Privacy Policy

01 Introduction

OutTroll Digital Private Limited (“OutTroll”, “we”, “our” or “us”) is committed to protecting the privacy and personal information of its website visitors, prospects, clients and business partners.

This Privacy Policy (“Policy”) describes the categories of personal information we collect, how we use and disclose it, the choices you have, and the steps we take to keep it secure. It applies to information processed through our website at outtroll.com (the “Website”) and through the marketing services we provide (the “Services”).

By using the Website or engaging our Services, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Website or engage our Services.

02 Scope & Applicability

This Policy applies to personal information processed by OutTroll as a data controller — that is, where we determine the purposes and means of processing. This typically covers our marketing, prospect, recruitment and client-management activities.

Where we process personal information on behalf of a client (for example, when running campaigns on a client’s platforms), we act as a data processor. In those cases the client’s own privacy policy governs the underlying processing, and we process information in accordance with our Data Processing Agreement with that client.

This Policy does not cover the practices of third-party platforms (such as Meta, Google, TikTok, X or LinkedIn) that you may interact with separately.

03 Information We Collect

We collect the following categories of information.

Information you provide directly

Identity & contact data: name, email address, phone number, company name, role and country.
Brief / enquiry data: the marketing goals, budget range, service interest and any context you share via our contact, audit-request or newsletter forms.
Account data: credentials, preferences and communications relating to any client portal or dashboard we provide.
Recruitment data: CV, work history, links and references submitted through our Careers page.
Payment data: bank-account or tax details required to invoice or be invoiced. We do not store full card numbers; card payments (where supported) are handled by a PCI-compliant payment processor.

Information collected automatically

Device & usage data: IP address, browser type, operating system, referring URL, pages viewed, time on page, and approximate location derived from IP.
Cookies & identifiers: session identifiers, preference cookies and analytics identifiers (see Section 7).

Information from third parties

Public business data: publicly available information about you or your company (for example, a LinkedIn profile or a company website) that we may reference when responding to your brief.
Analytics providers: aggregated usage information from web-analytics tools.
Advertising platforms: conversion and event data from advertising networks when you interact with our ads.

04 How We Collect Information

We collect information when you:

Fill in a form on the Website (contact, audit request, newsletter signup, careers application).
Engage with us by email, phone, video call or social channel.
Sign a Statement of Work or any other commercial agreement.
Visit the Website — through cookies and similar technologies.
Interact with our advertisements, social posts or other marketing.

05 Purposes & Legal Bases for Processing

We process personal information for the purposes set out below. Where the General Data Protection Regulation (“GDPR”) or India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) applies, our legal bases for processing are also indicated.

To respond to your enquiry or brief — necessary to take steps at your request prior to entering into a contract.
To provide and improve the Services — necessary for performance of our contract with you.
To send service communications and important notices — legitimate interest in operating a reliable service.
To send marketing emails and newsletters — your consent, which you may withdraw at any time.
To measure website performance and improve content — legitimate interest in operating an effective website, with consent where required for non-essential cookies.
To comply with legal, tax and accounting obligations — necessary to comply with laws to which we are subject.
To investigate and prevent security incidents, fraud or misuse — legitimate interest in protecting our business and users.

We do not engage in automated decision-making that produces legal or similarly significant effects on you.

07 Cookies & Similar Technologies

We use cookies and similar technologies (pixels, local storage, SDKs) to operate the Website, remember your preferences, measure usage and run advertising. Cookies fall into the following categories:

Strictly necessary — required for core functions such as session management and security. These cannot be disabled.
Preference — remember choices such as language or recently viewed content.
Analytics — measure how the Website is used, so we can improve content and performance.
Marketing — deliver and measure relevant advertising on third-party platforms.

You can control non-essential cookies through your browser settings or, where shown, through the cookie banner. Blocking cookies may impact some features of the Website.

08 Third-Party Services & Platforms

The Website integrates with third-party services for analytics, embedded content, advertising measurement and other functions. These third parties may collect information about your interaction with the Website under their own privacy policies. We encourage you to review their notices.

The Website may also contain links to third-party websites. We are not responsible for the privacy practices of those websites.

09 International Data Transfers

We are headquartered in India and process data primarily on infrastructure located in India and the European Union. Some of our service providers may be located in other countries, including the United States.

Where we transfer personal information across borders, we put in place appropriate safeguards required by applicable law — for example, the European Commission’s Standard Contractual Clauses for transfers out of the European Economic Area and the United Kingdom, and equivalent contractual safeguards for transfers governed by the DPDP Act.

10 Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting or reporting requirements.

Prospect / brief data: up to twenty-four (24) months from last interaction, unless you opt in to ongoing communications.
Client engagement records: for the duration of the engagement and seven (7) years thereafter, in line with applicable tax and accounting laws in India.
Newsletter and marketing data: until you unsubscribe or withdraw consent.
Server logs: typically up to twelve (12) months.

When personal information is no longer required, we securely delete, anonymise or aggregate it.

11 Information Security

We follow reasonable and industry-standard administrative, technical and physical safeguards to protect personal information against unauthorised access, alteration, disclosure or destruction. These include encrypted transport (TLS), encrypted storage where appropriate, role-based access control, multi-factor authentication for privileged systems, regular access reviews, vendor due-diligence and employee training.

While we strive to protect personal information, no security control is perfect. You are responsible for keeping any credentials we issue to you confidential and for notifying us immediately of any suspected unauthorised access.

12 Your Rights & Choices

Subject to applicable law, you have the following rights with respect to your personal information.

Access — obtain confirmation of whether we process your data and a copy of it.
Correction — request correction of inaccurate or incomplete information.
Deletion / erasure — request deletion of personal information, subject to legal and contractual retention obligations.
Withdrawal of consent — withdraw consent for processing based on consent, without affecting prior lawful processing.
Restriction or objection — restrict or object to certain processing based on legitimate interests.
Portability — receive your personal information in a structured, commonly-used, machine-readable format.
Nominate — nominate another person to exercise rights under the DPDP Act on your behalf.
Complaint — lodge a complaint with the competent supervisory authority in your jurisdiction.

To exercise any right, please contact us at privacy@outtroll.com. We may need to verify your identity before responding. We aim to respond within thirty (30) days, or any shorter period required by applicable law.

13 Marketing Communications

We may send you marketing communications — such as our newsletter, event invitations and product updates — where you have signed up or where permitted by applicable law.

You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email, or by emailing privacy@outtroll.com. Opting out of marketing does not affect communications relating to an active engagement.

14 Children’s Privacy

Our Website and Services are not directed to children under the age of eighteen (18), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

15 Do-Not-Track Signals

Some browsers offer a “Do Not Track” (“DNT”) preference. Because there is no industry consensus on how to interpret DNT signals, the Website does not currently respond to them. We do, however, honour applicable opt-outs and consent choices made via our cookie banner or directly with us.

16 Data Breach Notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals within the timelines required by applicable law (for example, seventy-two (72) hours under the GDPR), together with information about the breach and the steps we are taking.

17 Changes to This Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be communicated by email or a prominent notice on the Website prior to the change taking effect.

We encourage you to review this page periodically to stay informed about how we protect your personal information.

18 Governing Law

This Policy is governed by the laws of India, without regard to conflict-of-laws principles. Where the GDPR, the UK GDPR or other regional law applies to a specific processing activity, the rights and remedies under those laws also apply.

The courts at Bengaluru, Karnataka, India, will have exclusive jurisdiction over any dispute arising out of or in connection with this Policy, subject to any non-waivable rights you may have to bring proceedings in your jurisdiction.

19 Contact Us & Grievance Officer

For any question, request or complaint regarding this Policy or our handling of personal information, please contact us:

Email: privacy@outtroll.com
General enquiries: hello@outtroll.com
Postal address: OutTroll Digital Private Limited, 14 MG Road, Bengaluru, Karnataka 560001, India

Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the Digital Personal Data Protection Act, 2023, you may contact our Grievance Officer:

Name: Head of Privacy & Compliance
Email: grievance@outtroll.com
Address: OutTroll Digital Private Limited, 14 MG Road, Bengaluru, Karnataka 560001, India

We will acknowledge complaints within seventy-two (72) hours and aim to resolve them within thirty (30) days.

Have a privacy question or request?

Email our Privacy team or open a conversation. We respond within one business day.

Email privacy team Read Terms & Conditions