Who we are and scope of this policy
LUPIQ Studio LLP ("LUPIQ", "Studio", "we", "us", or "our") is a Limited Liability Partnership registered in India with its registered office at Prowork, 235, Binnamangala, 2nd Floor, 13th Cross Road, 2nd Stage, Indira Nagar, Bengaluru – 560038, Karnataka, India. This Privacy Policy explains how we collect, use, share, retain, and protect personal data when you visit lupiqstudio.com (the "Site"), contact us, or engage us for services (collectively, the "Services").
For the purposes of the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act"), LUPIQ acts as a Data Fiduciary in respect of personal data it determines the purpose and means of processing. Where the EU General Data Protection Regulation ("GDPR") or UK GDPR applies, LUPIQ acts as a "controller" for data we process for our own purposes, and as a "processor" for personal data we process on a client's behalf under a separate written agreement. Where the California Consumer Privacy Act as amended by the CPRA ("CCPA") applies, LUPIQ acts as a "business".
This policy does not apply to third-party websites, products, or services we do not own or control, or to personal data we process solely on behalf of a client, which is governed by that client's privacy notice and our agreement with them.
Personal data we collect
We do not knowingly collect special categories of sensitive personal data, government identifiers, financial account credentials, or data relating to children, and we ask that you do not submit such information to us unless we have specifically requested it for a defined purpose.
Information you provide to us
- Identity and contact data — name, email address, phone number, company or organisation, role, and country, where you submit them through a form, email, messaging channel, or call.
- Project and enquiry data — the contents of your messages, briefs, requirements, attachments, and any other information you choose to share with us.
- Engagement and commercial data — billing details, contracting party information, and correspondence relating to a project (for clients).
- Recruitment data — if you apply to work with us, your CV, portfolio, and the information in your application.
Information collected automatically
- Technical and device data — IP address, browser type and version, operating system, device identifiers, language settings, and referring URLs.
- Usage data — pages visited, time spent, links clicked, scroll depth, and other interaction signals collected through cookies and similar technologies.
Information from third parties
We may receive limited information about you from analytics providers, advertising and social platforms, and from publicly available sources, where you have interacted with our content or where such sources lawfully make information available.
Purposes and legal bases for processing
We process personal data only for specified, lawful purposes, and only to the extent necessary for those purposes:
- To respond to your enquiries, provide information you request, and communicate with you — on the basis of taking steps at your request prior to entering a contract, our legitimate interests in responding to you, and, where required, your consent.
- To scope, deliver, manage, and invoice for our Services — on the basis of performance of a contract and our legitimate interests in operating our business.
- To operate, secure, maintain, and improve the Site — on the basis of our legitimate interests in running a safe and effective service.
- To send service updates and, where permitted, marketing communications — on the basis of consent or legitimate interests, with an option to opt out at any time.
- To comply with legal, regulatory, tax, and accounting obligations, and to establish, exercise, or defend legal claims — on the basis of compliance with a legal obligation and our legitimate interests.
Consent and your control over it
Where we rely on consent — including for non-essential cookies and certain marketing — your consent is obtained through a clear affirmative action, is recorded, and may be withdrawn at any time with effect for the future. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal, and does not affect processing we are permitted to carry out on another lawful basis. To withdraw consent or change your preferences, contact us using the details in Section 14 or use the controls provided on the Site.
International data transfers
We may process and store personal data in India and in other countries where we or our service providers operate. Where we transfer personal data across borders, we do so in accordance with applicable law and implement appropriate safeguards — such as standard contractual clauses, adequacy mechanisms, or equivalent measures — so that your data continues to receive an adequate level of protection. Transfers from India are made consistent with the DPDP Act and any applicable government restrictions. You may contact us for further information about the safeguards we apply.
Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, tax, or reporting requirements, and to establish or defend legal claims. Retention periods vary by data type and context; for example, enquiry correspondence is retained for the period needed to assess and follow up on the enquiry, and engagement records are retained for the duration of the relationship and for the statutory limitation period thereafter. When personal data is no longer required, we securely delete, anonymise, or aggregate it.
How we protect personal data
We implement reasonable and appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These include access controls, encryption in transit, vendor due diligence, and internal policies governing data handling. No method of transmission or storage is completely secure, and while we work to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to affect you, we will notify the relevant authority and affected individuals as required by applicable law.
Your rights
To exercise any of these rights, contact us using the details in Section 14. We will verify your identity before responding and will reply within the timeframes required by applicable law. You may use an authorised agent where the law permits. We do not charge a fee for most requests unless permitted by law for manifestly unfounded or excessive requests.
Under the DPDP Act (India)
- The right to access a summary of the personal data we process about you and the processing activities undertaken.
- The right to correction, completion, updating, and erasure of your personal data.
- The right to grievance redressal (see Section 13) and the right to nominate another individual to exercise your rights in the event of death or incapacity.
- The right to withdraw consent where processing is based on consent.
Under the GDPR / UK GDPR (Europe)
- Rights of access, rectification, erasure, restriction, and data portability.
- The right to object to processing based on legitimate interests or to direct marketing.
- The right not to be subject to solely automated decisions producing legal or similarly significant effects — we do not carry out such decision-making.
- The right to lodge a complaint with your local supervisory authority.
Under the CCPA / CPRA (California)
- The right to know the categories and specific pieces of personal information collected, the sources, purposes, and recipients.
- The rights to delete and to correct personal information, subject to exceptions.
- The right to opt out of sale or sharing — note that we do not sell or share personal information as defined by the CCPA.
- The right to limit the use of sensitive personal information, and the right not to receive discriminatory treatment for exercising your rights.
Children's privacy
The Site and Services are intended for businesses and individuals aged 18 and over and are not directed at children. We do not knowingly collect personal data from children. Consistent with the DPDP Act, we do not process children's data in a manner likely to cause detrimental effect, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.
Third-party links and embedded content
The Site may contain links to, or content from, third-party websites and services. We are not responsible for the privacy practices of those third parties, and this policy does not apply to them. We encourage you to review the privacy notices of any third-party services you access.
Grievance and data protection contact
If you have a concern about how we handle your personal data, you may contact our Grievance Officer / Data Protection contact:
Grievance Officer, LUPIQ Studio LLP — Email: info@lupiqstudio.com — Address: Prowork, 235, Binnamangala, 2nd Floor, 13th Cross Road, 2nd Stage, Indira Nagar, Bengaluru – 560038, Karnataka, India.
We will acknowledge and address grievances within the period prescribed under applicable law. If you remain dissatisfied, you may have the right to escalate to the Data Protection Board of India or your local supervisory authority.
Changes to this policy and how to reach us
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date above indicates when the policy was last revised, and material changes will be brought to your attention where required. Your continued use of the Site after an update constitutes acceptance of the revised policy to the extent permitted by law.
For any questions about this policy or our data practices, contact us at info@lupiqstudio.com or write to LUPIQ Studio LLP, Prowork, 235, Binnamangala, 2nd Floor, 13th Cross Road, 2nd Stage, Indira Nagar, Bengaluru – 560038, Karnataka, India.
