Data Protection Policy

This policy governs how BrandLock (Dheera Media LLC) processes, protects, and manages personal data in accordance with the General Data Protection Regulation (GDPR) and our commitment to data privacy.

Last Updated: March 04, 2026GDPR CompliantReviewed Annually

About This Policy

This policy applies to all personal data processed by BrandLock (Dheera Media LLC). The Responsible Person for BrandLock’s ongoing compliance is Kishor Purbhe (kishor@brandlock.io). BrandLock maintains a Register of Systems — a register of all systems or contexts in which personal data is processed.

This policy shall be reviewed at least annually to ensure continued compliance with the GDPR and evolving data protection standards.

BrandLock Website

brandlock.io — Corporate Website

Our website may collect limited personal data when visitors submit forms, request demos, or subscribe to newsletters. This data is processed in accordance with this policy and applicable GDPR principles.

  • Name, email, and contact details (voluntarily submitted)
  • Account information for registered customers
  • Processed on lawful bases as detailed below
BrandLock Services

JavaScript Tag — Conversion Optimization

As a guiding principle, BrandLock does not collect PII through its services. The JavaScript tag deployed on customer websites operates using anonymous identifiers and behavioral telemetry only.

  • No names, emails, or contact details collected
  • Only anonymous UUIDs and interaction data
  • If PII is collected in rare cases, it is disclosed to the concerned client, vendor, or third party

Guiding Principle: No PII Collection

BrandLock, as a guiding principle, does not collect Personally Identifiable Information. In rare cases where PII is collected, it is disclosed to the concerned client, vendor, and relevant third parties.

1Data Protection Principles (GDPR Article 5)

BrandLock is committed to processing data in accordance with its responsibilities under the GDPR. Article 5 requires that personal data shall be:

a

Lawfulness, Fairness & Transparency

Personal data must be processed lawfully, fairly, and in a transparent manner in relation to individuals.

b

Purpose Limitation

Collected for specified, explicit, and legitimate purposes — and not further processed in an incompatible manner.

c

Data Minimisation

Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

d

Accuracy

Accurate and, where necessary, kept up to date. Inaccurate data must be erased or rectified without delay.

e

Storage Limitation

Kept in a form permitting identification for no longer than necessary. Longer storage only for archiving, research, or statistical purposes with appropriate safeguards.

f

Integrity & Confidentiality

Processed with appropriate security measures, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.

2General Provisions

This policy applies to all personal data processed by BrandLock. The Responsible Person shall take responsibility for ongoing compliance. The policy shall be reviewed at least annually.

Key principle: BrandLock, as a guiding principle, does not collect PII. In rare cases where PII is collected, it is disclosed to the concerned client, vendor, and relevant third parties.

3Lawful, Fair & Transparent Processing

To ensure processing is lawful, fair, and transparent, BrandLock maintains a Register of Systems which is reviewed at least annually. Individuals have the right to access their personal data, and any such requests shall be dealt with in a timely manner.

4Lawful Purposes

All data processed by BrandLock must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task, or legitimate interests. The appropriate lawful basis is noted in the Register of Systems.

Where consent is relied upon, evidence of opt-in consent shall be kept with the personal data. Where communications are sent based on consent, the option to revoke consent must be clearly available, and systems must reflect such revocation accurately.

5Data Minimisation

BrandLock ensures that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We do not collect more data than required for any given purpose.

6Accuracy

BrandLock takes reasonable steps to ensure personal data is accurate. Where necessary for the lawful basis on which data is processed, steps are in place to ensure data is kept up to date.

7Archiving & Removal

To ensure personal data is kept for no longer than necessary, BrandLock maintains an archiving policy for each area in which personal data is processed. This process is reviewed annually and considers what data should or must be retained, for how long, and why.

8Security

BrandLock ensures that personal data is stored securely using modern software that is kept up to date. Access to personal data is limited to personnel who need it, and appropriate security measures are in place to avoid unauthorised sharing of information.

Key safeguards: When personal data is deleted, it is done safely so the data is irrecoverable. Appropriate back-up and disaster recovery solutions are in place to protect against accidental loss or destruction.

9Breach Notification

In the event of a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, BrandLock shall promptly assess the risk to individuals’ rights and freedoms. If appropriate, the breach will be reported to all involved parties without undue delay.

Data Protection Contact

For questions about this Data Protection Policy, data access requests, or to report a concern, please contact our Responsible Person:

info@brandlock.io

General inquiries: info@brandlock.io

Close Menu