PRIVACY POLICY — DurgapurShop.com

Effective Date: January 15, 2026
Website:

Operator: DurgapurShop (Authorized Representative: Avijit Singha)
Location: Durgapur, West Bengal, India

1. INTRODUCTION AND COMMITMENT TO PRIVACY

DurgapurShop is a multi-category digital and local commerce platform operating in Durgapur, West Bengal, India. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, process, use, store, share, and protect your data when you visit our website, make purchases, download digital products, subscribe to services, or engage with our platform in any manner.

This policy is designed to comply with the Information Technology Act, 2000 (as amended, including the IT Rules 2011), the Digital Personal Data Protection Act, 2023 (DPDP Act), and other applicable laws and regulations governing data protection in India. Whether you are purchasing physical grocery products, digital products (eBooks, PDF templates, tools), ordering through our local delivery network, subscribing to online courses, or accessing automation services, this policy governs how we handle your personal information.

We recognize that you are entrusting us with sensitive information, and we take this responsibility seriously. We aim to be transparent about our data practices and provide you with meaningful control over your personal information. By accessing and using DurgapurShop, you consent to the collection, processing, and use of your personal data as described in this policy.

2. TYPES OF DATA WE COLLECT

We collect various categories of personal and non-personal information to operate our platform effectively and deliver services to you. This section details each category of data we may collect, how it is obtained, and the purposes for which it is used.

2.1 Personal Information Provided Directly by You

When you register an account, place an order, or use our services, you provide us with personal information including:

Full Name: Required for account creation and order fulfillment.

Email Address: Used for account management, transactional communications, order updates, and promotional communications (if opted in).

Phone Number: Collected for contact purposes, order delivery coordination, customer support, and authentication.

Shipping Address and Billing Address: Essential for physical product delivery and invoicing purposes.

Payment Information: While we do not store complete payment card details on our servers, payment information (including card number, CVV, expiration date) is securely transmitted to PCI-DSS compliant payment gateways (Razorpay, Paytm, Stripe) for processing.

Account Credentials: Your username and encrypted password for account access and security.

GSTIN or Business Identifier: Collected when applicable for B2B orders or when you opt to sell through our platform.

Communication Preferences: Your choices regarding email marketing, SMS notifications, and other communications.

Profile Information: Biographical data, profile picture (optional), purchase history, wishlist, and saved items.

2.2 Information Related to Digital and Physical Products

When you purchase or use digital products (eBooks, templates, tools, courses), we collect:

Download and Access Records: Data indicating when you access or download digital content, frequency of access, and sections you view (for products supporting analytics).

License Information: Details about digital product licenses, activation codes, usage limitations, and restrictions as per your purchase agreement.

Device Information for Digital Products: The device type, operating system, browser, and application version from which you access digital content.

Performance and Usage Analytics: How you interact with digital products, time spent, features used, completion rates (for courses), and performance metrics.

For physical products, we collect:

Order Details: Product names, quantities, prices, delivery preferences, special instructions, and scheduling.

Delivery Feedback: Ratings, reviews, photos, and comments about products and delivery experience.

2.3 Device and Technical Information

When you visit our website or use our applications, we automatically collect technical and device-related information:

IP Address: Your device’s Internet Protocol address, used for security, fraud detection, location services, and analytics.

Device Type and Operating System: Information about your device (smartphone, tablet, desktop), manufacturer, and operating system version.

Browser Information: The browser you use, version, plugins, and technical specifications.

Cookies and Tracking Technologies: Data stored and retrieved through cookies, web beacons, pixels, and similar tracking mechanisms.

Location Data: Your approximate geographic location inferred from IP address or derived from GPS/location services if you grant permission.

Clickstream Data and Navigation Patterns: Information about the pages you visit, the order in which you visit them, the time spent on each page, links you click, and search queries.

Referral Source: Information about how you arrived at our website (referring website, search engine, advertisement, direct access).

Device Identifiers: Unique advertising IDs, mobile identifiers, or device fingerprints used for tracking and analytics.

2.4 Cookies and Similar Tracking Technologies

We use cookies and similar technologies to enhance your experience and gather insights. These include:

Session Cookies: Temporary cookies that exist only during your browser session and are automatically deleted when you close your browser.

Persistent Cookies: Cookies that remain on your device for a specified period and help us recognize you on return visits.

First-Party Cookies: Cookies set by DurgapurShop directly from our domain.

Third-Party Cookies: Cookies set by our partners, analytics providers, and advertising networks.

Web Beacons and Pixels: Transparent images or scripts embedded in web pages to track user behavior and conversions.

Local Storage and Session Storage: Data stored locally on your device for improved functionality and user experience.

2.5 Information from Third Parties

We may receive personal information about you from external sources, including:

Payment Service Providers: Confirmation of successful transactions, dispute information, and fraud alerts.

Logistics and Delivery Partners: Real-time tracking data, delivery confirmation, and customer feedback.

Analytics Platforms: Aggregated data about user behavior, traffic patterns, and performance metrics.

Marketing Partners: Lead information, audience data, and campaign performance metrics.

Social Media Platforms: If you link your social media accounts to our platform, we receive profile information, friends list, and activity data (only with your explicit consent).

Public Records and Business Databases: Information available in the public domain related to your business (if you operate as a vendor or affiliate).

2.6 Sensitive Personal Data

Under Indian law and the DPDP Act, certain categories of information are classified as “sensitive personal data.” We handle the following sensitive data with heightened security and care:

Financial Information: Bank account numbers, credit/debit card details (transmitted securely to payment processors, not stored with us), UPI handles, and transaction history.

Biometric Data: Fingerprint, facial recognition, or iris scan data (if used for authentication purposes).

Health and Medical Data: Health records, medical conditions, allergies, or prescriptions (if you purchase health-related products or services).

Genetic Data: Information related to genetic traits or family medical history.

Caste, Religion, and Political Affiliation: Information revealing your caste, religion, political beliefs, or affiliations (not collected directly but protected if disclosed).

Sexual Orientation or Gender Identity: Information about your sexual orientation, gender identity, or intersex status.

Official Identifiers: Passport numbers, Aadhaar numbers, PAN, driver’s license numbers, or other government-issued identification numbers.

We collect sensitive personal data only when strictly necessary and with explicit consent. Sensitive data is subject to additional security measures and restricted access controls.

2.7 Information About Children

We do not knowingly collect personal data from individuals under the age of 18. If any parent or guardian believes we have collected data from a child without parental consent, please contact us immediately at

privacy@durgapurshop.com

, and we will take appropriate action to delete such data.

3. PURPOSE OF DATA COLLECTION AND USE

We collect and process your personal data for the following specific, legitimate purposes:

3.1 Service Delivery and Transaction Processing

Fulfilling Orders: Processing, packing, and delivering physical products (groceries, household items) to your specified address.

Digital Product Delivery: Providing access to digital products, eBooks, templates, tools, courses, and automation services upon purchase.

Payment Processing: Authorizing and processing payments through secure third-party gateways.

Account Management: Creating and maintaining your user account, managing login credentials, and storing preferences.

Subscription Management: Managing recurring subscriptions, renewals, billing cycles, and access to subscription-based services.

Refund and Dispute Resolution: Processing refunds, handling chargebacks, and resolving transaction disputes.

3.2 Communication and Customer Support

Order Confirmation and Updates: Sending transactional emails and SMS confirming your order, providing tracking information, and notifying you of delivery or access details.

Customer Support: Responding to your inquiries, troubleshooting issues, and providing technical assistance.

Service Notifications: Informing you of important updates, system maintenance, policy changes, and service interruptions.

Feedback and Surveys: Requesting reviews, ratings, feedback on your purchase experience, product quality, and delivery service.

3.3 Marketing and Promotional Communications

Promotional Emails and SMS: Sending marketing communications, product recommendations, special offers, discounts, and promotional campaigns (only if you have opted in).

Personalized Product Recommendations: Analyzing your browsing and purchase history to suggest relevant products, services, and content.

Advertising and Retargeting: Showing targeted advertisements on our platform and third-party websites based on your interests and behavior.

Newsletter Subscriptions: Delivering curated newsletters with product updates, articles, tips, and exclusive offers.

You have the right to withdraw consent for marketing communications at any time by clicking the “Unsubscribe” link in our emails, adjusting your account settings, or contacting us directly.

3.4 Platform Improvement and Analytics

Website and Application Analytics: Analyzing user behavior, traffic patterns, engagement metrics, and performance indicators to improve our website, application, and services.

A/B Testing and Experimentation: Conducting tests to optimize user interface, user experience, checkout processes, and marketing strategies.

Trend Analysis: Identifying popular products, emerging market trends, and customer preferences to inform inventory and service decisions.

Quality Assurance: Monitoring site performance, identifying technical issues, debugging errors, and maintaining system reliability.

User Experience Improvement: Understanding how users navigate our platform, which features are most valuable, and how to enhance usability.

3.5 Fraud Detection and Security

Fraud Prevention: Detecting suspicious transactions, unauthorized access attempts, and fraudulent activities.

Identity Verification: Verifying your identity for account access, payment authorization, and legal compliance.

Security Monitoring: Monitoring for security threats, intrusions, malware, and other security vulnerabilities.

Breach Investigation: Investigating data breaches, unauthorized access, and security incidents.

Compliance with Law Enforcement: Responding to legal requests, court orders, and law enforcement inquiries.

3.6 Legal and Regulatory Compliance

Tax and Financial Compliance: Maintaining records for income tax reporting, GST compliance, and audit purposes as required by Indian law.

Consumer Protection: Complying with Consumer Protection Act, 2019, and related regulations.

Data Protection Compliance: Fulfilling obligations under the Information Technology Act, 2000, DPDP Act, and related rules.

Contract Fulfillment: Performing our contractual obligations to you and enforcing our terms of service.

Business Records: Maintaining records for accounting, billing, dispute resolution, and business operations.

3.7 Business and Service Development

Product Development: Using insights from your data to develop new products, services, features, and functionality.

Service Customization: Personalizing your experience based on your preferences, location, purchase history, and behavior.

Vendor and Affiliate Partnerships: Managing relationships with sellers, service providers, logistics partners, and affiliates.

Business Intelligence: Analyzing aggregated data to understand market dynamics, customer segments, and revenue opportunities.

4. LEGAL BASIS FOR DATA PROCESSING

Under the Digital Personal Data Protection Act, 2023, we process your personal data based on one or more of the following legal grounds:

4.1 Consent

Most of our data processing activities are based on your explicit consent. When you provide your personal data, register an account, or make a purchase, you consent to the collection and processing of your information for the purposes outlined in this policy. You have the right to withdraw your consent at any time by adjusting your account settings or contacting us.

4.2 Performance of Contract

We process your data to fulfill the contractual obligations we have with you. When you purchase a product or service, agree to our terms of service, or subscribe to a plan, we must process your personal data to complete the transaction, deliver the product, and provide the service.

4.3 Compliance with Legal Obligation

We process personal data when required to comply with applicable laws, court orders, legal regulations, and government directives. This includes tax reporting, data retention for audit purposes, and response to legal inquiries.

4.4 Legitimate Interests

We may process personal data based on our legitimate business interests, such as:

Protecting our platform and users from fraud and security threats.

Improving our services, website functionality, and user experience.

Conducting business operations and maintaining records.

Marketing our services (where lawful and aligned with DPDP requirements).

When processing data based on legitimate interests, we ensure that your privacy rights are not outweighed by our business interests, and we provide you with transparency and choice.

5. DATA STORAGE AND SECURITY

Protecting your personal data from unauthorized access, alteration, disclosure, and destruction is a fundamental priority for DurgapurShop. We implement comprehensive technical, organizational, and administrative safeguards.

5.1 Data Storage Location

Domestic Storage: All personal data collected from Indian users is primarily stored on secure servers located within India, in compliance with data localization requirements under Indian law.

Compliant Hosting: We use hosting services provided by reputable data center operators who comply with ISO 27001, ISO 27018, SOC 2 Type II certifications, and security best practices.

Redundancy and Backup: Data is backed up regularly to ensure recovery in case of system failure or disaster. Backup systems are also located in secure facilities.

5.2 Encryption and Data Transmission

SSL/TLS Encryption: All data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. You can verify this by the “https://” prefix and padlock icon in your browser.

End-to-End Encryption: For sensitive communications, we use end-to-end encryption to ensure only you and our authorized personnel can access the content.

Payment Data Encryption: Payment information is encrypted and transmitted directly to PCI-DSS compliant payment gateways. We do not store complete payment card details.

Database Encryption: Sensitive data stored in our databases is encrypted at rest using AES-256 encryption or equivalent standards.

5.3 Access Controls and Authentication

Role-Based Access Control (RBAC): Only authorized personnel with specific roles can access personal data. Access is granted on a need-to-know basis.

Multi-Factor Authentication (MFA): Our administrative systems and staff accounts are protected with multi-factor authentication (password + OTP/app-based).

Password Management: We implement strong password policies requiring complex passwords, regular changes, and secure storage using industry-standard hashing algorithms (bcrypt, Argon2).

Session Management: User sessions are managed securely with automatic logout after a period of inactivity.

Audit Logging: All access to personal data is logged with timestamps, user identifiers, and actions performed.

5.4 Data Minimization and Retention

Minimum Data Collection: We collect only the personal data necessary to provide our services. Unnecessary data is not collected.

Data Retention Period: We retain your personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law.

Specific Retention Periods:

Account Data: Retained for the duration of your account and up to 3 years after account deletion for legal, tax, and fraud investigation purposes.

Transaction Records: Retained for 7 years to comply with Indian tax regulations and GST requirements.

Email Communications: Marketing and promotional emails are retained for 2 years; transactional emails are retained for 5 years.

Analytics Data: Aggregated analytics data is retained for up to 2 years; individual user data is anonymized after 90 days.

Payment Information: Card details are not retained; transaction logs are retained per PCI-DSS and GST requirements (5-7 years).

Digital Product Download Logs: Retained for 2 years to manage licensing and prevent unauthorized sharing.

Support and Communication Records: Retained for 1 year after resolution of the issue.

Users can request early deletion of their data by contacting our privacy team, subject to legal obligations and contract requirements.

5.5 Data Security Measures

Firewalls: Advanced firewalls protect our network infrastructure from unauthorized intrusions.

Intrusion Detection Systems (IDS): Real-time monitoring systems detect and alert us to suspicious activities.

Vulnerability Scanning: Regular vulnerability assessments and penetration testing identify and remediate security weaknesses.

Malware Protection: Antivirus and anti-malware software protect our systems from malicious code.

Security Updates and Patches: We promptly apply security patches and updates to all systems and software.

Physical Security: Data centers and server facilities are protected by physical security measures including surveillance, access controls, and guards.

Employee Training: Our staff undergoes regular data protection and cybersecurity training to ensure secure handling of personal information.

5.6 Security Incidents and Breach Notification

Despite our security measures, no system is completely immune to security incidents. If a data breach occurs that affects your personal or sensitive information:

Notification: We will notify affected individuals within 72 hours of becoming aware of the breach via email, SMS, or website notification.

Breach Information: The notification will include details about the type of data affected, the potential impact, and recommended actions you should take.

Authority Notification: We will report the breach to the Indian Computer Emergency Response Team (CERT-In) and other relevant authorities as required by law.

Remediation: We will take immediate steps to contain the breach, investigate the cause, and implement measures to prevent recurrence.

Documentation: We maintain detailed records of all security incidents, investigations, and remediation actions.

6. COOKIES, WEB BEACONS, AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to enhance your experience, remember your preferences, analyze site performance, and deliver personalized content and advertising.

6.1 Types of Cookies We Use

Essential/Functional Cookies

Purpose: Enable core website functionality, remember your language and location preferences, maintain shopping cart items, and remember login information.

Duration: Session-based or up to 1 year.

Consent: These cookies are necessary for the website to function and do not require explicit consent, though we provide notice.

Examples: Session ID, login token, cart data, language preference.

Performance and Analytics Cookies

Purpose: Collect anonymous data about how visitors use our website, including which pages are visited most, traffic sources, user flow, and page load times.

Duration: Up to 2 years.

Provider: Google Analytics (GA4), Hotjar, Amplitude, Mixpanel.

Consent: Required. We obtain consent before placing these cookies.

Data Collected: Page views, session duration, bounce rate, conversion funnels, user segments, traffic sources, device information.

Personalization Cookies

Purpose: Remember your preferences, browsing history, saved items, and wishlist to provide a customized experience.

Duration: Up to 1 year.

Consent: Required.

Examples: Product recommendations, saved filters, theme preferences.

Marketing and Retargeting Cookies

Purpose: Track your interaction with our ads and website to serve targeted advertisements on our platform and third-party websites (remarketing).

Duration: Up to 2 years.

Providers: Facebook Pixel, Google Ads, Instagram Ads, Pinterest, LinkedIn.

Consent: Required. We obtain explicit consent before deploying these cookies.

Data Collected: Ad impressions, clicks, conversions, audience segments, engagement metrics.

Third-Party Tracking Pixels and Tags

Purpose: Track user behavior for analytics, conversion tracking, audience building, and campaign measurement.

Providers: Google Ads, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag.

Consent: Required for most third-party pixels.

6.2 Consent Management for Cookies

Cookie Banner: Upon your first visit, we display a cookie consent banner explaining our use of cookies and allowing you to accept or decline.

Granular Choices: You can accept all cookies, reject non-essential cookies, or customize your preferences for each category.

Consent Preferences: Your choices are saved and respected. You can update your preferences anytime by visiting your account settings or using our cookie management tool.

No Consent Bypass: We will not place non-essential cookies without your consent.

6.3 Managing Cookies Through Your Browser

You can control cookies through your web browser settings:

Disable Cookies: Most browsers allow you to disable all cookies or specific types of cookies.

Delete Cookies: You can manually delete cookies stored on your device.

Clear Browsing Data: You can clear your browser cache and cookies regularly.

Important Note: Disabling cookies may affect website functionality, including the ability to add items to your cart, remember your preferences, and proceed through checkout. Some features may not work properly without cookies.

6.4 Do Not Track (DNT) Signals

Some browsers include a “Do Not Track” (DNT) feature. Currently, we do not respond to DNT signals as there is no industry-wide standard. However, you can use your browser settings to manage cookie preferences.

6.5 Local Storage and Similar Technologies

In addition to cookies, we use local storage (HTML5 localStorage, sessionStorage) and similar technologies to store data on your device for improved performance and user experience. These function similarly to cookies but typically persist longer and store more data.

7. THIRD-PARTY SERVICES AND DATA SHARING

DurgapurShop partners with trusted third-party service providers to deliver our services. We share your personal data only when necessary and under strict contractual agreements that require these partners to maintain the same level of data protection as we do.

7.1 Categories of Third-Party Service Providers

Payment and Financial Services

Providers: Razorpay, PayU, Paytm, Stripe, Amazon Pay, Google Pay.

Data Shared: Name, email, phone, billing address, amount, transaction ID.

Purpose: Processing payments, payment gateway services, fraud detection, chargeback management.

Compliance: PCI-DSS compliant; we do not share complete card numbers with these providers. The payment gateway handles card data directly.

Logistics and Delivery Services

Providers: Shiprocket, IndiaPost, DTDC, Delhivery, Blue Dart, Ecom Express, local delivery partners.

Data Shared: Name, phone, delivery address, order details, product information, tracking requirements.

Purpose: Order fulfillment, package tracking, last-mile delivery, delivery coordination.

Compliance: Contractual data protection agreements; couriers maintain their own privacy policies.

Email and Communication Services

Providers: Mailchimp, Brevo (Sendinblue), Twilio, Amazon SES, Google Workspace.

Data Shared: Email address, name, communication preferences, order details.

Purpose: Transactional emails, promotional campaigns, support communications, notifications.

Compliance: Encrypted transmission; these services comply with data protection standards.

Analytics and Performance Monitoring

Providers: Google Analytics (GA4), Hotjar, Amplitude, Mixpanel, Segment, Datadog.

Data Shared: Anonymized usage data, clickstream information, device information, IP address (anonymized).

Purpose: Website analytics, performance monitoring, user behavior analysis, optimization.

Compliance: These services process data according to their privacy policies and contractual agreements.

Advertising and Marketing

Providers: Facebook Ads Manager, Google Ads, Instagram Ads, Pinterest, TikTok Ads, LinkedIn Ads.

Data Shared: Hashed email addresses, user ID (anonymous), conversion data, audience segments.

Purpose: Targeted advertising, campaign measurement, audience building, retargeting.

Compliance: Pixels and tracking codes are deployed with consent; we share anonymized data only.

Cloud Storage and Infrastructure

Providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure.

Data Shared: All personal data (encrypted and protected).

Purpose: Server hosting, database management, backup and disaster recovery.

Compliance: Enterprise-grade security, data processing agreements, encryption at rest and in transit.

Customer Support and Helpdesk

Providers: Zendesk, Freshdesk, Intercom, Drift.

Data Shared: Account information, support tickets, communication history, contact details.

Purpose: Customer support, ticket management, live chat support.

Compliance: Contractual data protection agreements; encrypted communication.

Affiliate and Referral Programs

Providers: Affiliate networks, referral tracking platforms.

Data Shared: Name, email (affiliate), transaction ID, commission details.

Purpose: Commission tracking, referral rewards, affiliate program management.

Compliance: Contractual agreements with affiliates.

Vendors and Service Providers

Providers: Local shops, product suppliers, course creators, tool developers, consultants.

Data Shared: Order details, delivery address, payment information (to payment gateways, not suppliers).

Purpose: Product sourcing, order fulfillment, service delivery.

Compliance: Contractual obligations regarding data handling.

7.2 Data Processing Agreements

We enter into Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf. These agreements:

Establish the processor’s obligations to protect data.

Restrict the processor’s use of data to the specified purposes.

Require the processor to implement appropriate security measures.

Mandate confidentiality and non-disclosure of personal data.

Allow for audits and compliance monitoring.

Ensure DPDP Act compliance and adherence to Indian data protection standards.

7.3 Data Sharing Restrictions

We Do NOT:

Sell or rent your personal data to third parties for their marketing purposes.

Share personal data with unrelated businesses or data brokers without your explicit consent.

Disclose sensitive personal data (financial, health, biometric) to third parties except as required by law or to process your request.

We Only Share Data When:

Necessary to provide the service you requested.

Required by law, court order, or government request.

You have given explicit consent.

Required to protect our rights, safety, or the safety of others.

As part of a business transfer or acquisition (with appropriate notification).

7.4 Third-Party Websites and Links

Our website may contain links to third-party websites, including payment providers, logistics partners, affiliate websites, and social media platforms. We are not responsible for the privacy practices of these external websites. We encourage you to review the privacy policies of any third-party website before providing your personal information.

8. YOUR RIGHTS AS A DATA PRINCIPAL UNDER INDIAN LAW

The Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, grant you specific rights over your personal data. DurgapurShop recognizes and respects all of these rights.

8.1 Right to Know

You have the right to know:

Whether we are processing your personal data.

What personal data we hold about you.

Why we are collecting and processing your data.

The purpose and legal basis of processing.

How long we will retain your data.

Whether we are sharing your data with third parties.

How to Exercise: Contact our Data Protection Officer at

dpo@durgapurshop.com

with the subject line “Right to Know Request.”

8.2 Right to Access

You have the right to request and receive a copy of all personal data we hold about you in a structured, commonly used, and machine-readable format (such as CSV or JSON).

Includes:

Account profile information.

Transaction history and order details.

Communication history.

Analytics data associated with your account.

Cookies and tracking data (where applicable).

How to Exercise: Send a written request to dpo@durgapurshop.com

with subject line “Data Access Request.” Include your name, email, phone, and account ID. We will provide the data within 30 days in a standard format.

Format Options: PDF, CSV, Excel, JSON, or other machine-readable format of your choice.

8.3 Right to Correction

If personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request correction or completion.

You Can Request Correction Of:

Name spelling or address errors.

Outdated contact information.

Incorrect purchase or transaction records.

Inaccurate account settings.

How to Exercise:

Log into your account and edit your profile directly.

Contact customer support at

support@durgapurshop.com

Submit a formal request to

dpo@durgapurshop.com

with details of the inaccuracy.

We will correct inaccurate data within 15-30 days of receiving your request.

8.4 Right to Erasure (Right to Be Forgotten)

You have the right to request deletion of your personal data in the following circumstances:

Automatic Grounds for Deletion:

When the personal data is no longer necessary for the purpose it was collected.

When you withdraw consent for processing (and there is no other legal basis).

When your account is terminated and no legal obligation requires retention.

After the applicable data retention period expires.

Exceptions (Data Will NOT Be Deleted):

When deletion would violate legal obligations (tax laws, GST records).

When data is needed to fulfill a contract you are party to.

When data relates to an ongoing legal dispute or compliance matter.

When deletion would impair our ability to detect and prevent fraud or security threats.

For up to 3 years after account deletion for fraud investigation and audit purposes (anonymized where possible).

How to Exercise: Contact

dpo@durgapurshop.com

with subject line “Data Deletion Request.” Specify which data you want deleted. We will provide a response within 30 days, explaining whether data will be deleted or retained with reasons.

8.5 Right to Data Portability

You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, machine-readable format.

Includes:

Account information, profile data, preferences.

Transaction history (with anonymization of payment details).

Communication history and feedback.

How to Exercise: Send a request to

dpo@durgapurshop.com

with subject line “Data Portability Request.” We will provide your data in the requested format (CSV, JSON, XML) within 30 days.

8.6 Right to Restrict Processing

You have the right to request that we restrict or limit the processing of your personal data in certain circumstances:

You Can Request Restrictions For:

Disputed data (while we investigate accuracy).

Processing that you believe is unlawful.

Processing that is no longer necessary but you request retention.

Withdrawal of consent (while processing for other purposes continues).

How to Exercise: Contact

dpo@durgapurshop.com

with subject line “Request to Restrict Processing.” During restriction, we will continue to store your data but not actively process it for most purposes.

8.7 Right to Withdraw Consent

If you have consented to the collection or processing of your personal data, you can withdraw that consent at any time.

Impact of Withdrawal:

We will stop processing your data based on that consent.

Withdrawal does not affect the lawfulness of past processing.

We may continue processing if there is another legal basis (contract, legal obligation, legitimate interests).

How to Exercise:

For Marketing Consent: Click “Unsubscribe” in emails or adjust your communication preferences in your account.

For General Consent: Send a withdrawal request to

dpo@durgapurshop.com

For Cookie Consent: Use our cookie consent manager to disable cookies.

Withdrawal will take effect within 7 days.

8.8 Right to Grievance Redressal

You have the right to lodge a complaint if you believe we have violated your data protection rights or failed to comply with applicable laws.

Step 1: Internal Grievance Redressal

Contact our Grievance Officer:

grievance@durgapurshop.com

Include: Your name, contact information, detailed description of the grievance, and supporting documentation.

Timeline: We will acknowledge your complaint within 5 days and provide a resolution within 30 days (extendable to 60 days if investigation is needed).

Step 2: Escalation to Data Protection Board of India (DPB)

If you are unsatisfied with our response, you can file a complaint with the Data Protection Board of India.

DPB Contact: Complaint Portal:

https://dpb.gov.in

(to be established)

Jurisdiction: The DPB has authority over data protection violations in India.

Process: Submit your complaint online with supporting documents and our response. The DPB will investigate and may issue orders for corrective action or penalties.

8.9 Right to Nominate

Under the DPDP Act, you have the right to nominate another person to exercise your data rights on your behalf in case of incapacity, death, or legal disability.

How to Exercise: Submit a written nomination with supporting documentation (power of attorney, guardianship order, etc.) to

dpo@durgapurshop.com

. The nominee will be able to access, correct, delete, or exercise other rights on your behalf.

9. DATA PROTECTION FOR CHILDREN

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children without parental or guardian consent.

9.1 Definition of a Child

Under Indian law and the DPDP Act, a “child” is defined as an individual below 18 years of age.

9.2 Data Collection from Children

If you are a parent or guardian and believe we have collected personal data from a child without your consent, please contact us immediately at

privacy@durgapurshop.com

. We will:

Verify the claim.

Immediately cease data collection from the child.

Delete the collected data within 30 days.

Provide confirmation of deletion.

9.3 Parental/Guardian Consent

For any processing of children’s data, we require verifiable parental or guardian consent. This means:

The parent/guardian must affirmatively agree in writing.

We must verify the relationship between the child and the consenting adult.

The consent must be specific to the purposes of processing.

Parents can withdraw consent at any time.

9.4 Restrictions on Children’s Data Processing

In compliance with the DPDP Act, we do NOT:

Process children’s personal data for targeted advertising or profiling.

Conduct behavioral tracking or monitoring of children’s activity.

Use children’s data for marketing or promotional purposes without explicit parental consent.

Collect biometric data from children.

9.5 Best Interests of the Child

Any processing of children’s data is done in the best interests of the child and in accordance with the DPDP Act. We implement stricter security measures and more limited retention periods for children’s data.

10. GRIEVANCE OFFICER AND DATA PROTECTION OFFICER

In compliance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, we have appointed dedicated officers to handle privacy-related grievances and oversee data protection compliance.

10.1 Grievance Officer

The Grievance Officer is responsible for addressing complaints related to violation of privacy, data handling, and service issues.

Details:

Name: [To be inserted – Your Grievance Officer’s Name]

Designation: Grievance Officer

Email:

grievance@durgapurshop.com

Phone: [To be inserted – Your Contact Number]

Office Address: [To be inserted – Your Full Business Address, Durgapur, West Bengal, PIN Code]

Response Timeline: We acknowledge all grievances within 5 working days and provide substantive response within 30-60 days depending on complexity.

How to Submit a Grievance:

Email:

grievance@durgapurshop.com

(Preferred)

Mail: Send a written letter to the office address above.

Phone: Call the grievance officer during business hours.

Required Information:

Your full name and contact information.

Account ID or email registered with us (if applicable).

Detailed description of the grievance.

Screenshots, emails, or supporting documentation.

Proposed resolution or relief sought.

10.2 Data Protection Officer (DPO)

Our Data Protection Officer (DPO) ensures compliance with the DPDP Act, manages data protection impact assessments, and oversees our data handling practices.

Details:

Email:

dpo@durgapurshop.com

Primary Responsibilities:

Overseeing compliance with DPDP Act and IT Act.

Conducting data protection impact assessments.

Monitoring third-party compliance.

Handling data access requests, correction requests, and deletion requests.

Advising on data protection best practices.

Preparing for Data Protection Board audits.

How to Contact the DPO:

Submit data-related requests (access, correction, deletion) to

dpo@durgapurshop.com

Include your full name, account identifier, and detailed request.

Expected response time: Within 30 days (extendable to 60 days with notification).

11. COMMUNICATIONS, EMAILS, AND MARKETING PREFERENCES

DurgapurShop may contact you via email, SMS, phone calls, push notifications, or in-app messages for transactional, service-related, or promotional purposes.

11.1 Types of Communications

Transactional and Service Emails

Order confirmation, payment receipt, invoice.

Shipping notification and tracking updates.

Delivery confirmation and delivery feedback request.

Account creation confirmation and password reset.

Account security alerts and suspicious activity notifications.

Policy changes, terms of service updates, legal notices.

These emails are essential and will be sent regardless of your marketing preferences.

Promotional Emails and SMS

Product recommendations and new product announcements.

Special offers, discounts, and flash sales.

Newsletter with tips, articles, and curated content.

Seasonal promotions and festive offers.

Feedback surveys and customer satisfaction questionnaires.

You can opt in or out of promotional communications at any time.

11.2 Opting In and Out

Default Settings: By default, when you create an account or make a purchase, you are opted into transactional emails (required) but can choose your preference for promotional communications.

How to Manage Preferences:

Email Preferences:

Click the “Unsubscribe” link at the bottom of any promotional email.

Log into your account and adjust email preferences in “Settings > Communication Preferences.”

Send an email to

support@durgapurshop.com

with “Unsubscribe Request” in the subject line.

SMS and Push Notification Preferences:

Adjust settings in your account profile under “Communication Preferences.”

Reply with “STOP” to any promotional SMS to opt out.

Disable push notifications in your device settings or our app settings.

Phone Call Preferences:

Contact us at

support@durgapurshop.com

to opt out of phone calls.

Mention your preference for email communication only.

11.3 Newsletter Subscription

Our newsletter provides curated content, product updates, tips, and exclusive offers. You can:

Subscribe: Check the “Subscribe to Newsletter” box during account creation or in your account settings.

Unsubscribe: Click the unsubscribe link in any newsletter or adjust your preferences in your account.

We respect your choice and will not send marketing emails after you unsubscribe, though you may receive transactional emails.

11.4 Transactional vs. Promotional Communications

Important: Even if you opt out of promotional communications, we will continue to send you:

Order confirmations and receipts.

Shipping and delivery updates.

Payment receipts and invoices.

Account security alerts.

Required legal and policy notices.

Support responses to your inquiries.

These are essential communications required to provide our services and comply with law.

11.5 Frequency and Consent

We ensure that our communications are relevant, not excessive, and always based on your consent. If you feel we are sending too many emails, you can:

Adjust the frequency in your communication preferences.

Unsubscribe from specific types of promotional content.

Contact

support@durgapurshop.com

to request reduced communication.

12. DIGITAL PRODUCTS AND INTELLECTUAL PROPERTY

DurgapurShop offers digital products including eBooks, PDF templates, tools, courses, scripts, and automation services. This section clarifies data collection, licensing, and intellectual property related to digital products.

12.1 Data Collection from Digital Product Users

When you purchase and download or access digital products, we may collect:

Download and Access Records: When you access, download, or view digital content; frequency of access; sections or modules completed.

License Information: The license type (personal, business, team), activation details, usage restrictions, and license validity period.

Device and Browser Information: The device type, operating system, browser, and geographic location from which you access the digital product.

Usage Analytics: How you interact with the digital product, time spent on specific sections, progress in courses, feature usage, and performance metrics.

Feedback and Ratings: Your reviews, ratings, comments, and feedback on the digital product.

This data is collected to:

Verify license validity and prevent unauthorized sharing.

Improve digital product quality and user experience.

Provide customer support and troubleshooting.

Analyze product performance and user engagement.

Detect and prevent license violations or piracy.

12.2 Digital Product Licensing Terms

When you purchase a digital product, you are licensed to use it subject to the following terms:

Personal Use License:

Grant: You are granted a non-exclusive, non-transferable license to use the digital product for your personal, non-commercial use.

Restrictions: You may not:

Share, distribute, or resell the digital product.

Modify, adapt, or create derivative works.

Reverse engineer, decompile, or disassemble (for software products).

Use the product for commercial purposes without express authorization.

Remove or obscure any copyright, trademark, or proprietary notices.

Business/Commercial License:

Available for a higher fee and permits commercial use within specified limits.

Terms vary based on product type; specific terms will be provided at purchase.

Team/Multiple User License:

Permits use by multiple users within a single organization.

Each user must have a valid license; sharing a single license among multiple users violates the license agreement.

12.3 Intellectual Property Rights

Our Ownership:

All digital products, content, code, templates, designs, and materials are owned by DurgapurShop or the original creator.

Copyright, trademarks, patents, and other intellectual property rights are retained by DurgapurShop unless otherwise stated.

Your Usage Rights:

You own your personal customizations and creations based on our templates or products.

You may use the digital product for purposes permitted under the license.

Commercial use rights depend on the license type purchased.

Attribution:

Some digital products may require attribution to the original creator or DurgapurShop. Specific attribution requirements are noted in the product documentation.

12.4 Digital Product Refunds and Returns

Refund Policy for Digital Products:

Unlike physical products, digital products generally cannot be returned or refunded because they are delivered immediately and can be accessed multiple times.

Exceptions (Refund Eligible):

The digital product is defective, corrupted, or fails to function as described.

You purchased the product by mistake and request a refund within 24 hours of purchase.

The product is not accessible due to a technical issue on our side.

Non-Refundable:

Purchases due to change of mind or personal preference.

Products accessed, downloaded, or substantially used.

Products purchased at discounted or promotional rates.

Refund Process:

Contact

support@durgapurshop.com

within 24-48 hours of purchase.

Provide proof of purchase and specific issue.

Our team will review and approve or decline the refund request.

Approved refunds are processed within 5-7 business days.

12.5 Anti-Piracy and License Enforcement

We actively protect our digital products from unauthorized sharing and piracy:

Monitoring: We monitor download and access patterns to detect unusual usage or license violations.

Access Control: Digital products may require license verification or authentication before access.

DRM Technology: Some digital products may use Digital Rights Management (DRM) technology to prevent unauthorized copying or sharing.

Legal Action: Unauthorized sharing, distribution, or piracy is a violation of intellectual property rights and may result in legal action, including cease-and-desist notices and damages claims.

13. BUSINESS TRANSFERS AND ACQUISITION

If DurgapurShop or its assets are transferred, sold, merged with another entity, acquired by an investor, or the business is discontinued, your personal data may be transferred as part of the business assets. This is necessary to ensure continuity of services.

13.1 Notification of Transfer

In the event of a business transfer:

Prior Notification: We will notify you via email and/or a prominent notice on our website at least 30 days before the transfer is completed.

Information Provided: The notification will include details about the acquiring entity, their data protection practices, and any changes to our privacy policy.

13.2 Successor Entity Obligations

The successor entity acquiring our business will be bound by:

This Privacy Policy: Unless they issue a new privacy policy that maintains equivalent or stronger protections.

DPDP Act Compliance: They must comply with all applicable data protection laws.

Legal Obligations: They must honor existing user rights and contractual obligations.

13.3 Your Rights During Transfer

You have the right to:

Opt Out: Request deletion of your data before the transfer (subject to legal obligations).

Transfer to Competitor: Request data portability to transfer your data to another service provider.

Withdraw Consent: Withdraw consent for processing before the transfer.

If you do not consent to the transfer, your data will not be transferred unless legally required.

14. UPDATES AND CHANGES TO THIS PRIVACY POLICY

DurgapurShop may update this Privacy Policy periodically to reflect:

Changes in applicable laws and regulations (e.g., DPDP Act amendments, new RBI guidelines).

Updates to our data handling practices and security measures.

Introduction of new services or business models.

Feedback from users and regulators.

Industry best practices and technology changes.

14.1 Notification of Changes

When we make material changes to this Privacy Policy:

Website Notice: We will display a prominent notice on our homepage and Privacy Policy page.

Email Notification: For significant changes affecting your rights, we will send an email notification to your registered email address.

Effective Date: We will clearly indicate the effective date of the updated policy.

14.2 Your Consent to Changes

By continuing to use DurgapurShop after we post updates to the Privacy Policy, you consent to the changes. If you do not agree with the updated policy, you may:

Request deletion of your account and personal data.

Cease using our services.

We encourage you to review this Privacy Policy periodically to stay informed of how we protect your information.

14.3 Archive of Previous Policies

We maintain an archive of previous Privacy Policy versions. If you want to review how our policy has evolved, please contact

dpo@durgapurshop.com

15. LEGAL COMPLIANCE AND GOVERNING LAW

This Privacy Policy and our data handling practices are governed by Indian law and comply with all applicable regulations.

15.1 Applicable Laws

DurgapurShop complies with the following laws and regulations:

Information Technology Act, 2000:

Section 43A: Compensation for failure to protect sensitive personal data.

Section 72: Punishment for breach of confidentiality.

Section 72A: Punishment for disclosure of information in breach of lawful contract.

IT Rules 2011: Reasonable security practices and procedures for sensitive personal data.

Digital Personal Data Protection Act, 2023:

Data Principal rights (access, correction, deletion, grievance).

Data Fiduciary obligations (consent, transparency, security, breach notification).

Significant Data Fiduciary responsibilities (DPO appointment, data audits, impact assessments).

Data Protection Board enforcement and penalties.

Consumer Protection Act, 2019:

Consumer rights protection.

E-commerce transaction safeguards.

Right to fair trade practices.

Indian Contract Act, 1872:

Formation and enforcement of contracts and agreements.

Consent and consideration.

Indian Penal Code, 1860:

Sections 379-405: Theft and criminal breach of trust.

Section 405: Dishonest misappropriation of property.

Guidelines by CERT-In (Indian Computer Emergency Response Team):

Data protection and cybersecurity incident reporting.

E-commerce (Amendment) Rules, 2020:

Consumer Protection (E-Commerce) Rules regarding data and privacy.

Telecom Regulatory Authority of India (TRAI) Regulations:

Regulation of unsolicited commercial communications (SMS, email, phone).

15.2 Jurisdiction and Venue

Jurisdiction: This Privacy Policy is governed by the laws of the Republic of India.

Venue: Any legal disputes arising from this Privacy Policy or our data handling practices shall be subject to the exclusive jurisdiction of the courts of Durgapur, West Bengal, India.

Non-Exclusive for Regulatory Matters: Regulatory matters, including complaints to the Data Protection Board of India, may be pursued in appropriate jurisdictions as specified by the DPDP Act.

15.3 Regulatory Changes and Future Amendments

Our data handling practices will be reviewed and updated in accordance with:

Amendments to the DPDP Act and subsequent rules.

Guidelines issued by the Data Protection Board of India.

Clarifications and notifications from the Government of India (Ministry of Electronics and Information Technology).

Industry standards and best practices as they evolve.

16. CONSENT

By using DurgapurShop, accessing our website, creating an account, making a purchase, downloading digital products, or providing your personal information, you explicitly consent to:

16.1 Data Collection and Processing

The collection, use, processing, storage, and sharing of your personal data as described in this Privacy Policy.

The use of cookies, web beacons, tracking pixels, and similar technologies for analytics, personalization, and advertising.

The transfer of your data to third-party service providers (payment gateways, logistics partners, analytics platforms) as necessary to provide our services.

16.2 Communications

Receiving transactional and service-related emails and SMS from DurgapurShop (order confirmations, shipping updates, support responses).

Receiving promotional emails, SMS, push notifications, and marketing communications (unless you opt out).

DurgapurShop or third-party service providers contacting you via email, phone, SMS, or app notifications for customer support, feedback, surveys, or dispute resolution.

16.3 Cookies and Tracking

The placement of cookies, local storage, and tracking technologies on your device.

The use of analytics data (Google Analytics, Hotjar, Mixpanel) to improve our services.

The use of marketing pixels (Facebook, Google, Instagram) for targeted advertising and retargeting.

16.4 Data Sharing

The sharing of your personal data with third-party service providers, payment processors, logistics partners, and marketing partners.

The use of your data by third parties in accordance with their privacy policies.

16.5 Withdrawal of Consent

You can withdraw your consent at any time by:

Adjusting your account settings and communication preferences.

Clicking “Unsubscribe” in marketing emails.

Contacting us at

privacy@durgapurshop.com

dpo@durgapurshop.com

Disabling cookies through your browser settings.

Withdrawal of consent will not affect the lawfulness of processing that occurred before the withdrawal.

17. CONTACT INFORMATION AND SUPPORT

For questions, concerns, or requests related to your privacy and personal data, please contact us:

17.1 General Privacy Inquiries

Email: privacy@durgapurshop.com

Website: https://durgapurshop.com

Address: [Insert Your Complete Business Address, Durgapur, West Bengal, PIN Code]

17.2 Data Protection Officer (DPO)

For formal data-related requests (access, correction, deletion, portability):

Email:

dpo@durgapurshop.com

Subject Line Examples:

“Data Access Request”

“Data Correction Request”

“Data Deletion Request”

“Data Portability Request”

Response Time: Within 30 days (extendable to 60 days with notification).

17.3 Grievance Officer

For privacy complaints and grievance redressal:

Email: grievance@durgapurshop.com

Phone: +91-8768205542
Office Address: Durgapur, West Bengal, India

How to File a Grievance:

Email the Grievance Officer with your complaint.

Include your name, contact information, account ID, and detailed description of the issue.

Attach supporting documentation (screenshots, emails, transaction receipts).

Expected acknowledgment within 5 days; resolution within 30-60 days.

17.4 Customer Support

For general inquiries, technical issues, order-related questions:

Email: support@durgapurshop.com

Phone: [Insert Customer Support Number]
Hours: [Insert Business Hours]

17.5 Escalation to Data Protection Board of India (DPB)

If you are unsatisfied with our grievance redressal, you can file a complaint with the Data Protection Board of India:

Complaint Portal:

https://dpb.gov.in

(to be launched)
Process: Submit your complaint online, including our response and supporting documents.
Timeline: DPB will conduct an inquiry within 6 months (extendable by 3 months).

18. ACKNOWLEDGMENT AND AGREEMENT

By using DurgapurShop, you acknowledge that:

You have read this Privacy Policy and understand our data handling practices.

You consent to the collection, use, processing, and sharing of your personal data as described.

You understand your rights as a Data Principal under the DPDP Act and IT Act.

You agree to provide accurate and truthful information.

You understand that disabling cookies may affect website functionality.

You are responsible for keeping your account credentials confidential.

You will not share your account with others or use another person’s account.

You will not impersonate others or provide false information.

You will comply with our Terms of Service and all applicable laws.

19. MISCELLANEOUS PROVISIONS

19.1 Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions will continue in full effect. The invalid provision will be modified to the minimum extent necessary to make it valid.

19.2 Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and DurgapurShop regarding privacy and data protection. Previous agreements, understandings, or representations are superseded.

19.3 No Waiver

The failure of DurgapurShop to enforce any provision of this Privacy Policy does not constitute a waiver of that provision or the right to enforce it.

19.4 Interpretation

Headings are for reference only and do not affect interpretation.

“Include” or “includes” mean “including without limitation.”

“We,” “us,” “our” refer to DurgapurShop.

“You,” “your” refer to the user or data subject.

19.5 Force Majeure

DurgapurShop is not liable for delays or failures in performance due to causes beyond our control (natural disasters, war, pandemics, government actions).

20. FINAL NOTICE AND EFFECTIVE DATE

This Privacy Policy is effective as of January 15, 2026, and will remain in effect unless and until amended by DurgapurShop.

Last Updated: January 15, 2026

By continuing to use DurgapurShop.com after the effective date, you accept this Privacy Policy in its entirety.

For Questions or Feedback: Contact

privacy@durgapurshop.com

Thank you for trusting DurgapurShop with your personal information. Your privacy is our priority.

This Privacy Policy is a living document and will be updated to reflect changes in law, technology, and best practices. We encourage you to review it periodically.