Privacy Policy

This Privacy Policy describes how www.tanmoysarkar.in (the "Blog," "I," "we," "us," or "our") collects, uses, and discloses your digital personal data, particularly in relation to my email subscription service. 
This policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDPA), of India.

1. Definitions (as per DPDPA)

2. Information I Collect and Purpose of Processing

3. Basis for Processing (Consent)

4. Data Storage and Security

5. Sharing Your Information

6. Your Rights as a Data Principal (under DPDPA)

7. How to Exercise Your Rights / Opt-Out

8. Children's Personal Data

9. Data Retention

10. Changes to This Privacy Policy

11. Contact with Me & Grievance Redressal

Data Principal: The individual to whom the personal data relates (i.e., you, as the subscriber).

Data Fiduciary: The person or entity who determines the purpose and means of processing personal data (i.e., www.tanmoysarkar.in).

Personal Data: Any data about an individual who is identifiable by or in relation to such data. For my email subscription, this primarily includes your email address.

Processing: A wholly or partly automated operation or set of operations performed on digital personal data, including collection, storage, retrieval, use, disclosure, or erasure.

When you voluntarily subscribe to our email newsletter, I collect the following digital personal data:

Email Address: Your email address is the primary piece of personal data I collect.

The processing of your email address is solely for the following specified purposes:

To Send You My Newsletter: I use your email address to send you updates, new blog posts, announcements, and other content directly related to www.tanmoysarkar.in.

To Improve My Content (Aggregated Data): I may use anonymized and aggregated data (e.g., open rates, click-through rates) to understand what content is most engaging for my subscribers and to improve the relevance and quality of my future communications. This aggregated data does not identify you personally.

I will only process your email address for these stated purposes and will not use it for any other purpose without obtaining your fresh, informed consent.

I process your email address based on your explicit consent, as required by the DPDPA. When you subscribe, you provide consent that is:

Free: You are not coerced into subscribing.

Specific: Your consent is given for the specific purpose of receiving myr email newsletter.

Informed: This Privacy Policy clearly outlines what data is collected and for what purpose.

Unconditional: Your access to the blog content is not conditional on your subscription.

Unambiguous with a clear affirmative action: By entering your email address and clicking the "Subscribe" (or similar) button, you are taking a clear affirmative action signifying your agreement.

Your email address is stored securely with my email marketing service provider, [Insert Name of Email Marketing Service Provider, e.g., Mailchimp, ConvertKit, Substack]. Ie select reputable service providers that adhere to industry-standard security practices and have contractual obligations to protect your data as per DPDPA requirements.

I implement reasonable security safeguards, including [mention general security measures, e.g., using secure platforms, access controls, regular updates], to protect your personal data from unauthorized access, accidental loss, disclosure, or destruction.

While Ie strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, I cannot guarantee its absolute security.

I do not sell, rent, or trade your email address or any other personal data with third parties for their marketing purposes.

I may share your information with third-party service providers only to the extent necessary to operate my email subscription service (e.g., my email marketing platform). These service providers act as "Data Processors" on our behalf and are contractually bound to:

Process your personal data only according to my instructions.

Maintain the confidentiality and security of your data.

Comply with applicable data protection laws, including the DPDPA.

I may also disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

Comply with a legal obligation.

Protect and defend the rights or property of www.tanmoysarkar.in.

Prevent or investigate possible wrongdoing in connection with the Blog.

Protect the personal safety of users of the Blog or the public.

As a Data Principal, you have the following rights regarding your personal data:

Right to Access Information: You have the right to obtain information from us about your personal data being processed, its purpose, and the identities of any third-party Data Fiduciaries or Data Processors with whom it has been shared.

Right to Correction and Erasure: You have the right to request the correction of inaccurate or misleading personal data, the completion of incomplete personal data, or the erasure of your personal data. I will fulfill such requests as soon as is reasonable, unless retention is necessary for compliance with law or for the specified purpose.

Right to Grievance Redressal: You have the right to a readily available means to report a grievance regarding your personal data. I will respond to your grievance within a reasonable timeframe.

Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity.

Right to Withdraw Consent: You can withdraw your consent for the processing of your email address at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Unsubscribe: You can easily unsubscribe from my email newsletter at any time by clicking the "unsubscribe" link provided at the bottom of every email I send you. This will cease my processing of your email for newsletter purposes.

Other Rights: To exercise your other rights (access, correction, erasure, or any other grievance), please contact with me using the details provided below. I may require you to verify your identity before fulfilling such requests.

My Blog and email subscription service are not intended for individuals under the age of 18 years. I do not knowingly collect, track, or behaviourally monitor the personal data of children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact with me immediately so that I can take steps to remove that information from my records and cease any further processing.

I will retain your email address for as long as you remain subscribed to my newsletter, or as long as necessary to fulfill the specified purpose for which it was collected. Upon withdrawal of your consent or when the specified purpose is no longer served, I will erase your personal data from my records within a reasonable time.

I may update my Privacy Policy from time to time to reflect changes in my practices or legal requirements, particularly those under the DPDPA. I will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, my data processing practices, or wish to exercise any of your rights as a Data Principal, please contact with my Grievance Redressal mechanism:

Contact Form: [Insert your name, email address and message]

I will endeavor to address your concerns promptly and in accordance with the provisions of the DPDPA.

Crucial Considerations and Customization for an Indian Context:

[Insert Name of Email Marketing Service Provider, e.g., Mailchimp, ConvertKit, Substack]: Be specific about the service you use. Ensure your chosen provider is aware of and compliant with DPDPA, especially concerning data storage and processing obligations for Indian data principals.

[Insert General Security Measures]: While you don't need highly technical details, briefly mention general measures like "using secure platforms," "access controls," "regular software updates," and "encryption where applicable."

Contact Form: [Insert your name, email address and message] This is your designated Grievance Redressal contact point as required by DPDPA.

Age (18 years): The DPDPA defines a "child" as an individual under 18 years of age and imposes stricter obligations for processing their data (e.g., verifiable parental consent, prohibition on tracking/behavioral monitoring/targeted advertising).

Consent Manager: While not mandatory for a small personal blog, the DPDPA introduces the concept of "Consent Managers" that facilitate managing consent. If your blog grows significantly, you might consider this.

Data Protection Board: The DPDPA establishes a Data Protection Board of India. While a personal blog is unlikely to fall under the "Significant Data Fiduciary" category requiring a specific Data Protection Officer (DPO), it's good to be aware that the Board is the ultimate authority for grievances and compliance.

Review by Legal Professional: This template is a starting point and provides general guidance. Data privacy laws, especially the DPDPA, are complex and still evolving with rules being framed. It is highly recommended to consult with a legal professional specializing in Indian data privacy laws to ensure your privacy policy is fully compliant with all specific requirements and reflects your actual data processing activities accurately. They can advise on specific wording, implications for your blog, and any additional provisions that might be necessary.