CRMLead Pro is operated by DevLogic Technologies Pvt Ltd, an Indian company. If you are an EU/EEA resident or if your organisation processes personal data of EU residents using our platform, this page explains how we comply with the GDPR (Regulation (EU) 2016/679).
1. Data Controller & DPO
For personal data of EU/EEA residents, DevLogic Technologies Pvt Ltd acts as the Data Controller for data collected through the CRMLead Pro platform itself (account data, usage analytics). For data you enter about your own customers and leads, you are the Data Controller and DevLogic acts as a Data Processor.
Data Protection Officer (DPO)DevLogic Technologies Pvt Ltd
Bengaluru, Karnataka, India
Email: dpo@crmleadpro.in
2. Legal Bases for Processing
We process personal data of EU residents on the following legal bases under GDPR Article 6:
Article 6(1)(b) — Contract
Processing necessary for the performance of the subscription contract with you, including delivering the service and processing payments.
Article 6(1)(f) — Legitimate Interests
Improving service quality, security monitoring, fraud prevention, and product analytics (where not overridden by your fundamental rights).
Article 6(1)(a) — Consent
Marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Article 6(1)(c) — Legal Obligation
Compliance with applicable law, including tax regulations, court orders, or regulatory requirements.
3. Your Rights as a Data Subject
Under GDPR, EU/EEA residents have the following rights:
Right of Access (Art. 15)
Request a copy of all personal data we hold about you, including what data is processed and why.
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete personal data without undue delay.
Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten") where there is no overriding legitimate reason to retain it.
Right to Restriction (Art. 18)
Request that we limit processing of your data under certain circumstances (e.g., while accuracy is disputed).
Right to Data Portability (Art. 20)
Receive your personal data in a structured, machine-readable format (JSON/CSV) and transmit it to another controller.
Right to Object (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes at any time.
Right to Withdraw Consent (Art. 7)
Withdraw consent for marketing or cookies at any time without affecting prior lawful processing.
Right to Lodge a Complaint (Art. 77)
File a complaint with your local EU supervisory authority if you believe we have not complied with GDPR.
To exercise any of these rights, contact our DPO at dpo@crmleadpro.in. We will respond within 30 days (extendable by a further 60 days for complex requests, with prior notice).
4. Data We Process
Categories of personal data we process for EU residents:
- Identity data: name, email address, job title, company name
- Contact data: email, phone number
- Account & authentication data: hashed passwords, MFA settings, login timestamps
- Usage data: feature interactions, page views, session data (anonymised where possible)
- Payment data: billing name, address, VAT/tax ID (card data handled exclusively by payment processors)
- Communications: support tickets, email threads
- CRM content: lead and customer data you enter (processed as data processor)
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of subscription + 90 days after deletion |
| CRM content (lead data) | Duration of subscription + 90 days after deletion |
| Payment records | 7 years (Indian GST/tax law requirement) |
| Audit logs | 2 years |
| Marketing consent records | Until consent withdrawn + 3 years |
| Support communications | 3 years after ticket closure |
6. International Data Transfers
CRMLead Pro's primary data infrastructure is located in India (GCP asia-south1, Mumbai). When we transfer personal data of EU/EEA residents outside the EEA (including to India), we rely on the following safeguards:
- Standard Contractual Clauses (SCCs) — EU Commission approved model clauses with our sub-processors
- Adequacy decisions — where applicable for specific countries
- Data Processing Agreements (DPAs) with all sub-processors who handle EU personal data
To request a copy of our SCCs or DPA, contact dpo@crmleadpro.in.
7. Sub-Processors
We engage the following key sub-processors to deliver CRMLead Pro:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Cloud infrastructure & hosting | India (GCP asia-south1) |
| Razorpay | Payment processing | India |
| Resend | Transactional email delivery | EU/US |
| Cloudflare | CDN & DDoS protection | Global |
8. Data Security
We implement appropriate technical and organisational measures under GDPR Article 32, including AES-256 encryption at rest, TLS 1.3 in transit, access controls, regular security assessments, and incident response procedures. See our full Security Policy.
9. Data Breach Notification
In the event of a personal data breach affecting EU residents, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33. Where the breach is likely to result in high risk to individuals, we will also notify affected data subjects without undue delay.
10. Contact & Complaints
For GDPR-related enquiries, to exercise your rights, or to request a Data Processing Agreement (DPA), contact our DPO:
DPO — DevLogic Technologies Pvt LtdEmail: dpo@crmleadpro.in
Website: crmleadpro.in
You also have the right to lodge a complaint with your local EU data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.