top of page

Privacy Policy

1. Introduction

Crevia Media ("Crevia Media," "we," "us," or "our"), a digital marketing agency operating through www.creviamedia.com, headquartered at 413 Faiq Enclave, Bareilly | New Delhi, India, is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, store, share, and protect personal data obtained through our website, services, communications, and business operations. It also sets out your rights as a data principal and how you may exercise them.

This Policy is prepared in accordance with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)

  • Information Technology Act, 2000 (IT Act)

  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)

  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

  • Consumer Protection Act, 2019

  • Indian Contract Act, 1872

  • Telecom Commercial Communications Customer Preference Regulations, 2018 (TRAI TCCCPR)

By accessing or using our website or engaging our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

2. Definitions

For the purpose of this Privacy Policy:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.

  • "Sensitive Personal Data or Information (SPDI)" includes passwords, financial information (bank accounts, credit/debit card details), physical, physiological and mental health conditions, sexual orientation, medical records, biometric information, and similar information as defined under SPDI Rules, 2011.

  • "Data Principal" means the individual to whom personal data relates.

  • "Data Fiduciary" means Crevia Media, which determines the purpose and means of processing personal data.

  • "Processing" means any automated or manual operation performed on personal data including collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, transmission, dissemination, erasure, or destruction.

  • "Consent" means a free, specific, informed, unconditional, and unambiguous indication of your agreement to the processing of your personal data for a specified purpose, given through a clear affirmative action.

3. Personal Data We Collect

We collect personal data in the following categories:

3.1 Data Provided Directly by You

When you interact with our website or contact us, you may voluntarily provide:

  • Identity Data: First name, last name, business name.

  • Contact Data: Email address, phone number, postal address.

  • Communication Data: Messages, queries, feedback, or other content you share with us via contact forms, email, or social media.

  • Business Data: Information about your brand, industry, marketing goals, and project requirements relevant to engaging our services.

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

  • Technical Data: IP address, browser type and version, operating system, device type, time zone settings.

  • Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, and navigation paths.

  • Cookie Data: Data collected through cookies and similar tracking technologies (see Section 8).

3.3 Data from Third Parties

We may receive personal data about you from:

  • Social media platforms (Instagram, Facebook, LinkedIn, YouTube) when you interact with our profiles or linked content.

  • Analytics providers such as Google Analytics.

  • Our clients, when we process data on their behalf as a data processor.

4. Purposes for Which We Process Your Personal Data

We collect and process personal data only for specified, clear, and lawful purposes. The purposes are:

PurposeLegal Basis

To respond to enquiries and contact form submissionsConsent / Contractual Necessity

To provide, manage, and deliver our digital marketing servicesContractual Necessity

To send service-related communications and project updatesContractual Necessity

To send marketing communications, newsletters, or promotional materials (only with consent)Consent

To improve our website, services, and user experienceLegitimate Interest

To comply with legal obligations, regulatory requirements, and law enforcement requestsLegal Obligation

To detect, prevent, and respond to fraud, misuse, or security incidentsLegitimate Interest / Legal Obligation

To manage business records, invoicing, and financial complianceLegal Obligation

To analyse website traffic and user behaviour for service improvementLegitimate Interest (with consent where required)

We will not process your personal data for any purpose incompatible with the purpose for which it was originally collected without your prior consent, unless permitted or required by law.

5. Sensitive Personal Data or Information (SPDI)

We do not intentionally collect Sensitive Personal Data or Information (SPDI) as defined under the SPDI Rules, 2011, through our website or standard service operations. If, in specific contexts (such as HR matters or financial transactions), SPDI is required, we will:

  • Obtain your explicit written consent prior to collection.

  • Collect only the minimum SPDI necessary for the stated purpose.

  • Not retain SPDI beyond the period required to fulfil the stated purpose.

  • Implement appropriate security safeguards for SPDI.

6. Sharing and Disclosure of Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your personal data only in the following circumstances:

6.1 Service Providers and Data Processors

We may share data with trusted third-party vendors who assist in our operations, including:

  • Website hosting and cloud service providers.

  • Email communication and CRM platforms.

  • Analytics and marketing tools.

  • Payment processors (for billing purposes).

All such third parties are bound by contractual data processing agreements obligating them to handle your data lawfully, securely, and only as instructed by us.

6.2 Legal and Regulatory Obligations

We may disclose personal data when required by applicable law, court order, government authority, or regulatory body, including under the IT Act, 2000, and applicable rules.

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of Crevia Media's business assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections.

6.4 Protection of Rights

We may disclose personal data where necessary to protect the rights, safety, or property of Crevia Media, our employees, clients, or the public.

6.5 Cross-Border Data Transfers

Your data may be transferred to, stored, or processed in countries outside India (for example, where our cloud service providers operate servers). Such transfers will be conducted only in compliance with the DPDP Act, 2023, applicable rules notified thereunder, and applicable international data protection standards. We take appropriate contractual and technical safeguards to protect data transferred internationally.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation.

  • Contact form data: Retained for a maximum of 3 years from the date of last interaction, unless a business relationship is established.

  • Client data: Retained for the duration of the engagement and for a period of 7 years thereafter, in compliance with the Companies Act, 2013, and applicable tax and accounting laws.

  • Website analytics data: Retained in anonymised or aggregated form for up to 26 months (per platform settings).

  • Marketing communications data: Retained until you withdraw consent or unsubscribe.

Upon expiry of the retention period, or upon a valid erasure request, personal data will be securely deleted or anonymised in a manner that prevents re-identification.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are used to recognise your browser, remember preferences, and gather usage data.

8.2 Types of Cookies We Use

Cookie TypePurpose

Strictly NecessaryEssential for the website to function; cannot be disabled.

Analytical/PerformanceTrack how visitors interact with the website (e.g., Google Analytics).

FunctionalRemember preferences (e.g., language, region).

Targeting/AdvertisingServe relevant ads on third-party platforms (e.g., Meta Pixel, Google Ads).

8.3 Third-Party Cookies

Our website may use third-party cookies from providers including Google Analytics and Meta Platforms. These providers have their own privacy policies governing how they use such data.

8.4 Managing Cookies

You may control cookies through:

  • Your browser settings to block or delete cookies.

  • Opt-out tools provided by analytics providers (e.g., Google Analytics Opt-out).

  • Our cookie consent banner (where applicable).

Note: Disabling certain cookies may affect the functionality and user experience of our website.

9. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights with respect to your personal data:

9.1 Right to Access and Information

You have the right to obtain confirmation about whether your personal data is being processed and to access the personal data we hold about you, along with information about the purposes and means of processing.

9.2 Right to Correction and Updation

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure

You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to applicable legal retention obligations.

9.4 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.

9.5 Right to Grievance Redressal

You have the right to have your grievances addressed by our Grievance Officer and, if not resolved, to escalate the matter to the Data Protection Board of India (once constituted under the DPDP Act, 2023).

9.6 Right of Nomination

Under the DPDP Act, 2023, you have the right to nominate an individual to exercise your data rights on your behalf in the event of your death or incapacity.

9.7 Right to Non-Discrimination

You have the right not to be denied services or treated differently for exercising any of your data rights.

To exercise any of the above rights, please contact us as specified in Section 13 below. We will respond to your request within 30 (thirty) days of receipt.

10. Consent of Minors / Parental Consent

Our website and services are not directed at children below the age of 18 years. We do not knowingly collect personal data from minors.

As required under the DPDP Act, 2023, before processing personal data of a minor (Data Principal below 18 years), verifiable consent of the parent or lawful guardian will be obtained.

If we become aware that we have inadvertently collected personal data from a minor without appropriate parental consent, we will take steps to delete such data promptly.

11. Security of Personal Data

We implement and maintain appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These include:

  • Encrypted communication over SSL/TLS.

  • Access controls and authentication mechanisms.

  • Regular security reviews and vulnerability assessments.

  • Contractual security obligations imposed on service providers.

These measures are in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and reasonable industry standards.

Important: No method of transmission over the internet or electronic storage is entirely secure. While we take all reasonable precautions, we cannot guarantee absolute security of data transmitted to or from our website.

In the event of a personal data breach that is likely to result in risk to the rights of Data Principals, we will notify affected individuals and the Data Protection Board of India (once constituted) in accordance with the timelines specified under the DPDP Act, 2023.

12. Third-Party Links

Our website may contain links to third-party websites, social media pages, and platforms. This Privacy Policy applies only to www.creviamedia.com. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to address privacy-related concerns.

Grievance Officer: Crevia Media Address: 413 Faiq Enclave, Bareilly | New Delhi, India Email: company@creviamedia.com Phone: +91 9633855997

Response Timeline:

  • Acknowledgment within 24 hours of receipt of complaint.

  • Resolution or communication of resolution timeline within 15 (fifteen) days of acknowledgment.

If your grievance is not resolved to your satisfaction, you may escalate the matter to the Data Protection Board of India (once operational) or to the appropriate court of competent jurisdiction in India.

14. Opt-Out of Marketing Communications

If you have consented to receive marketing emails or communications from us and wish to withdraw that consent:

In accordance with the Telecom Commercial Communications Customer Preference Regulations, 2018 (TRAI TCCCPR), we will honour Do Not Disturb (DND) preferences for commercial calls and SMS communications.

15. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located at New Delhi, India.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Material changes will be notified to you by:

  • Posting the updated policy on our website with a revised "Last Updated" date.

  • Sending an email notification where we hold your email address and the change materially affects your rights.

Your continued use of our website or services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy.

17. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy, your personal data, or your rights, please contact us at:

Crevia Media 413 Faiq Enclave, Bareilly | New Delhi, India Email: company@creviamedia.com Phone: +91 9633855997 Website: www.creviamedia.com

This Privacy Policy was last updated on April 19, 2026.

bottom of page