Privacy Policy

Part 1: The Foundation — Understanding Your Legal Role

As the owner of “khatri khushi digital,” your website collects user data through cookies, analytics, and contact forms. This makes you a Data Fiduciary under the DPDP Act. This isn’t just a title; it comes with significant responsibilities.

Your Core Responsibilities:

  • Consent & Notice: Before you collect any personal data, you must get clear, affirmative consent from users. This means no pre-checked boxes. You also have to provide a notice explaining why you’re collecting their data.
  • Data Security: You must use reasonable security measures to protect the data you collect from breaches or unauthorized access. You’re also responsible for any third-party services (like affiliate networks) that handle data on your behalf.
  • Data Accuracy & Erasure: You must maintain accurate data and delete it once the purpose for collecting it is fulfilled, or if a user asks you to.
  • Grievance Redressal: You need a clear and accessible way for users to contact you with data-related questions or complaints. Your contact email is a good start, but you must have a clear process for handling these requests.

Upholding User Rights:

The DPDP Act gives your users specific rights over their data. Your website must be designed to support these:

  • Right to Information: Users can ask what personal data you have and what you’re doing with it.
  • Right to Correction & Erasure: Users can request to have their data corrected or deleted.
  • Right to Grievance Redressal: Users have a right to have their complaints addressed.
  • Right to Nominate: Users can designate someone to act on their behalf if they are incapacitated.

This last point is especially important for a site like yours that uses multiple third-party services. Your privacy policy can’t just say you use third parties; it must explicitly name them—like Google AdSense and Facebook Ads—because users have the right to know who is processing their information.

Part 2: Creating Your Legal Documents

Your legal documents—the Privacy Policy and the Disclaimer—are essential for protecting your business and building user trust.

Crafting a User-Friendly Privacy Policy

Think of your privacy policy as a transparent contract with your users. It should be easy to find and written in simple, clear language.

  • Who We Are & How to Contact Us: Start by clearly stating who you are and providing your designated contact email for all data-related questions.
  • What Data We Collect: Be specific about the data you collect. This includes both information users provide (like their name and email) and data collected automatically (like IP addresses and browser information from analytics and cookies).
  • How We Use Your Data: Explain the lawful reasons for using the data you collect, such as operating the website, personalizing user experience, and communicating with users.
  • Third-Party Disclosures: This is crucial. Since your business model relies on third-party services, you must explicitly name them.
    • Google AdSense/Ads: State that Google uses cookies to serve personalized ads based on a user’s browsing history.
    • Facebook Ads: Acknowledge that you use Facebook’s advertising and that user information may be shared for targeted advertising.
    • Affiliate Networks: If you use affiliate links, mention that. You can provide links where users can learn more or opt out.
  • Child Data Protection: The DPDP Act has strict rules about children’s data. You must state that you do not track, monitor, or serve targeted ads to children under 18. This is a critical legal requirement.