Privacy Policy
Introduction and Overview
Company Information and Purpose of Policy
Logicbric (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data and protected health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our services, website, and applications. As an IT service provider developing applications for diverse clients, we recognize our obligations under various data protection regulations, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
This Privacy Policy aims to provide transparent information about our data practices and to inform you of your rights regarding your personal information. We serve as both a data controller for information collected directly from individuals and as a data processor when handling data on behalf of our clients.
Applicability and Scope
This Privacy Policy applies to:
All personal data and protected health information processed by our company
All services, websites, and applications developed and maintained by us
All employees, contractors, and third parties who have access to personal data and protected health information through our company
All clients for whom we develop applications or provide services
Data Collection and Processing
Types of Data Collected
We collect and process various categories of personal data depending on the services provided and the relationship with the data subject. This may include:
Contact information (name, email address, phone number, physical address)
Account credentials and authentication data
Professional information (job title, employer, professional qualifications)
Technical data (IP address, device information, browsing history, cookies)
Transaction and billing information
Special categories of personal data when relevant (including health information when operating as a HIPAA Business Associate)
Protected Health Information (PHI) when providing services to HIPAA Covered Entities
Methods of Collection
We collect personal data through various channels, including:
Direct submission through our website, applications, or other digital platforms
Communication through email, phone, or other correspondence
Automated collection through cookies, server logs, and similar technologies
Data transfers from our clients for processing purposes
Third-party sources where permitted by law and with appropriate disclosures
Legal Basis for Processing
Under GDPR, we process personal data based on one or more of the following legal grounds:
Explicit consent provided by the data subject
Necessity for the performance of a contract
Compliance with legal obligations
Protection of vital interests
Performance of tasks carried out in the public interest
Legitimate interests pursued by our company or a third party
For processing of health data under HIPAA, we operate as a Business Associate and process protected health information according to Business Associate Agreements with Covered Entities.
Data Use and Disclosure
Purposes of Data Processing
We process personal data and protected health information for specific, explicit, and legitimate purposes, including:
Providing and maintaining our services and applications
Managing client accounts and fulfilling contractual obligations
Improving and customizing our services and user experience
Communicating with users and clients about our services
Processing transactions and billing
Complying with legal and regulatory obligations
Protecting our legitimate business interests and legal rights
Data Sharing and Recipients
We may share personal data with the following categories of recipients:
Service providers and subcontractors who assist in delivering our services
Affiliated companies within our corporate structure
Clients for whom we process data as a service provider
Legal and regulatory authorities when required by law
Business partners with proper data protection agreements in place
Potential buyers in the event of a merger, acquisition, or business transfer
For protected health information under HIPAA, we only disclose information to authorized parties as permitted by our Business Associate Agreements and applicable laws.
International Data Transfers
When transferring personal data outside the European Economic Area (EEA) or to countries without adequate data protection laws, we implement appropriate safeguards such as:
Standard Contractual Clauses approved by the European Commission
Binding Corporate Rules for intra-group transfers
Certification under recognized frameworks such as the EU-U.S. Data Privacy Framework
Explicit consent for specific transfers where appropriate
Data Security and Retention
Security Measures
We implement robust technical and organizational measures to protect personal data and protected health information from unauthorized access, disclosure, alteration, or destruction. These measures include:
Encryption of sensitive data both in transit and at rest
Access controls and authentication mechanisms
Regular security assessments and vulnerability testing
Staff training on data protection and security
Physical security measures for our facilities
Incident response procedures and data breach notification protocols
Data Retention Policies
We retain personal data and protected health information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Our retention periods are determined based on:
Legal and regulatory requirements
Contractual obligations with clients
Business needs and legitimate interests
The nature and sensitivity of the data
Potential risks associated with continued retention
After the applicable retention period expires, we securely delete or anonymize the data according to our data deletion procedures.
Individual Rights and Choices
GDPR Data Subject Rights
Under the GDPR, individuals have the following rights regarding their personal data:
Right to access their personal data
Right to rectification of inaccurate or incomplete data
Right to erasure (“right to be forgotten”)
Right to restriction of processing
Right to data portability
Right to object to processing
Rights related to automated decision-making and profiling
Right to withdraw consent at any time
We provide mechanisms for individuals to exercise these rights and respond to requests within 30 days as required by the GDPR.
HIPAA Individual Rights
For protected health information subject to HIPAA, individuals have the following rights:
Right to access their health information
Right to request amendments to their health information
Right to an accounting of disclosures
Right to request restrictions on certain uses and disclosures
Right to request confidential communications
Right to receive notice of privacy practices
We facilitate these rights in coordination with the Covered Entities we serve as a Business Associate.
Consent Management
We provide clear mechanisms for individuals to give, withdraw, or modify their consent for data processing activities that require consent. This includes:
Transparent consent forms with clear language
Granular options for different types of processing activities
Easy-to-use consent withdrawal mechanisms
Records of consent to demonstrate compliance
Compliance Frameworks
GDPR Compliance
As an organization processing personal data of EU residents, we comply with GDPR requirements by:
Implementing privacy by design and default principles
Conducting data protection impact assessments for high-risk processing
Maintaining records of processing activities
Appointing a Data Protection Officer where required
Implementing data breach notification procedures
Ensuring proper data protection agreements with processors and controllers
Training staff on GDPR requirements and compliance
HIPAA Compliance
When operating as a Business Associate under HIPAA, we comply with requirements by:
Implementing physical, technical, and administrative safeguards for PHI
Executing Business Associate Agreements with Covered Entities
Limiting use and disclosure of PHI to the minimum necessary
Providing breach notification for unsecured PHI
Maintaining policies and procedures for HIPAA compliance
Training workforce members on HIPAA requirements
Conducting regular risk assessments
Special Considerations
Children’s Privacy
We recognize the special protections required for personal data of children under applicable laws. We do not knowingly collect personal data from children under 13 (or the applicable age threshold in different jurisdictions) without verifiable parental consent. Our specific practices regarding children’s data include:
Age verification mechanisms where appropriate
Parental consent procedures for collection of children’s data
Special protection measures for children’s data
Respect for parental rights to review, delete, and limit collection of children’s data
Cookie Policy and Tracking Technologies
We use cookies and similar tracking technologies on our websites and applications. Our practices include:
Transparent disclosure of all cookies and tracking technologies used
Classification of cookies by type and purpose
Obtaining appropriate consent for non-essential cookies
Providing mechanisms to modify cookie preferences
Regular updates to our cookie inventory and practices
A detailed Cookie Policy is available as a supplement to this Privacy Policy.
Governance and Accountability
Data Protection Officer and Privacy Team
Logicbric has established a dedicated privacy function led by our Data Protection Officer (DPO). The DPO can be contacted at:
Email: accounts@logicbric.com
Address: 13th Floor, Eastface, Iscon Ambli Road, Ahmedabad, Gujarat, India 380058
Phone: +91-8469104073
The DPO and privacy team are responsible for overseeing data protection strategy and implementation to ensure compliance with applicable regulations
Employee Training and Awareness
We maintain a comprehensive data protection training program for all employees, contractors, and third parties who have access to personal data or protected health information. This program includes:
Initial privacy and security training for new staff
Regular refresher training for all personnel
Role-specific training for employees handling sensitive data
Awareness initiatives to maintain a culture of privacy and security
Documentation of training completion and effectiveness
Vendor Management
We carefully select and manage our vendors and service providers to ensure they meet our data protection standards. Our vendor management program includes:
Due diligence in vendor selection
Data processing agreements with appropriate safeguards
Regular assessments of vendor compliance
Provisions for termination if data protection standards are not met
Coordination with vendors for incident response and breach notification
Updates and Contact Information
Policy Updates
We review and update this Privacy Policy regularly to reflect changes in our practices, services, and legal requirements. Material changes will be communicated through appropriate channels, and previous versions will be archived for reference. The current version of this Privacy Policy was last updated on 28/03/2025
Contact Information and Complaints
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: accounts@logicbric.com
Address: 13th Floor, Eastface, Iscon Ambli Road, Ahmedabad, Gujarat, India 380058
Phone: +91-8469104073
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. EU residents may contact their local data protection authority, and U.S. residents may contact the Department of Health and Human Services Office for Civil Rights for HIPAA-related matters