where applicable)

  • Data is no longer necessary for the original purpose

  • You exercise your right to erasure

7. Your Rights Under Indian Law

7.1 Rights Under DPDP Act, 2023

  • Right to Access: Request information about your personal data we hold

  • Right to Correction: Request correction of inaccurate or incomplete data

  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)

  • Right to Data Portability: Request transfer of your data in a structured format

  • Right to Grievance Redressal: Lodge complaints about data processing

7.2 Rights Under IT Act and SPDI Rules

  • Right to Review: Access and review your personal data

  • Right to Correction: Correct, amend, or update your information

  • Right to Withdrawal: Withdraw consent for data processing (where applicable)

7.3 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: praveen@360bc.co.in

  • Phone: +91 9719854321

  • Address: 360 Brand Club, 1st floor, 21, 46th St, Sarvamangala Colony, Manthope Colony, Ashok Nagar, Chennai, Tamil Nadu 600083

We will respond to your requests within 30 days as required by law.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality

  • Analytics Cookies: For understanding website usage and performance

  • Marketing Cookies: For personalized advertising and marketing

  • Functional Cookies: For enhanced user experience

8.2 Cookie Management

You can manage cookies through your browser settings. However, disabling certain cookies may affect website functionality.

8.3 Third-Party Cookies

We use third-party services like Google Analytics, which may place cookies on your device. Please refer to their respective privacy policies.

9. International Data Transfers

9.1 Cross-Border Transfers

When we transfer your data outside India, we ensure:

  • Adequate level of data protection in the destination country

  • Appropriate safeguards through contractual clauses

  • Your explicit consent for the transfer (where required)

  • Compliance with DPDP Act provisions on cross-border data transfer

9.2 Data Localization

We store Indian users' data primarily within India, in compliance with data localization requirements under Indian law.

10. Children's Privacy

We do not knowingly collect personal data from children under 18 years of age. If we discover that we have collected such data, we will delete it immediately and notify parents/guardians as required by law.

11. Grievance Redressal

11.1 Grievance Officer

For any privacy-related concerns or complaints, contact our Grievance Officer:

Name: Praveen
Designation: Grievance Officer
Email: hello@360bc.co.in
Phone: +91 9719854321
Address: 360 Brand Club, 1st floor, 21, 46th St, Sarvamangala Colony, Manthope Colony, Ashok Nagar, Chennai, Tamil Nadu 600083

11.2 Complaint Process

  • Submit your complaint in writing with detailed description

  • We will acknowledge receipt within 24 hours

  • Investigation and resolution within 30 days

  • Appeal process available if unsatisfied with resolution

11.3 Data Protection Board

If unsatisfied with our response, you may approach the Data Protection Board of India as established under the DPDP Act, 2023.

12. Updates to Privacy Policy

12.1 Policy Changes

We may update this Privacy Policy periodically to reflect:

  • Changes in Indian data protection laws

  • Updates to our business practices

  • New features or services

  • Feedback from users and regulatory authorities

12.2 Notification of Changes

We will notify you of material changes through:

  • Email notification to registered users

  • Prominent notice on our website

  • Social media announcements

  • Direct communication for significant changes

13. Contact Information

13.1 Data Controller

360BC is the data controller for personal data collected through our services.

Registered Address:No.95 Pathiyalpettai Tiruvallur, Tamilnadu 602001
Contact Email: hello@360bc.co.in
Phone: +91 9719854321
Website: 360bc.co.in

13.2 Data Protection Officer

Name: Joseph Arun C
Email: joseph@360bc.co.in
Phone: 9952355568

14. Legal Compliance

14.1 Applicable Laws

This Privacy Policy is governed by:

  • Digital Personal Data Protection Act, 2023

  • Information Technology Act, 2000

  • Information Technology (Reasonable Security Practices) Rules, 2011

  • Indian Contract Act, 1872

  • Other applicable Indian laws and regulations

14.2 Jurisdiction

Any disputes arising from this Privacy Policy shall be subject to the jurisdiction of courts in Chennai, Tamil Nadu, India.

15. Definitions

Personal Data: Any information relating to an identified or identifiable natural person Data Principal: The individual to whom personal data relates Data Fiduciary: 360BC, as the entity determining the purpose and means of processingProcessing: Any operation performed on personal data Consent: Freely given, specific, informed, and unambiguous indication of agreement

Acknowledgment: By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Last Updated: 27/06/25 Version: 1.0

This Privacy Policy is effective as of the date mentioned above and supersedes all previous versions. For any questions or clarifications, please contact us at praveen@360bc.co.in

Additional Privacy Policy Points for 360BC

1. Company Identity and Brand Information (New Section)

1.1 Corporate Structure

  • TSBC MEDIA CORPORATION PRIVATE LIMITED is the registered company operating under the brand name "360 Brand Club" (360BC)

  • Both "360 Brand Club" and "360BC" are registered trademarks of TSBC MEDIA CORPORATION PRIVATE LIMITED

  • All references to "360BC," "we," "our," or "Company" in this policy refer to TSBC MEDIA CORPORATION PRIVATE LIMITED

2. Enhanced Data Categories (Addition to Section 1.1)

1.1.4 Creative and Intellectual Property Data:

  • Brand assets, logos, and creative materials shared by clients

  • Design preferences and style guidelines

  • Campaign concepts and marketing strategies

  • Creative briefs and project specifications

1.1.5 Communication Data:

  • Voice recordings from client calls (with consent)

  • Video conference recordings for project documentation

  • Chat logs from messaging platforms

  • Social media interactions and engagement data

3. AI and Automated Processing (New Section)

3.1 Artificial Intelligence and Machine Learning

  • We may use AI tools and machine learning algorithms to enhance our services

  • Automated processing may be used for content creation, data analysis, and service optimization

  • You have the right to object to automated decision-making that significantly affects you

  • Human review is available for all automated decisions upon request

4. Social Media and Third-Party Platform Integration (New Section)

4.1 Social Media Data Collection

  • We may collect publicly available information from your social media profiles

  • Data collected includes engagement metrics, audience demographics, and content performance

  • Integration with platforms like Facebook, Instagram, LinkedIn, and Google for advertising and analytics

4.2 Third-Party Platform Compliance

  • We comply with privacy policies of integrated platforms (Meta, Google, LinkedIn, etc.)

  • Data sharing with these platforms is governed by their respective terms of service

  • You can control data sharing through platform-specific privacy settings

5. Enhanced Consent Management (Addition to Section 2)

2.1 Granular Consent Options

  • Marketing communications consent (can be withdrawn anytime)

  • Analytics and performance tracking consent

  • Third-party platform integration consent

  • AI processing and automated decision-making consent

2.2 Consent Withdrawal Process

  • Easy opt-out mechanisms through email unsubscribe links

  • Account settings dashboard for consent management

  • Direct contact options for immediate consent withdrawal

  • Confirmation of consent withdrawal within 48 hours

6. Data Breach Notification (New Section)

6.1 Breach Response Procedure

  • Immediate containment and assessment of any data breach

  • Notification to Data Protection Board within 72 hours of discovery

  • User notification within 72 hours if high risk to rights and freedoms

  • Detailed incident reports available upon request

6.2 Breach Documentation

  • Comprehensive logs of all security incidents

  • Regular security audits by certified third-party assessors

  • Continuous monitoring and threat detection systems

7. Vendor and Subprocessor Management (Addition to Section 4.1)

4.1.1 Third-Party Vendor List We maintain relationships with the following categories of service providers:

  • Cloud hosting providers (AWS, Google Cloud, Microsoft Azure)

  • Email marketing platforms (Mailchimp, SendGrid)

  • Analytics providers (Google Analytics, Hotjar)

  • CRM and project management tools

  • Payment processors and financial service providers

4.1.2 Data Processing Agreements

  • All vendors sign comprehensive Data Processing Agreements (DPAs)

  • Regular vendor compliance audits and assessments

  • Immediate termination clauses for non-compliance

  • Vendor liability and indemnification provisions

8. Cross-Border Data Transfer Details (Enhancement to Section 9)

9.3 Specific Transfer Mechanisms

  • Standard Contractual Clauses (SCCs) for EU data transfers

  • Adequacy decisions recognition for approved countries

  • Binding Corporate Rules (BCRs) where applicable

  • Regular review of transfer mechanisms for compliance

9. Data Minimization and Purpose Limitation (New Section)

9.1 Data Minimization Principles

  • Collection limited to data necessary for stated purposes

  • Regular data audits to identify and delete unnecessary information

  • Anonymization and pseudonymization where possible

  • Purpose limitation ensuring data use only for stated objectives

10. Rights Exercise Process (Enhancement to Section 7)

7.4 Detailed Rights Exercise Procedure

  • Online portal for submitting rights requests

  • Identity verification process for rights requests

  • Timeline commitments: acknowledgment within 24 hours, resolution within 30 days

  • Appeal process for denied requests

  • Free exercise of rights (fees only for excessive or repetitive requests)

11. Training and Awareness (New Section)

11.1 Staff Training Programs

  • Regular privacy and data protection training for all employees

  • Specialized training for staff handling sensitive personal data

  • Annual compliance certifications and assessments

  • Incident response training and simulation exercises

12. Privacy by Design (New Section)

12.1 Technical and Organizational Measures

  • Privacy considerations in all system design and development

  • Default privacy settings for new features and services

  • Regular privacy impact assessments for new projects

  • Built-in data protection controls and safeguards

13. Special Categories of Data (New Section)

13.1 Sensitive Personal Data Processing

  • Explicit consent required for processing sensitive personal data

  • Enhanced security measures for sensitive data categories

  • Limited access and specialized handling procedures

  • Regular deletion schedules for sensitive information

14. Compliance Monitoring (New Section)

14.1 Regular Compliance Reviews

  • Quarterly internal privacy compliance audits

  • Annual third-party privacy assessments

  • Continuous monitoring of regulatory changes

  • Documentation of all compliance activities and improvement.

Data Controller: TSBC MEDIA CORPORATION PRIVATE LIMITED Operating as: 360 Brand Club (360BC) Registered Address: [Complete registered address of TSBC MEDIA CORPORATION PRIVATE LIMITED] Business Address: 360 Brand Club, 1st floor, 21, 46th St, Sarvamangala Colony, Manthope Colony, Ashok Nagar, Chennai, Tamil Nadu 600083

Section 15 - Add Definitions

  • Data Controller: TSBC MEDIA CORPORATION PRIVATE LIMITED, determining purposes and means of personal data processing

  • Brand Names: 360 Brand Club and 360BC, both registered trademarks of TSBC MEDIA CORPORATION PRIVATE LIMITED

  • Automated Processing: Processing carried out by automated means, including AI and machine learning systems

Connect

Transforming brands with creativity and innovation daily.

Looking for EXCITING content

hello@360bc.co.in

+91 9719854321

© 2025 360 BC. All rights reserved.

Registered Office Address:

TSBC Media Corporation Private Limited

No 95, Pathiyal Pet,

Thiruvallur - 602001.

GST Number: 33AALCT8716E1Z8

PAN: AALCT8716E