1. Introduction
- Statement of purpose: who you are (Ishm Bansal & Associates), what the policy covers, and the scope of application.
- Reference to website URL and related services (e.g., consultations, portfolio viewing).
2. Applicable Laws
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011
- Mention GDPR/CCPA only if you serve users outside India.
3. Types of Data Collected
- Personal Data: Name, email, phone, address, demographic info.
- Sensitive Personal Data: Financial info (e.g., payment), architectural drawings (if submitted), client preferences.
- Technical Data: IP address, device/browser type, cookies.
4. Collection Methods
- Directly via forms, project briefs, and appointment bookings.
- Automatically via cookies and analytics.
- From third‑party referrals, social media integrations.
5. Purpose of Data Collection
- Project delivery (design briefs), communications, and client management.
- Marketing: newsletters, galleries.
- Legal & payment compliance.
- Analytics for site performance.
6. Consent & Legal Basis
- Client consent via a checkbox upon form submission.
- Legitimate interests: site operation, service delivery.
- Compliance with law/court orders.
7. Data Sharing
- Third-party service providers (e.g., payment gateways like Razorpay, Google Analytics, email tools).
- Disclosure to authorities if warranted by law.
8. Data Retention
- Retained during active projects and for a period (e.g., 3–5 years) per Income Tax Act record retention norms.
9. Data Security
- Use of TLS/SSL encryption, secure hosting.
- Reasonable measures per IT Rules, 2011
10. Cookies & Tracking
- Details on types of cookies (session, persistent, analytics).
- User choice control.
11. User Rights
- Access, correction, and deletion requests.
- Method to raise these (email/legal officer contact).
12. Third‑Party Links
- Disclaimer that Ishm Bansal & Associates isn’t responsible for the external site content.
13. Children’s Privacy
- Prohibition on collecting information from minors under 18 in India.
14. Changes to Policy
- The statement will be effective upon posting.
15. Contact Details
- Provide a designated email/office address for privacy queries.