Deksie is committed to protecting the privacy and rights of all users, including those protected under the European Union's General Data Protection Regulation (GDPR). This page outlines how Deksie, operated by Ctrl Zed LLP, complies with GDPR requirements.
1. Our Role Under GDPR
When an Agency uses Deksie to manage its operations, Ctrl Zed LLP acts as a Data Processor on behalf of the Agency, which acts as the Data Controller. For data related to account registration and platform operation, Ctrl Zed LLP acts as a Data Controller.
| Data Type | Our Role |
|---|---|
| Account and registration data | Data Controller |
| Agency content (projects, files, client data) | Data Processor |
| Technical and usage data | Data Controller |
| Billing and payment data | Data Controller |
2. Lawful Basis for Processing
Under Article 6 of the GDPR, we process personal data on the following lawful bases:
- Contractual necessity (Art. 6(1)(b)): Processing required to provide the Deksie platform under a subscription agreement.
- Legitimate interests (Art. 6(1)(f)): Operating, securing, and improving the platform in ways that are proportionate and do not override your rights.
- Legal obligation (Art. 6(1)(c)): Compliance with applicable legal requirements.
- Consent (Art. 6(1)(a)): Where we seek your explicit consent for a specific purpose. You may withdraw consent at any time.
3. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
- Right to Restrict Processing (Art. 18): Request that we limit the processing of your data in certain circumstances.
- Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling.
- Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at privacy@deksie.in. We will respond within thirty (30) days, as required by the GDPR.
4. Data Protection Measures
We implement robust technical and organisational measures to protect your data, including:
- Encryption in transit (TLS) and at rest.
- Logical data isolation between agencies.
- Role-based access controls within the platform.
- Secure password hashing (one-way).
- Time-limited signed URLs for file access.
- Security audit logging for critical actions.
- Hosting on Google Cloud Platform with internationally recognised security certifications.
5. International Data Transfers
Deksie is hosted on Google Cloud Platform. Where personal data of EEA residents is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Reliance on adequacy decisions where applicable.
- Contractual obligations on sub-processors to maintain equivalent data protection standards.
6. Data Processing Agreements
Agencies that require a Data Processing Agreement (DPA) under Article 28 of the GDPR can request one by contacting us at privacy@deksie.in. Our DPA covers the scope of processing, data categories, security measures, sub-processor obligations, and breach notification procedures.
7. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
- Notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by Article 33.
- Notify affected individuals without undue delay where the breach is likely to result in a high risk, as required by Article 34.
- Notify the Agency (as Data Controller) promptly to enable them to meet their own notification obligations.
8. Sub-Processors
We use a limited number of sub-processors to operate the Deksie platform. All sub-processors are bound by data protection obligations equivalent to those in our agreements with you. Key sub-processors include:
- Google Cloud Platform: Cloud infrastructure and hosting.
We will notify Agencies in advance of any changes to our sub-processor list that may affect the processing of their data.
9. Supervisory Authority
If you are located in the EEA and believe that your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available on the European Data Protection Board website.
10. Contact
For any GDPR-related enquiries or to exercise your rights, please contact us at:
| Company | Ctrl Zed LLP |
| Product | Deksie |
| privacy@deksie.in | |
| Response Time | Within thirty (30) days |
Applicable Regulation: EU General Data Protection Regulation (GDPR) | Digital Personal Data Protection Act 2023 (India)
Copyright © 2026 Ctrl Zed LLP. All rights reserved.