Introduction and Overview

Company Information and Purpose of Policy

Logicbric (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data and protected health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our services, website, and applications. As an IT service provider developing applications for diverse clients, we recognize our obligations under various data protection regulations, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).

This Privacy Policy aims to provide transparent information about our data practices and to inform you of your rights regarding your personal information. We serve as both a data controller for information collected directly from individuals and as a data processor when handling data on behalf of our clients.

Applicability and Scope

This Privacy Policy applies to:

• All personal data and protected health information processed by our company

• All services, websites, and applications developed and maintained by us

• All employees, contractors, and third parties who have access to personal data and protected health information through our company

• All clients for whom we develop applications or provide services

Data Collection and Processing

Types of Data Collected

We collect and process various categories of personal data depending on the services provided and the relationship with the data subject. This may include:

• Contact information (name, email address, phone number, physical address)

• Account credentials and authentication data

• Professional information (job title, employer, professional qualifications)

• Technical data (IP address, device information, browsing history, cookies)

• Transaction and billing information

• Special categories of personal data when relevant (including health information when operating as a HIPAA Business Associate)

• Protected Health Information (PHI) when providing services to HIPAA Covered Entities

Methods of Collection

We collect personal data through various channels, including:

• Direct submission through our website, applications, or other digital platforms

• Communication through email, phone, or other correspondence

• Automated collection through cookies, server logs, and similar technologies

• Data transfers from our clients for processing purposes

• Third-party sources where permitted by law and with appropriate disclosures

Legal Basis for Processing

Under GDPR, we process personal data based on one or more of the following legal grounds:

• Explicit consent provided by the data subject

• Necessity for the performance of a contract

• Compliance with legal obligations

• Protection of vital interests

• Performance of tasks carried out in the public interest

• Legitimate interests pursued by our company or a third party

For processing of health data under HIPAA, we operate as a Business Associate and process protected health information according to Business Associate Agreements with Covered Entities.

Data Use and Disclosure

Purposes of Data Processing

We process personal data and protected health information for specific, explicit, and legitimate purposes, including:

• Providing and maintaining our services and applications

• Managing client accounts and fulfilling contractual obligations

• Improving and customizing our services and user experience

• Communicating with users and clients about our services

• Processing transactions and billing

• Complying with legal and regulatory obligations

• Protecting our legitimate business interests and legal rights

Data Sharing and Recipients

We may share personal data with the following categories of recipients:

• Service providers and subcontractors who assist in delivering our services

• Affiliated companies within our corporate structure

• Clients for whom we process data as a service provider

• Legal and regulatory authorities when required by law

• Business partners with proper data protection agreements in place

• Potential buyers in the event of a merger, acquisition, or business transfer

For protected health information under HIPAA, we only disclose information to authorized parties as permitted by our Business Associate Agreements and applicable laws.

International Data Transfers

When transferring personal data outside the European Economic Area (EEA) or to countries without adequate data protection laws, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission

• Binding Corporate Rules for intra-group transfers

• Certification under recognized frameworks such as the EU-U.S. Data Privacy Framework

• Explicit consent for specific transfers where appropriate

Data Security and Retention

Security Measures

We implement robust technical and organizational measures to protect personal data and protected health information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of sensitive data both in transit and at rest

• Access controls and authentication mechanisms

• Regular security assessments and vulnerability testing

• Staff training on data protection and security

• Physical security measures for our facilities

• Incident response procedures and data breach notification protocols

Data Retention Policies

We retain personal data and protected health information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Our retention periods are determined based on:

• Legal and regulatory requirements

• Contractual obligations with clients

• Business needs and legitimate interests

• The nature and sensitivity of the data

• Potential risks associated with continued retention

After the applicable retention period expires, we securely delete or anonymize the data according to our data deletion procedures.

Individual Rights and Choices

GDPR Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data:

• Right to access their personal data

• Right to rectification of inaccurate or incomplete data

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

• Right to object to processing

• Rights related to automated decision-making and profiling

• Right to withdraw consent at any time

We provide mechanisms for individuals to exercise these rights and respond to requests within 30 days as required by the GDPR.

HIPAA Individual Rights

For protected health information subject to HIPAA, individuals have the following rights:

• Right to access their health information

• Right to request amendments to their health information

• Right to an accounting of disclosures

• Right to request restrictions on certain uses and disclosures

• Right to request confidential communications

• Right to receive notice of privacy practices

We facilitate these rights in coordination with the Covered Entities we serve as a Business Associate.

Consent Management

We provide clear mechanisms for individuals to give, withdraw, or modify their consent for data processing activities that require consent. This includes:

• Transparent consent forms with clear language

• Granular options for different types of processing activities

• Easy-to-use consent withdrawal mechanisms

• Records of consent to demonstrate compliance

Compliance Frameworks

GDPR Compliance

As an organization processing personal data of EU residents, we comply with GDPR requirements by:

• Implementing privacy by design and default principles

• Conducting data protection impact assessments for high-risk processing

• Maintaining records of processing activities

• Appointing a Data Protection Officer where required

• Implementing data breach notification procedures

• Ensuring proper data protection agreements with processors and controllers

• Training staff on GDPR requirements and compliance

HIPAA Compliance

When operating as a Business Associate under HIPAA, we comply with requirements by:

• Implementing physical, technical, and administrative safeguards for PHI

• Executing Business Associate Agreements with Covered Entities

• Limiting use and disclosure of PHI to the minimum necessary

• Providing breach notification for unsecured PHI

• Maintaining policies and procedures for HIPAA compliance

• Training workforce members on HIPAA requirements

• Conducting regular risk assessments

Special Considerations

Children’s Privacy

We recognize the special protections required for personal data of children under applicable laws. We do not knowingly collect personal data from children under 13 (or the applicable age threshold in different jurisdictions) without verifiable parental consent. Our specific practices regarding children’s data include:

• Age verification mechanisms where appropriate

• Parental consent procedures for collection of children’s data

• Special protection measures for children’s data

• Respect for parental rights to review, delete, and limit collection of children’s data

Cookie Policy and Tracking Technologies

We use cookies and similar tracking technologies on our websites and applications. Our practices include:

• Transparent disclosure of all cookies and tracking technologies used

• Classification of cookies by type and purpose

• Obtaining appropriate consent for non-essential cookies

• Providing mechanisms to modify cookie preferences

• Regular updates to our cookie inventory and practices

A detailed Cookie Policy is available as a supplement to this Privacy Policy.

Governance and Accountability

Data Protection Officer and Privacy Team

Logicbric has established a dedicated privacy function led by our Data Protection Officer (DPO). The DPO can be contacted at:

Email: accounts@logicbric.com
Address: 13th Floor, Eastface, Iscon Ambli Road, Ahmedabad, Gujarat, India 380058
Phone: +91-8469104073

The DPO and privacy team are responsible for overseeing data protection strategy and implementation to ensure compliance with applicable regulations

Employee Training and Awareness

We maintain a comprehensive data protection training program for all employees, contractors, and third parties who have access to personal data or protected health information. This program includes:

• Initial privacy and security training for new staff

• Regular refresher training for all personnel

• Role-specific training for employees handling sensitive data

• Awareness initiatives to maintain a culture of privacy and security

• Documentation of training completion and effectiveness

Vendor Management

We carefully select and manage our vendors and service providers to ensure they meet our data protection standards. Our vendor management program includes:

• Due diligence in vendor selection

• Data processing agreements with appropriate safeguards

• Regular assessments of vendor compliance

• Provisions for termination if data protection standards are not met

• Coordination with vendors for incident response and breach notification

Updates and Contact Information

Policy Updates

We review and update this Privacy Policy regularly to reflect changes in our practices, services, and legal requirements. Material changes will be communicated through appropriate channels, and previous versions will be archived for reference. The current version of this Privacy Policy was last updated on 28/03/2025

Contact Information and Complaints

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: accounts@logicbric.com
Address: 13th Floor, Eastface, Iscon Ambli Road, Ahmedabad, Gujarat, India 380058
Phone: +91-8469104073

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. EU residents may contact their local data protection authority, and U.S. residents may contact the Department of Health and Human Services Office for Civil Rights for HIPAA-related matters