Legal

GDPR Compliance

Last updated: March 1, 2026

GDPR-ready for global operations

Easedesk is primarily designed for Indian businesses under Indian law (DPDP Act 2023). For customers with operations in the European Union or that process data of EU residents, we provide GDPR-compliant terms and controls.

Our role under GDPR

In most cases, Big Market 360 Private Limited (operating as Easedesk) acts as a Data Processor — we process your business data on your behalf. You, as the business using Easedesk, are the Data Controller responsible for determining the purposes and means of processing.

For our own marketing and website operations, Big Market 360 Private Limited acts as a Data Controller for personal data we collect directly (such as email addresses for newsletters).

Data Processing Agreement (DPA)

All Easedesk subscription plans include a Data Processing Agreement that meets GDPR Article 28 requirements. The DPA covers:

Nature and purpose of processing
Type of personal data and categories of data subjects
Sub-processor list and notification obligations
Data subject rights and our obligations to assist
Security measures and breach notification

Request a signed DPA by emailing [email protected].

Your GDPR rights

If you are an EU resident whose data is processed through Easedesk, you have the following rights under GDPR:

Right to access — request a copy of your personal data
Right to rectification — correct inaccurate data
Right to erasure — request deletion ("right to be forgotten")
Right to restriction — limit how we process your data
Right to portability — receive your data in a portable format
Right to object — object to processing based on legitimate interest

Technical & organisational measures

We have implemented the following measures to protect personal data:

Data Processing Agreements (DPA) available for all customers on request

All sub-processors are GDPR-compliant and listed in our DPA

Data subject access requests processed within 30 days

Breach notification within 72 hours of discovery

Privacy by design — data minimisation built into all features

Right to erasure supported (subject to Indian legal retention requirements)

Cross-border data transfer safeguards for non-Indian customer data

Data Protection Officer appointed and contactable at [email protected]

Sub-processors

We use the following categories of sub-processors to deliver our Services:

Cloudflare, Inc. — Infrastructure, CDN, DDoS protection, and object/file storage. Cloudflare is certified under multiple frameworks and maintains SCCs for EU data transfers.
Mailer91 — Transactional email delivery for notifications, OTP, and reports. India-based.
Razorpay Software Pvt Ltd — Payment processing for Indian customers. India-based.

A complete sub-processor list with GDPR adequacy status and applicable Standard Contractual Clauses (SCCs) is available in our DPA. Request it at [email protected].

Contact our Data Protection Officer

For GDPR-related enquiries, DPA requests, or to exercise your rights:

DPO Email: [email protected]

Legal: [email protected]

Response time: Within 5 business days for general enquiries, within 30 days for formal data subject requests.