1. Introduction
Welcome to ArjunSingh.org ("we," "our," or "us"). Your privacy is critically important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.arjunsingh.org.
By using our website, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our website.
2. Information We Collect
2.1 Personal Information You Provide
We collect information that you voluntarily provide when you:
- Fill out the contact form
- Schedule a consultation call via Calendly
- Send us a message via WhatsApp
- Subscribe to updates or newsletters
This information may include:
- Name - To address you properly
- Email address - To respond to your inquiries
- Phone number - For direct communication (optional)
- Company name - To understand your professional context
- Message content - To understand your inquiry or requirements
- Areas of interest - To provide relevant information
2.2 Automatically Collected Information
When you visit our website, we automatically collect certain technical information:
π Data Collection Purposes:
- π Security & Fraud Prevention: IP address, session data
- π Website Analytics & Improvement: Usage patterns, page views, session duration
- π¨ User Experience Optimization: Device type, browser compatibility
Technical Data Collected:
- IP address - For security monitoring and fraud prevention (not stored in analytics database, only in security logs for 90 days)
- Browser type and version - To optimize website performance and compatibility
- Device information - Device type (mobile/desktop/tablet), screen size, operating system to ensure responsive design
- Pages visited and time spent - To understand content engagement and improve user experience
- Referring website - To understand traffic sources and marketing effectiveness
- Geographic location (approximate) - Country, state, and city (not precise coordinates) for regional analytics and content localization
- Session information - Session duration, pages per session, scroll depth, and interaction patterns for analytics purposes
βοΈ Legal Basis for Automatic Collection:
- Security Data: Legitimate Interest (GDPR Art. 6(1)(f)) - necessary for website security and fraud prevention
- Analytics Data: Consent (GDPR Art. 6(1)(a)) - collected only when you accept analytics cookies via our cookie banner
How Analytics Data is Stored:
Session Analytics Database:
- β Anonymized: No personally identifiable information (PII) stored - sessions identified by random UUID only
- β Consent-Based: Only collected if you accept "Analytics Cookies" in cookie banner
- β No IP Addresses: IP addresses are NOT stored in analytics database (security logs only)
- β Retention: Automatically deleted after 24 months
- β Purpose: Website improvement, content optimization, user experience enhancement
Third-Party Analytics Services:
In addition to our in-house session tracking, we use Google Analytics (GA4) for aggregate traffic analysis. Google Analytics data is subject to Google's retention policies (26 months by default) and their Privacy Policy.
Opt-Out: You can disable analytics by:
- Rejecting "Analytics Cookies" in our cookie banner
- Installing the Google Analytics Opt-out Browser Add-on
3. How We Use Your Information
We use the collected information for the following legitimate purposes:
- π§ Communication: To respond to your inquiries, provide requested information, and maintain professional correspondence
- π― Service Improvement: To understand how visitors use our website and continuously improve user experience
- π Analytics: To analyze website traffic, user behavior, and engagement patterns using Google Analytics
- π Security: To detect and prevent fraud, spam, abuse, and unauthorized access
- π Record Keeping: To maintain a record of inquiries for business purposes
- πΌ Professional Networking: To discuss potential job opportunities, projects, or collaborations
β οΈ Important: We will NEVER sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.
4. Third-Party Services & Integrations
4.1 Google Analytics
We use Google Analytics (GA4) to track and analyze website usage patterns. Google Analytics uses cookies to collect anonymous information about visitor behavior, including:
- Page views and session duration
- Traffic sources and referral paths
- Device and browser information
- Demographic data (age, gender, interests)
You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
4.2 Google reCAPTCHA v2
We use Google reCAPTCHA v2 to protect our contact form from spam and automated abuse. reCAPTCHA collects hardware and software information such as device and application data, and sends it to Google for analysis. This service is subject to:
- Google's Privacy Policy
- Google's Terms of Service
4.3 Calendly (Scheduling Service)
We use Calendly for scheduling consultation calls. When you book a meeting:
- Your name, email, and selected time slot are shared with Calendly
- You may receive calendar invitations and reminders
- Your data is processed according to Calendly's Privacy Policy
4.4 WhatsApp Business
Our website includes a WhatsApp widget for direct messaging. When you initiate a conversation:
- You'll be redirected to WhatsApp's platform
- Your WhatsApp number and profile information may be visible
- Communications are governed by WhatsApp's Privacy Policy
4.5 Email Services (Hostinger)
Contact form submissions are processed through our email service provider Hostinger. Emails are sent via secure SMTP with encryption.
5. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us:
Types of Cookies We Use:
- Essential Cookies: Required for website functionality (e.g., session management)
- Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
- Security Cookies: Prevent spam and abuse (reCAPTCHA)
- Preference Cookies: Remember your settings and preferences
You can control cookies through your browser settings. However, disabling cookies may limit website functionality and affect your user experience.
How to manage cookies:
- Chrome: Settings β Privacy and security β Cookies
- Firefox: Options β Privacy & Security β Cookies
- Safari: Preferences β Privacy β Manage Website Data
6. Data Security Measures
We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:
- π SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS
- π‘οΈ Secure Database Storage: Contact form data is stored in a password-protected database with encrypted credentials
- π Access Controls: Limited access to personal data on a need-to-know basis
- β±οΈ Rate Limiting: Prevents brute-force attacks and spam submissions
- π« File Access Protection: Sensitive configuration files are protected from web access
- π Regular Security Audits: Periodic reviews and updates of security measures
- π Activity Logging: Security events are logged for monitoring and analysis
β οΈ Disclaimer: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention Policy
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- Contact Form Submissions: Retained for 2 years for business reference and follow-up purposes
- Email Correspondence: Retained as per standard email retention practices
- Analytics Data: Automatically deleted by Google Analytics after 26 months
- Security Logs: Retained for 90 days for security monitoring
After the retention period, personal data is securely deleted or anonymized. You may request earlier deletion by contacting us.
7A. Detailed Retention Periods
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contact Form Submissions | 2 years | Legitimate Interest |
| Email Correspondence | As per email provider policy | Legitimate Interest |
| Analytics Data | 26 months (Google Analytics) | Consent |
| Security Logs | 90 days | Legitimate Interest |
8. Your Privacy Rights
Under applicable data protection laws (including GDPR and India's Digital Personal Data Protection Act), you have the following rights:
- π Right to Access: Request a copy of the personal data we hold about you
- βοΈ Right to Correction: Request correction of inaccurate or incomplete data
- ποΈ Right to Deletion: Request deletion of your personal information ("right to be forgotten")
- π« Right to Object: Object to processing of your data for direct marketing purposes
- π¦ Right to Portability: Request transfer of your data to another service provider
- βΈοΈ Right to Restriction: Request restriction of processing in certain circumstances
- β Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent
To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.
8A. How to Exercise Your Rights
To exercise any of your data protection rights, you can:
- Email us: arjun.singh.tata@gmail.com with subject "Data Subject Rights Request"
- Use our online form: Submit a Privacy Rights Request
- Call us: +91 8149090364
California Residents: Visit our Do Not Sell or Share My Personal Information page for CCPA/CPRA rights.
Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving your request.
9. Children's Privacy
Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
If you are a parent or guardian and believe we have inadvertently collected information from a child under 18, please contact us immediately, and we will take steps to delete such information from our systems.
10. International Data Transfers
Our website is hosted in India, and your information may be transferred to, stored, and processed in India or other countries where our service providers operate.
When we transfer data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.
11. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. Any changes will be:
- Posted on this page with an updated "Last Updated" date
- Communicated via email for material changes (if you've provided your email)
- Effective immediately upon posting unless otherwise stated
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Legal Basis for Processing (GDPR)
For users in the European Union, we process your personal data based on the following legal grounds:
- Consent: You have given explicit consent for specific processing activities
- Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving services, security)
- Legal Obligation: Processing is required to comply with legal obligations
13. Data Protection Officer & EU Representative
Data Protection Officer (DPO)
Current Status: As a small-scale personal portfolio website processing limited personal data, we are not currently required to appoint a formal Data Protection Officer under GDPR Article 37.
Data Protection Inquiries: All privacy-related questions should be directed to:
π§ Email: arjun.singh.tata@gmail.com
π± Phone: +91 8149090364
Subject Line: "Data Protection Inquiry - GDPR"
Note: If our data processing scale increases significantly, we will appoint a formal DPO and update this section accordingly.
EU Representative
Current Status: As we do not have an establishment in the European Union and process minimal personal data from EU residents, we are not currently required to appoint an EU representative under GDPR Article 27(2).
EU Residents: If you are located in the EU and have privacy concerns, please contact us directly at arjun.singh.tata@gmail.com with "EU Data Subject Request" in the subject line.
Supervisory Authority (EU/EEA)
Under GDPR Article 77, EU/EEA residents have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated.
πͺπΊ Key EU Supervisory Authorities:
-
Ireland (for many tech companies):
Data Protection Commission (DPC)
Website: www.dataprotection.ie
Email: info@dataprotection.ie -
Germany:
Bundesbeauftragte fΓΌr den Datenschutz und die Informationsfreiheit (BfDI)
Website: www.bfdi.bund.de -
France:
Commission Nationale de l'Informatique et des LibertΓ©s (CNIL)
Website: www.cnil.fr -
Find Your Local Authority:
European Data Protection Board - Member List
14. India Data Protection Compliance (DPDP Act 2023)
Data Fiduciary Declaration
Arjun Singh (ArjunSingh.org) acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act).
What This Means:
As a Data Fiduciary, we are responsible for determining the purposes and means of processing your
personal data. We are committed to:
- β Processing personal data lawfully and fairly
- β Collecting data only for specified, lawful purposes
- β Ensuring data accuracy and security
- β Retaining data only as long as necessary (2 years max)
- β Honoring your rights as a Data Principal
Data Protection Board of India
Current Status: The Data Protection Board of India is being established under Section 18 of the DPDP Act 2023.
Your Rights Under DPDP Act: Once operational, the Data Protection Board will handle complaints related to personal data processing. You will have the right to file complaints regarding:
- Non-compliance with consent requirements
- Denial of your rights as a Data Principal
- Data breach notifications
- Unauthorized data processing
For Now: Please direct all data protection concerns to arjun.singh.tata@gmail.com with subject "DPDP Act Data Rights Request".
Updates: We will update this section with Data Protection Board contact information once it becomes operational.
Grievance Redressal Mechanism
βοΈ Complaint Resolution Timeline (DPDP Act Compliance):
- Submit Complaint: Email arjun.singh.tata@gmail.com with subject "DPDP Grievance - [Your Issue]"
- Acknowledgment: We will acknowledge receipt within 3 business days
- Investigation: We will investigate your complaint thoroughly
- Resolution: We commit to resolving grievances within 30 days of receipt (as per DPDP Act best practices)
- Escalation: If unsatisfied, you may escalate to the Data Protection Board of India (once operational)
Your Rights as a Data Principal (DPDP Act)
Under the DPDP Act 2023, you have the following rights:
- Right to Access: Obtain information about personal data processed
- Right to Correction: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of personal data
- Right to Grievance Redressal: File complaints about data processing
- Right to Nominate: Nominate another person to exercise rights in case of death/incapacity
To Exercise These Rights: Contact us at arjun.singh.tata@gmail.com
15. Australia Privacy Act Compliance
Australian Privacy Principles (APPs)
For visitors from Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
Key APP Compliance Commitments
- APP 1 - Open and Transparent Management: This Privacy Policy clearly explains our personal information handling practices
- APP 3 - Collection of Solicited Information: We only collect personal information necessary for our functions (contact form, analytics)
- APP 5 - Notification: We inform you at collection about how we use your data (via this Privacy Policy and form notices)
- APP 6 - Use or Disclosure: We only use personal information for the purposes disclosed (responding to inquiries, analytics with consent)
- APP 8 - Cross-Border Disclosure: We disclose that third-party services (Google Analytics, Calendly) may process data internationally
- APP 11 - Security: We implement reasonable security measures (SSL/TLS encryption, secure database storage, access controls)
- APP 12 - Access: You can request access to your personal information by contacting us
- APP 13 - Correction: You can request correction of inaccurate information
Office of the Australian Information Commissioner (OAIC)
Australian residents have the right to lodge a complaint with the OAIC if they believe we have mishandled their personal information.
π¦πΊ OAIC Contact Information:
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Mail: GPO Box 5218, Sydney NSW 2001, Australia
Before Contacting OAIC: We encourage you to contact us first at arjun.singh.tata@gmail.com to resolve any concerns.
16. Contact Us & Data Protection Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Arjun Singh
Operations Analyst & Automation Expert
π§ Email: arjun.singh.tata@gmail.com
π± Phone / WhatsApp: +91 8149090364
π Website: www.arjunsingh.org
π Location: Pune, Maharashtra, India
Response Time: We aim to respond to all privacy-related inquiries within 48 hours during business days.
π Summary of Key Points
- β We collect only necessary information to provide our services
- β Your data is protected with industry-standard security measures
- β We never sell your personal information to third parties
- β You have full rights to access, modify, or delete your data
- β We use cookies for analytics and security purposes only
- β Contact form data is retained for 2 years