Pebblejar Privacy Policy

Introduction

Your privacy is important to us. This Privacy Policy explains what personal data Pebblejar (“we”, “us”, or “our”) collects in the course of providing digital marketing services and through our website (https://pebblejar.in), how we use and protect that data, and the rights you have regarding your personal information. We are committed to handling personal data in compliance with applicable privacy laws, including the Information Technology Act and data protection rules in India, and where applicable, the General Data Protection Regulation (GDPR) for individuals in the European Union.

By using our website or services, or by providing us with your personal information, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our site or services. We may update this Policy from time to time (see Changes to This Policy below), and we encourage you to review it periodically.

Information We Collect

We may collect various types of personal data from clients, website visitors, and others with whom we interact. The information we collect can include:

  • Contact Information: Your name, business name, title/position, email address, phone number, postal address, or other contact details. We collect this when you fill out forms on our site (such as a contact or inquiry form), when you communicate with us (e.g. via email or business card), or when you sign up for our newsletter or marketing communications.
  • Business Information: If you are a client, we may collect information about your company and project needs. This can include your industry, target audience, marketing objectives, website URL, social media handles, and any content or assets you provide to us for campaigns.
  • Payment Information: When you engage our services, we will collect billing details such as billing name and address. For payments, we rely on third-party payment processors (like Stripe) to handle your credit card or banking information securely; we do not store your full financial account details on our systems. (Stripe or our payment processor may collect your payment card number, expiration, etc. directly for processing your transaction – see Third-Party Service Providers below.)
  • Website Usage Data: When you visit our website, we automatically collect certain data through cookies and similar tracking technologies (see Cookies & Tracking Technologies below). This usage data may include your IP address, browser type, device information, pages viewed on our site, the time and date of your visit, referring URL, and other technical information. We use analytics tools (such as Google Analytics) to gather this information about how users interact with our site. This helps us improve our website and services.
  • Communications: If you contact us via email, chat, contact form, or phone, we may keep records of that correspondence. This could include inquiries about our services, support requests, project discussions, and any other information you choose to provide during those communications. These records may be retained for operational and quality assurance purposes.
  • Marketing Preferences: We may collect information about your preferences to receive marketing or updates from us. For example, if you subscribe to a newsletter, we record that subscription and your communication preferences. You can opt out of marketing emails at any time (see Your Rights & Choices below).
  • Third-Party Data: We might receive information about you from third-party sources. For example, if you engage with us via a third-party marketplace or referral partner, or if we run a campaign on a social platform and you interact with it, those third parties might send us some of your data (subject to their privacy policies and the consents you’ve given). Also, if we perform advertising on your behalf, we may receive aggregated audience data or metrics from those ad platforms which may indirectly include personal data (like demographics or interests of people interacting with ads).

We limit our collection to information that is relevant for the purposes described in this Policy. You have the choice not to provide certain personal data, but please note that this may limit our ability to provide services to you (for instance, if you choose not to provide contact information, we cannot respond to your inquiry; if you do not provide necessary project information, we may not be able to execute a marketing campaign effectively).

How We Use Your Information

Pebblejar uses the collected information for the following purposes:

  • Providing and Improving Services: We use personal data to carry out our digital marketing services for you. This includes using contact and business information to communicate with you and understand your needs, using any content or data you provide to develop marketing campaigns, and managing project deliverables. We may analyze website analytics and campaign performance data (which might include personal data of end-users in aggregated form) to optimize your marketing results. Internally, we also use collected data to improve our own services and website – for example, analyzing site usage data helps us enhance user experience and adjust our content to better serve visitor interests.
  • Communication: We use your contact information to communicate with you about our services. This includes responding to inquiries you send us, discussing project progress, sending administrative emails (such as billing invoices, notices about changes to terms or policies), and providing customer support. If you are a subscriber or client, we may also send you newsletters or marketing communications about new services, offers, or events, but only in accordance with your preferences and applicable law (we will obtain consent if required). Each marketing email will include an option to unsubscribe or manage your preferences.
  • Billing and Transactions: We use payment and contact information to process financial transactions for our services. For example, if you purchase a service package, we (through our payment processor) will use your provided payment details to charge you. We also use your information to send receipts, process refunds if applicable, and maintain proper financial records. Note that payment card processing is done by a third-party (e.g., Stripe) – we receive confirmation of payment and limited info necessary for record-keeping, but not your full card number or CVV.
  • Analytics and Personalization: We use website usage data and cookies to analyze how users interact with our site and marketing materials. This helps us understand what content is most useful to visitors, diagnose technical issues, prevent fraud, and improve the performance and security of our website. We might also use data (like pages visited or forms filled) to personalize your experience – for instance, by showing you content or services that align with your apparent interests, or remembering your preferences on our site.
  • Advertising and Retargeting: As a digital marketing agency, we may occasionally use data for our own advertising purposes. For example, we might use cookies or pixels from advertising networks (Google, Facebook, etc.) on our site to retarget visitors with ads about our services on other platforms. These tools may use non-identifying information about your visit to show you relevant ads. Any such usage will be done in compliance with applicable law, and you can opt out of many ad retargeting practices (see Cookies & Tracking Technologies).
  • Legal Compliance and Protection: We may process personal data as required to comply with applicable laws and regulations, or to respond to lawful requests or legal process (for example, responding to a court order or regulator inquiry). We also process data to enforce our agreements and protect the rights and safety of our business, our clients, or others. This includes using data to prevent fraud, abuse, or security incidents. For instance, if necessary, we may use IP addresses or other identifiers to detect and block malicious activity on our website. We will also use and disclose information as needed to collect debts owed, resolve disputes, or defend ourselves in legal proceedings.

We will only use your personal information for the purposes it was collected (or closely related purposes), unless we obtain your consent for other uses or as otherwise required or permitted by law. If we ever need to process your personal data for a new purpose not described here, we will update this Policy or seek your consent as required. We do not sell your personal data to third parties for their own marketing or commercial uses.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons or pixel tags) to enhance user experience and analyze usage. Cookies are small text files placed on your device that help us recognize you on subsequent visits and enable certain features. Here is how we use them:

  • Essential Cookies: These are necessary for our site to function properly, such as remembering your session or privacy preferences. Without these, certain features (like form submissions or login areas, if any) may not work. Because they are essential, they are always active and do not require consent.
  • Analytics Cookies: We use Google Analytics and similar tools to collect information about how visitors use our site. These cookies gather data on pages visited, time spent, traffic sources, and user demographics (if available) in an anonymous form. The information collected helps us understand user behavior and improve our website’s content and structure. Google Analytics may set its own cookies; however, IP anonymization can be enabled and we do not attempt to identify individuals via analytics. You can opt-out of Google Analytics by installing Google’s opt-out browser add-on or via cookie consent tools if provided on our site.
  • Advertising & Retargeting Cookies: We may use advertising pixels or cookies (e.g., Facebook Pixel, Google Ads cookies) to measure the effectiveness of our ads and to provide relevant advertising to you on other platforms. These cookies track that you visited our site and allow us to show you promotional content on other websites or social media later. For example, if you visited our site, you might later see an ad for Pebblejar on Facebook – this is made possible by a cookie or pixel. These technologies do not provide us with personal details like your name, but they might be able to link your device or browsing activity to an advertising identifier. You can often opt out of such targeted ads through your ad preferences on the respective platforms or via industry opt-out sites (like the Digital Advertising Alliance’s opt-out page).

Cookie Consent: When you first visit our website, you may see a cookie notice or banner. Where required by law, we will ask for your consent to use non-essential cookies (like analytics or advertising cookies). You can choose to accept or decline. Even after consenting, you can clear cookies from your browser at any time or adjust your browser settings to refuse new cookies. Note that blocking all cookies might affect site functionality.

Disclosure of Your Information (Third-Party Sharing)

We do not disclose or share your personal information with third parties except in the following circumstances:

  • Service Providers: We share information with trusted third-party service providers who perform functions on our behalf and under our instructions. These include:
    • Payment Processors: For example, if we use Stripe to process payments, relevant personal data (like your name, email, and payment information) will be shared with Stripe to complete the transaction. Stripe is a PCI-DSS compliant payment provider that uses your data only for payment processing.
    • Hosting and IT Providers: Our website and data may be hosted on third-party servers or cloud services. These providers (such as web hosting companies or cloud storage platforms) store or process data on our behalf in order to keep our website and services running.
    • Email and Communication Tools: We may use third-party email service providers or customer relationship management (CRM) tools to manage contacts and send communications. For example, if you subscribe to our newsletter, your email address might be stored and processed by an email marketing platform (like MailChimp, SendGrid, etc.) to send you emails.
    • Analytics and Advertising Partners: As mentioned, we use Google Analytics, and possibly other analytics or ad partners, which involve sending certain data (like cookies and usage data) to those third parties. They process that data to provide us with insights or ad services. These partners are typically not allowed to use your data for any purpose other than providing services to us, and we generally provide only aggregated or pseudonymized data where feasible.
    • Subcontractors and Consultants: We may engage freelancers or consultants to assist with delivering services (for instance, a graphic designer working on a campaign). Such parties will have access to only the information necessary for their tasks and are bound by confidentiality obligations. If they need any personal data, we ensure they handle it under our direction and consistent with this Policy.
    We contractually require all service providers to protect your personal information, keep it confidential, and use it only for the purposes of performing services for us, in line with this Policy.
  • Within Pebblejar and Affiliates: If Pebblejar operates through multiple corporate entities or affiliates (e.g., if we have a subsidiary or partner company involved in service delivery), we may share information within our corporate family as needed to run our business (for example, accounting may receive client contact info for invoicing). All such entities follow the same privacy and security practices.
  • Legal Compliance: We may disclose personal data when required to do so by law or in response to valid requests by public authorities (for example, in response to a subpoena, court order, or government demand). We will only share the data that is necessary and will, if lawful, inform you of such disclosure.
  • Protecting Rights and Safety: We may disclose information if we believe it is necessary to enforce our Terms of Service or other agreements, or to investigate potential violations thereof. We will also share data to detect, prevent, or address fraud, security, or technical issues. If someone’s rights, property, or safety (including Pebblejar’s or our users’) are at risk, we may disclose information to prevent harm. This could include exchanging information with other companies or organizations for fraud protection or credit risk reduction (in accordance with data protection laws).
  • Business Transfers: If Pebblejar is involved in a merger, acquisition, sale of assets, restructuring, or other business transaction, personal data in our possession may be transferred to the successor or new owner as part of that deal. If such a transfer happens, we will ensure the new owner is bound to respect the personal data in a manner consistent with this Privacy Policy, and we will notify you (for example, via a prominent notice on our website or email) of any such change in ownership or control of your personal information.
  • With Consent: Apart from the cases above, we will seek your consent before sharing your personal data with third parties for purposes not covered by this Privacy Policy. For instance, if we ever want to publish a testimonial with your name or share your story publicly, we would only do so with your explicit permission.

Importantly, we do not sell or rent your personal information to data brokers or marketers. Any third-party with whom we share data is either a service provider working on Pebblejar’s behalf or an entity for which you have given consent or which has another legal right to the data.

Data Security

We take reasonable security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include administrative, technical, and physical safeguards appropriate to the sensitivity of the data:

  • Encryption: For our website, we use HTTPS encryption (SSL/TLS) to ensure that data transmitted between your browser and our site (such as form inputs) is encrypted in transit. Similarly, sensitive data (like passwords or payment information handled by Stripe) is transmitted securely.
  • Access Controls: Internally, we restrict access to personal data to those employees, contractors, and agents who need to know that information in order to operate, develop, or deliver our services. These authorized personnel are bound by confidentiality obligations. We use password protection, role-based access, and, where possible, multi-factor authentication for systems that store personal data.
  • Data Storage: Personal data we collect may be stored on secure servers or cloud services that have their own robust security practices. We choose reputable hosting providers and cloud services that maintain high standards of security certifications and compliance (such as ISO 27001, SOC 2, etc., if applicable). Data centers are physically secure and environmentally controlled. Regular backups are performed to prevent data loss.
  • Monitoring and Testing: We maintain up-to-date security software to protect against malware and run firewalls to guard our network. We periodically review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access. Security patches and updates are applied to our systems and software in a timely manner. We may also perform vulnerability assessments or use security services to test our infrastructure.
  • Employee Training: We ensure that our team is trained on data protection best practices. Employees are aware of the importance of privacy and security, and we have policies in place to handle data securely (for example, guidelines on using strong passwords, recognizing phishing attempts, and not sharing client data outside the company).
  • Incident Response: In the unlikely event of a data breach or security incident, we have procedures to promptly address and mitigate the issue. This includes identifying and isolating the problem, notifying affected users and authorities as required by law, and taking steps to prevent future incidents. We will inform you of any significant breach involving your personal data, as required by applicable laws.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. You share information with us at your own risk, but rest assured we take security extremely seriously. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your account or information has been compromised), please contact us immediately so we can investigate and resolve the issue.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, unless a longer retention period is required or permitted by law. In practice, this means:

  • For clients, we will retain your personal and business information for the duration of our business relationship and for a reasonable period thereafter. This allows us to maintain records for legal, tax, and accounting purposes, and to have continuity if you return for additional services. Typically, we might retain client records for, say, 5-7 years after the end of the engagement, but this can vary based on local regulations.
  • For marketing communications, we retain your contact details on our mailing list until you unsubscribe or otherwise ask us to delete your information. If you opt-out, we may keep limited information (like your email) on a suppression list to ensure we honor your opt-out and do not contact you again inadvertently.
  • For website analytics data, we may retain aggregated analytics information indefinitely (as it no longer identifies individuals). Raw website logs or identifiable analytics data is typically retained for a shorter period (perhaps 14 to 24 months in Google Analytics by default) unless we have a specific reason to keep it longer.
  • If you apply for a job with Pebblejar or send us a resume, we will keep that information for the duration of the recruitment process and maybe for some period after in case another opportunity arises, unless you ask us to delete it sooner.
  • We also retain any information required to comply with our legal obligations or to resolve disputes. For example, if you make a purchase, we may keep invoice records as required by financial regulations. If a dispute arises, we might retain relevant information until it is resolved or for the statute of limitations for legal claims.

When we no longer have a legitimate need or legal obligation to retain your personal data, we will securely delete or anonymize it. For example, we might remove identifying details from a dataset so that it can no longer be associated with you. If deletion is not feasible (for instance, because your personal data is stored in backup archives), then we will securely store your personal data and isolate it from further processing until deletion is possible.

Your Rights & Choices

We respect your rights over your personal data. Depending on the laws that apply to you (notably GDPR for EU residents, and other data protection laws in your country), you may have some or all of the following rights regarding the personal data we hold about you:

  • Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. We will provide this information, subject to any applicable exemptions, within the timeframe required by law (under GDPR, typically within one month).
  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. We encourage you to keep your information up-to-date and will make corrections promptly when notified.
  • Right to Erasure: Also known as the “right to be forgotten,” this allows you to request that we delete your personal data when it is no longer necessary for the purposes it was collected, or if you withdraw consent (in cases where consent is the basis of processing), or if you object to processing and we have no overriding legitimate grounds to continue, or if we have processed your data unlawfully. Note that we may not be able to delete data that we are required to keep by law or which is necessary for legal claims. We will inform you if any such exceptions apply when you make your request.
  • Right to Restrict Processing: You can ask us to suspend the processing of some of your data if you contest its accuracy, prefer to restrict its use rather than have us delete it, or if you need us to preserve it for legal reasons. If processing is restricted, we will store the data but not use it until the restriction is lifted (unless we have your consent or as needed for legal purposes).
  • Right to Object: You have the right to object to our processing of your personal data in certain situations. In particular, you can object to processing for direct marketing at any time, and we will stop using your data for marketing purposes. You can also object if the processing is based on our legitimate interests or for statistical purposes and you have grounds to believe it impacts your rights and freedoms. If you object, we will consider whether our legitimate grounds for processing outweigh your privacy rights; if not, we will cease the processing in question.
  • Right to Data Portability: Under GDPR, you may request to receive certain personal data that you have provided to us in a commonly used, machine-readable format, and have the right to transmit that data to another controller. This typically applies to data processed by us by automated means based on your consent or a contract. Where applicable, we can also directly transmit the data to another organization at your request, if technically feasible.
  • Right not to be Subject to Automated Decisions: Pebblejar does not typically make decisions about clients or site users using purely automated means (without human involvement) that produce legal or similarly significant effects. If we ever do, you have the right not to be subject to such decision-making, unless certain exceptions apply. Practically, this right is to ensure any important decisions (like credit approvals, etc.) are not made by algorithms without human review. In our context, this is unlikely to be relevant, but we include it for completeness.
  • Right to Withdraw Consent: If we rely on your consent to process any personal data (for example, consent for sending newsletters or for certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. For instance, you can unsubscribe from marketing emails by clicking the “unsubscribe” link, or adjust your cookie preferences via our site’s cookie settings or your browser settings.
  • Right to Lodge a Complaint: If you believe we have infringed your privacy rights, you have the right to complain to a data protection authority. If you are in the EU, this would be the supervisory authority in your country of residence or work, or where the alleged infringement took place. In India, you may contact the relevant authority under the data protection rules (though India’s data protection regime is evolving). We would appreciate the chance to address your concerns directly before you approach a regulator, so please feel free to contact us about any issue.

To exercise your rights, you can contact us at the email or address provided in the Contact Us section of this Privacy Policy. We may need to verify your identity before fulfilling certain requests (to ensure that it’s you making the request and not an unauthorized person). Verification might involve confirming ownership of an email account or asking for identification in a secure manner. We will respond to your request within the timeframe required by law (under GDPR, within one month, with the possibility of extension in complex cases). Note that some requests might be limited by legal exceptions – if we cannot comply with a request, we will provide an explanation.

You also have certain choices about how we use your data:

  • You can opt out of marketing emails at any time by clicking the unsubscribe link in any such email or by contacting us. Once you opt out, we will not send you promotional messages, but we may still send you non-promotional communications (like those about your account or ongoing services).
  • You can disable cookies or adjust cookie settings on our website (if available) or via your browser. As noted in the Cookies section, you can manage how cookies work for you.
  • If you do not want to provide personal information through our website, you can always choose not to fill out forms or not to use certain features. However, we may need certain data (like contact info) to respond to your requests.
  • If we ever use your data in a way not described in this Policy, we will seek your consent when required, and you can refuse or revoke it.

International Data Transfers

Pebblejar is based in India, and our clients may be worldwide. If you provide us with personal information, please be aware that your data will likely be transferred to, processed, and stored in India and possibly other jurisdictions where our third-party service providers are located or have servers (such as the United States or EU countries). Different countries have different data protection laws, and some may not be deemed “adequate” by EU standards.

However, we take steps to ensure that appropriate safeguards are in place to protect your data during international transfers. For example:

  • If we transfer personal data from the European Economic Area (EEA) or UK to a country not deemed to have adequate protections, we will do so using lawful mechanisms. Typically, this could involve using European Commission-approved Standard Contractual Clauses (SCCs) in our contracts with recipients of the data, which obligate them to protect the data according to EU standards.
  • We may also rely on other transfer mechanisms such as an individual’s consent (for specific, informed transfers), or necessity for the performance of a contract (e.g., if you as an EU customer use our service, the transfer of data to India is necessary to perform the contract between you and us).
  • Our major service providers (e.g., cloud services, payment processors) may themselves be certified under frameworks like the EU-U.S. Data Privacy Framework (if in the U.S.) or have SCCs and similar measures in place, which extends similar protection to your data when it’s handled by them.

By using our services or providing us with your information, you consent to the transfer of your personal data to India and other jurisdictions as described above. We will ensure such transfers are lawful and that your data is securely handled. If you have questions about international data transfers or need more specific info on cross-border safeguards, please contact us.

Third-Party Websites and Services

Our website or communications may contain links to third-party websites or services that are not operated by Pebblejar. For example, we might link to an article on a marketing blog, or our site might integrate content from social media platforms. This Privacy Policy applies only to Pebblejar’s handling of personal data. If you click a third-party link or engage with a third-party service (even one we use in delivering our services), you will be subject to that third party’s terms and privacy policy. We do not control and are not responsible for the content, privacy practices, or handling of data by any third-party websites or services.

Children’s Privacy

Our services and website are not directed to children under the age of 16 (and in certain jurisdictions, under the age of 13). We do not knowingly collect personal information from children. If you are under the relevant age in your jurisdiction, please do not use our website or send us any personal data. Pebblejar primarily serves businesses and professionals, and our content is oriented towards that audience.

If we become aware that we have inadvertently collected personal data from a child without proper consent, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so that we can locate and remove that data.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last Updated” date at the top of this Policy. If the changes are significant, we will provide a more prominent notice, such as a notice on our website’s homepage or a direct notification (e.g., via email if you are a client or subscriber).

Your continued use of our website or services after any modifications to the Privacy Policy indicates your acceptance of the updated terms. However, if we plan to use your personal data for a new purpose that is materially different from what was stated at the time of collection, we will seek your consent or give you a chance to opt-out, as required by law.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you do not agree with any updates to the Policy, you should cease using our services and may request that we remove your personal information from our records (consistent with your rights described above).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Pebblejar – Privacy Office
Email: privacy@pebblejar.in
Address: [Pebblejar’s business address, City, State, PIN, India]

We will be happy to address any inquiries you have about your privacy and will respond as promptly as possible. If you need to exercise any of your data subject rights (as described in Your Rights & Choices), please reach out via email or mail, and include enough information for us to verify your identity and process your request.

Thank you for trusting Pebblejar. We are dedicated to protecting your personal information and using it responsibly in order to serve your needs and improve our services.