Contact Data Usage Policy
This policy governs how users of the Seedicon CRM and Seedicon Events Platform may collect, store, and use contact data - including data obtained from business card scans, manual entry, CSV imports, and event registrations. This policy supplements the Privacy Policy and Terms of Service and applies to all users who process third-party contact data through the Platform.
1. Your Role as Data Controller
When you scan a business card, import contacts, or collect attendee data via event registration, you are acting as the data controller for those individuals' personal data. Seedicon Technologies Private Limited acts only as your data processor. You are solely responsible for ensuring your collection and use of contact data is lawful.
2. Lawful Basis Requirement
You must have a valid lawful basis before storing any individual's personal data in the Platform. Acceptable lawful bases include:
- Legitimate interests: you have an existing or prospective business relationship and the individual would reasonably expect to be contacted
- Contract: the individual is a party to a contract with you
- Consent: the individual has explicitly consented to being added to your contacts and contacted by you
You may not import or store contact data obtained through purchased lists, scraped databases, or other means without a clear lawful basis for each individual.
3. Permitted Uses of Contact Data
- Storing and organising contact information for personal relationship management
- Recording context notes, voice memos, and follow-up reminders relating to your interactions
- Sending personalised follow-up communications to individuals with whom you have a business relationship
- Sending email marketing campaigns to individuals who have opted in to receive marketing from you
- Searching, filtering, and exporting your own contact database for personal CRM purposes
4. Prohibited Uses of Contact Data
- Sending unsolicited bulk marketing or spam to contacts who have not opted in
- Sharing, selling, or transferring contact data to any third party without the data subject's consent
- Using contact data to harass, stalk, or contact individuals for inappropriate purposes
- Processing contact data for any purpose other than legitimate business relationship management
- Uploading contact data you do not have the right to process
- Using the Platform to build databases for resale or commercial data brokerage
5. Email Marketing via the Platform
If you use the Platform's email marketing features:
- You may only send campaigns to contacts who have explicitly opted in to receive marketing emails from you
- Every campaign must include a functioning one-click unsubscribe link
- You must honour unsubscribe requests immediately; the Platform will suppress unsubscribed contacts automatically
- You must not re-add contacts who have unsubscribed without fresh explicit consent
- Campaign content must be accurate, non-deceptive, and comply with CAN-SPAM, GDPR, and DPDP Act 2023
6. WhatsApp Marketing
WhatsApp communications are subject to additional restrictions:
- You may only send WhatsApp messages to contacts who have explicitly opted in during registration or through an equivalent consent mechanism
- All messages must use Meta-approved WhatsApp Business API templates
- You must provide a clear opt-out mechanism in all broadcasts
- You are responsible for obtaining and documenting WhatsApp consent
7. Data Subject Rights
If an individual whose data you have stored contacts you to exercise their data rights (access, correction, deletion, opt-out), you are responsible for responding within the timeframes required by applicable law. The Platform provides tools to help you find, edit, and delete individual contact records. You must action rights requests promptly and cannot use the Platform to circumvent data subject rights.
8. Data Accuracy
You are responsible for the accuracy of contact data stored in your account. OCR extraction from business cards may contain errors; you should review and correct extracted data before relying on it for communications.
9. Retention of Contact Data
You should not retain contact data beyond the period necessary for your stated business purpose. The Platform's data retention defaults are described in the Data Retention Policy. You may delete individual contacts at any time.
10. Cross-Border Considerations
If you store data of individuals based in the EU, EEA, or UK, you must comply with GDPR as a data controller. If you store data of individuals based in India, you must comply with the DPDP Act 2023. You represent that you understand and comply with applicable law in the jurisdictions of your contacts.
11. Consequences of Violation
Violation of this policy may result in immediate suspension or termination of your account. We may be required to disclose information to regulators in the event of a complaint. You indemnify the Company against any claims arising from your unlawful processing of contact data.
12. Contact
Questions about this policy: legal@seedicon.com