DPDP Compliance

1. About the DPDP Act

The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's comprehensive data protection legislation. It establishes a framework for the processing of digital personal data, defines the rights of individuals (referred to as "Data Principals"), and sets obligations for entities that process personal data (referred to as "Data Fiduciaries").

The DPDP Act aims to balance the right of individuals to protect their personal data with the need for lawful processing of such data for legitimate purposes. It applies to the processing of digital personal data within India, as well as the processing of personal data outside India if it relates to offering goods or services to individuals in India.

2. LabelERP's Role Under the DPDP Act

LabelERP Technologies Pvt. Ltd. acts as a Data Fiduciary when we process the personal data of our users (such as account information, contact details, and usage data). We determine the purpose and means of processing this data to provide and improve our services.

When our customers use the LabelERP platform to store and manage their own customers' data (for example, order details and customer records), LabelERP acts as a Data Processor on behalf of the customer, who remains the Data Fiduciary for that data.

3. How LabelERP Complies

We have implemented the following measures to ensure compliance with the DPDP Act:

a) Lawful Purpose and Consent

We process personal data only for lawful purposes. Before collecting your personal data, we provide a clear notice explaining what data we collect, why we collect it, and how it will be used. We obtain your informed consent before processing your data, except where processing is permitted without consent under the Act (such as for compliance with legal obligations or for legitimate uses as specified in the Act).

b) Purpose Limitation

We collect and process personal data only for the specific purposes disclosed to you at the time of collection. We do not use your data for unrelated purposes without obtaining your additional consent.

c) Data Minimisation

We collect only the personal data that is reasonably necessary for the purposes for which it is processed. We do not collect excessive or irrelevant data.

d) Storage Limitation

We retain personal data only for as long as it is necessary to fulfil the purpose for which it was collected, or as required by law. When personal data is no longer needed, we securely delete or anonymise it.

e) Data Accuracy

We make reasonable efforts to ensure that the personal data we hold is accurate and up to date. We provide tools within the platform for you to review and correct your personal information at any time.

f) Security Safeguards

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security audits, and employee training. For full details, visit our Security page.

4. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights with respect to your personal data:

5. Data Processing Purposes

We process personal data for the following purposes:

• Account management: To create, maintain, and authenticate your user account.
• Service delivery: To provide the ERP platform features you have subscribed to, including inventory management, order processing, and reporting.
• Communication: To send transactional notifications (such as order confirmations, password resets, and billing receipts) and, with your consent, product updates and promotional communications.
• Analytics and improvement: To understand how our platform is used, to identify performance issues, and to develop new features.
• Security and fraud prevention: To detect, investigate, and prevent fraudulent or unauthorised activity.
• Legal compliance: To fulfil our obligations under applicable laws and regulations.

6. Cross-Border Data Transfers

We primarily store and process your data within India. In certain cases, your data may be processed by third-party service providers located outside India (for example, for email delivery or cloud infrastructure services). When such transfers occur, we ensure that:

• The transfer is made only to jurisdictions not restricted by the Central Government under the DPDP Act.
• Appropriate contractual safeguards are in place to ensure the protection of your personal data.
• The receiving entity provides a level of data protection that is comparable to the protections required under Indian law.

7. Consent Management

You may withdraw your consent for the processing of your personal data at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal, nor will it affect processing that is based on grounds other than consent (such as legal obligations). You can manage your consent preferences through your account settings or by contacting us directly.

Please note that withdrawing consent for essential processing (such as authentication and account management) may result in the inability to use some or all of our services.

8. Grievance Officer

In accordance with the DPDP Act, we have appointed a Grievance Officer to address your concerns and complaints regarding the processing of your personal data. You may contact our Grievance Officer at:

9. Updates to This Page

We may update this compliance page as the DPDP Act evolves or as we enhance our data protection practices. Material changes will be communicated through our website and, if applicable, by email. We encourage you to review this page periodically.

Last updated: 1 March 2026