Privacy Policy - Game Developer Association of India

Game Developer Association of India (GDAI) — gdai.in

Last Updated: 4th June 2026

This Privacy Policy explains how the Game Developer Association of India (“GDAI”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal data when you visit gdai.in (the “Website”), apply for membership, register for our events and programmes, subscribe to our communications, or otherwise interact with us.

GDAI is a not-for-profit industry body for India’s game development ecosystem. For the purposes of India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the DPDP Rules, 2025, GDAI acts as a Data Fiduciary in respect of the personal data it processes through this Website.

This Policy is designed to comply with the DPDP Act and, where applicable to international visitors, aligns with the principles of the EU General Data Protection Regulation (GDPR). By using the Website, you confirm that you have read and understood this Policy.

1. Scope

This Policy applies to personal data collected through the Website and our associated forms, mailing lists, and communications. Some GDAI programmes and platforms (for example, event registration portals, the Game Connect / Indie Connect platform, or third-party ticketing services) operate under their own separate privacy notices. Where that is the case, the notice provided on that specific platform governs the data you submit there.

2. The Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Identity and contact data — name, email address, phone number, postal address, country, and (where relevant) your gender or demographic details that you choose to share.
Professional data — your organisation or studio name, job title, role, professional links (e.g. portfolio, LinkedIn), and areas of interest within the games industry.
Membership data — information you provide when applying for or holding GDAI membership, including studio size, type of membership, and supporting details.
Event and programme data — details you provide when registering interest in our conferences, initiatives, or programmes (for example IGDC, Game Connect, Women in Games, Indie Connect, or Tapovan).
Communications data — newsletter subscriptions, enquiries, feedback, and any messages you send us through contact or enquiry forms.
Technical and usage data — IP address, browser type, device information, pages visited, and similar information collected automatically through cookies and analytics tools.

3. How We Collect Your Data

We collect personal data in the following ways:

Directly from you — when you fill in a form, apply for membership, register interest in an event, subscribe to updates, or contact us.
Automatically — through cookies, analytics, and server logs when you browse the Website.
From partners — where you have engaged with a GDAI partner, event co-organiser, or sponsor who shares your details with your consent.

4. Why We Use Your Data and Our Lawful Basis

We process your personal data on the basis of your consent and, where applicable, for legitimate uses permitted under the DPDP Act. We use your data to:

Process and manage membership applications and member relationships.
Communicate with you about our events, initiatives, programmes, and industry updates.
Send you newsletters and announcements you have subscribed to.
Respond to your enquiries, requests, and feedback.
Facilitate your participation in GDAI events and programmes.
Support our policy advocacy and industry research work (using aggregated or anonymised data wherever possible).
Improve the Website, our services, and the visitor experience.
Comply with applicable laws and respond to lawful requests from authorities.

Where we rely on your consent, you may withdraw it at any time (see Section 9). Withdrawal will not affect any processing carried out before withdrawal.

5. Sharing and Disclosure

GDAI does not sell your personal data. We may share your data only in the following circumstances:

Service providers — with trusted third parties who provide services on our behalf (for example, email, hosting, analytics, event management, and payment processing), under appropriate confidentiality and data-protection obligations.
Event partners and sponsors — where you register for a specific event or programme, and only with your consent or as clearly stated at the point of registration.
Government and industry bodies — in connection with our policy advocacy work, using aggregated or anonymised information wherever possible; we will not disclose identifiable personal data for this purpose without your consent.
Legal requirements — where required by law, regulation, court order, or to protect the rights, safety, and property of GDAI, our members, or others.

6. Cookies and Analytics

The Website uses cookies and similar technologies to help it function, to remember your preferences, and to understand how visitors use the site. Analytics tools may collect aggregated usage information. You can control or disable cookies through your browser settings, though some features of the Website may not work as intended if you do so. Where required, we will request your consent through a cookie banner before placing non-essential cookies.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to maintain our member and event records, and to comply with legal obligations. When data is no longer required, we will erase it or anonymise it in line with the DPDP Act. If you withdraw consent or request erasure, we will delete your data within [30] days, except where retention is required by law.

8. Data Security and Breach Notification

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or alteration. In the event of a personal data breach, we will notify the Data Protection Board of India and affected individuals in accordance with Section 8(6) of the DPDP Act and the DPDP Rules, 2025, and take prompt steps to mitigate any harm.

9. Your Rights

Under the DPDP Act, you have the right to:

Access — obtain a summary of the personal data we hold about you and how we process it.
Correction and completion — have inaccurate data corrected and incomplete data completed.
Erasure — request deletion of your data where it is no longer needed and retention is not legally required.
Withdraw consent — withdraw your consent to processing at any time, as easily as you gave it.
Grievance redressal — raise a complaint with us, and escalate to the Data Protection Board of India if you are not satisfied.
Nominate — appoint another person to exercise your rights on your behalf in the event of death or incapacity.

To exercise any of these rights, contact our Grievance Officer using the details in Section 13. We will respond within [30] days.

10. Children’s Data

The Website is not directed at children. We do not knowingly collect personal data of any individual under the age of 18 without the verifiable consent of a parent or lawful guardian, as required under the DPDP Act. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has provided us personal data, please contact us so we can take appropriate action.

11. Cross-Border Transfers

Some of our service providers may store or process data outside India. Where this occurs, we transfer data only to countries or territories not restricted by the Central Government of India under Section 16 of the DPDP Act, and we ensure adequate safeguards are in place, consistent with the DPDP Act and, where applicable, the GDPR.

12. Third-Party Links

The Website may contain links to third-party websites, platforms, sponsors, and partners (for example event ticketing pages, social media channels, and partner sites). This Policy does not apply to those services. We encourage you to review the privacy policy of any third party before sharing your personal data with them.

13. Grievance Officer and Contact

In accordance with the DPDP Act, GDAI has appointed a Grievance Officer to address concerns regarding the processing of your personal data:

Name: Machaiah Kalengada

Designation: Director- Programs

Organisation: Game Developer Association of India (GDAI)

Email: compliance@gdai.in

Address: Survey No. 9, Watermark Technopark, Plot No. 11, 11th Floor, Kondapur, Whitefields, Telangana 500084

The Grievance Officer will acknowledge your grievance and respond within [30] days. If you are not satisfied with the resolution, you may file a complaint with the Data Protection Board of India under Section 18 of the DPDP Act.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through the Website. The “Last Updated” date above reflects the most recent revision. Your continued use of the Website after changes take effect constitutes acceptance of the updated Policy.

15. Governing Law

This Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000 (to the extent applicable). Disputes are subject to the exclusive jurisdiction of the courts at [City], India.