Enquire Now!


Citta DPDPA Compliance Overview

We are committed to protecting the privacy and data of our clients in accordance with the Data Protection and Data Privacy Act 2023 (DPDPA). At Citta (“Company”, “Data Fiduciary”), we adhere to the strict guidelines outlined in the DPDPA to ensure the security and confidentiality of all data entrusted to us. Our dedicated team is trained to implement robust data protection measures and regularly update our systems to maintain compliance with the latest regulations. Rest assured, when you partner with us, your data is handled with the utmost care and respect, in full compliance with the DPDPA.

Data Processing

Company only processes personal data to the extent necessary and in accordance with applicable privacy laws including the DPDPA. In addition, Company does not lease, sell or distribute data. According to agreements with third party providers, Company’s DPO or Data Processor actively monitors Third Party’s adherence to DPDPA. Company obtains verifiable consent with the Data Principle to process data of Data Principle, children (below 18 years) and people with disability.

In addition, the Company has ensured all documents, including without limitations, agreements, privacy policies online terms, IOs are compliant with the DPDPA.

What is Personal Data Under the DPDPA Act?

Any data of an individual that can be potentially used to identify that individual is called personal data. Public information does not come under the category of personal data.

The act defines personal data as” any data about an individual who is identifiable by or in relation to such data”. Citation: Sub-clause (t) of section 2

Information published by the data principal herself or authorized government agencies is termed public information. It is personal data if it was published to a specified audience and not publicly.

Prohibitions Concerning Children

Tracking, behavioural monitoring, and targeted advertising of children are not allowed unless the central government permits them. A child is an individual under the age of 18 years. The company does not process the data of children if it is likely to cause any detrimental effects.

Technological Organizational and Security Standards

The Company completed the process of mapping out all its data (including all data sets) and its technical and organizational security measures, all as stipulated in our security policy.

Transparency and Fairness to Both Users and Regulators

Company maintains accurate and accessible written records to the extent legally required to provide authorities and legally entitled users, all in a timely manner. In accordance with DPDPA, data subjects may exercise the right to access, rectification, restrict processing, erasure, data portability, the right to complain to a supervisory authority and the right to not be subject to automated processing.

Incident Responsiveness

Company has the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. Company’s DPO has implemented robust training processes in the event of a data breach and will provide regulators and users with an immediacy of notification to the extent required under applicable law.

Data Protection Officer

Company has appointed a DPO or Data Processor in order to ensure ongoing compliance with the DPDPA which can be contacted at:

"Inspiring digital transition"