This Privacy Policy is published by Subkulture Communications Pvt. Ltd., operating under the trade name Subkulture (referred to as "Subkulture", "we", "us", or "our"), a full-service creative agency headquartered in Bengaluru, Karnataka, India. Our website is accessible at www.subkulture.in (the "Site").
We provide brand strategy, creative direction, and content production services to clients across India and internationally.
We are the Data Fiduciary responsible for personal data collected through this Site and in connection with our services, as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act").
This Privacy Policy explains:
Please read this Policy carefully before using our Site or engaging our services. By accessing www.subkulture.in or interacting with us, you acknowledge that you have read and understood this Policy.
This Privacy Policy is designed to comply with the following laws, to the extent they apply:
Note on DPDP Rules: The Digital Personal Data Protection Rules are pending formal notification. References in this Policy to the Data Protection Board of India and related mechanisms are forward-looking. We will update this Policy when the Rules are notified.
This Policy applies to:
This Policy does not cover personal data processed in connection with employment or contractor engagements — those are governed by separate workplace data agreements. It also does not cover third-party websites linked from our Site.
We do not ordinarily seek to collect Sensitive Personal Data (as defined under the IT SPDI Rules, 2011) — including financial information beyond what is necessary for payment, health data, biometric data, or religious/political beliefs. If a specific client project or talent engagement requires processing such data, we will obtain explicit written consent from the individual before doing so.
We process Technical and Behavioural Data to deliver and maintain our Site, ensure its security, and analyse how visitors use it. This is in our legitimate business interest.
When you contact us through our Site or by email, we use your Identity and Contact Data to respond to your query and take steps at your request before entering into a contract.
When engaged to provide brand strategy, creative, or content services, we may process personal data to:
We process Applicant Data to assess suitability for employment or freelance roles and to comply with applicable employment laws. We retain unsuccessful candidate data for a short period only unless you consent to longer retention for future opportunities.
We may send marketing communications about Subkulture's services where you have given consent or where we have an existing business relationship with you. You may opt out at any time (see Section 15).
We may process personal data where necessary to comply with applicable Indian law, respond to valid legal requests, protect our rights in disputes, or facilitate a business transaction such as a merger or acquisition.
Under the DPDP Act, 2023, we process personal data only where:
Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us at the details in Section 19.
Our Site uses cookies and similar tracking technologies to:
When you first visit our Site, you will be presented with a cookie consent notice. You may accept or decline non-essential cookies at that point, or change your preferences at any time. We do not use cookies to serve targeted advertising on behalf of third-party advertisers.
We do not sell your personal data to third parties. We share personal data only where lawful and necessary, with appropriate contractual safeguards in place:
The majority of your personal data is processed and stored within India. Where we engage technology vendors or cloud service providers located outside India, personal data may be transferred to those jurisdictions.
Under the DPDP Act, 2023, the Central Government has the power to restrict transfers to specific countries. We will comply with any such restrictions as and when notified. Until DPDP Rules on cross-border transfers are finalised, we ensure all offshore vendors are bound by contractual obligations to protect your data to a standard comparable to what applies in India.
If you are located outside India and use our Site, please be aware that your data will be transferred to and processed in India.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law:
When data is no longer required, we will securely delete or anonymise it.
We implement reasonable security practices and procedures as required under the IT (SPDI) Rules, 2011 and the DPDP Act, 2023, including:
No method of data transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. If you suspect your data may have been compromised in connection with our systems, please contact us immediately.
In the event of a personal data breach that is likely to cause harm to you, we will notify the Data Protection Board of India and, where required, inform affected individuals in accordance with the DPDP Act.
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
Request a summary of the personal data we hold about you and the processing activities we carry out. (DPDP Act, Section 11)
Request that inaccurate or incomplete data be corrected, or that your data be erased where it is no longer required. (DPDP Act, Section 12)
Raise a grievance with us and receive a response within a reasonable timeframe. If unsatisfied, escalate to the Data Protection Board of India. (DPDP Act, Section 13)
Nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. (DPDP Act, Section 14)
Where we rely on your consent to process data, you may withdraw it at any time. Withdrawal will not affect the lawfulness of prior processing.
Lodge a complaint with the Data Protection Board of India once constituted, if you believe your rights have been violated.
To exercise any of these rights, contact us using the details in Section 19. We will acknowledge your request promptly and respond within a reasonable timeframe as required by applicable law. We may need to verify your identity before fulfilling a request.
Note: Certain rights may be subject to limitations — for example, we may not be able to erase data that we are required to retain under applicable Indian law such as tax or company records.
If you receive marketing communications from us and no longer wish to, you may opt out by:
Please allow up to 10 business days for your opt-out to take effect across our systems. Even after opting out of marketing, we may still contact you for transactional or service-related communications if you are an active client.
Our Site and services are not directed at children (individuals under the age of 18). We do not knowingly collect personal data from minors. The DPDP Act, 2023 imposes additional obligations in relation to processing children's data, including obtaining verifiable parental consent.
If, in the context of a specific client campaign, we are required to process the personal data of minors, we will implement the full requirements of the DPDP Act in relation to such data, including the prohibition on behavioural tracking of children.
If you believe we may have inadvertently collected data from a minor, please contact us immediately and we will take prompt corrective action.
Our Site may contain links to third-party websites, social media platforms, or partner sites. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit via links from our Site. We are not responsible for the privacy practices of third-party operators.
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law (including the finalisation of DPDP Rules), or regulatory guidance. When we make material changes, we will:
We encourage you to review this Policy periodically. Your continued use of our Site after a Policy update constitutes your acknowledgement of the revised Policy.
For any queries, concerns, or to exercise your rights under this Privacy Policy, please contact:
We aim to acknowledge all requests within 72 hours and respond substantively within a reasonable period as required by applicable law. If you are unsatisfied with our response, you may refer the matter to the Data Protection Board of India once it is constituted and operational under the DPDP Act, 2023.