Privacy Policy

Pratyush Goel
Pratyush Goel

Last updated

Privacy Policy
Privacy Policy

This privacy notice explains how I, Pratyush Goel, process personal data in my website as per the General Data Protection Regulation (GDPR) and other relevant data protection and privacy laws applicable to my business.

Your data protection rights

  • Access and rectification - You may request a copy of the information I process about you and ask me to rectify any incorrect data.
  • Erasure or restriction - In some circumstances, you may ask me to delete or restrict the processing of your data, but I cannot delete any data I am legally required to process.
  • Object to processing - In some circumstances, you may ask me to stop processing your data.
  • Data portability - In some circumstances, you may ask me to transfer your data to you or another organisation.

Also, if you're unhappy about how I process your data, you have a right to complain to a national data authority. I hope, however, that you will contact me first so that we can try to resolve the matter for you in a satisfactory way.

Please get in touch with me if you have any questions about how I handle your data or want to exercise one of your rights. You are entitled to a reply within 30 days.

How I get your personal data

I typically process personal data on potential or existing customers, website visitors and vendors and collaboration partners.

I may process personal data when you -

  • Contact / communicate with me online (email, video calls, social media, etc.) or on the phone.
  • Use my services / software (Deshlie).
  • Deliver products / services to or enter into a collaboration with me.

It is voluntary to provide me with personal data, but I cannot provide you with my services if you choose not to.

I do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data, or process any special category data as per the GDPR Article 9.

Purpose, lawful basis and retention periods

I only process your personal data when I have a purpose and a lawful basis for doing so. Under the GDPR Article 6-1, the lawful bases I rely on are -

  1. Your consent.
  2. I have a contractual obligation (contract).
  3. I have a legal obligation.
  4. I have a legitimate interest.

As a rule, I do not process personal data for longer than necessary to fulfil the purpose of processing. To comply with this, I formally assess my data protection and privacy work with the intention to amend, update and, if necessary, delete personal data.

I will only retain data for as long as I am required to as per applicable legal obligations such as accounting, tax, labour laws or any other relevant rules and regulations.

Details on the processing of your personal data

This section describes when and how I process your data, for what purposes and my legal grounds to do so (lawful bases). I also specify the retention periods for the processing.

I process personal data when:

1. You communicate with me

Regardless of your relationship with me, as a potential or existing customer, vendor or other, I process your personal data whenever you communicate with me. This could be when you contact me through email, phone (call, text message) or social media. Depending on where and how you contact me, this may include your name, contact details, IP address and other information you choose to send to me.

The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where my legitimate interest is to respond to your inquiries and, on some occasions, keep records in case of complaints or legal claims.

I review this data at my regular GDPR audits and delete personal data as appropriate. I typically keep this type of personal data for up to two years or six years if I have a legal obligation in accordance with accounting and bookkeeping rules.

2. You receive marketing as an existing customer

If I have an existing customer relationship with you, I may send you emails containing a promotional element (this happens very infrequently). The personal data I process is your name and email address. The purpose is to provide you with news and offers related to your subscription. The lawful basis is f), where my legitimate interest is to offer my relevant products and services. The lawful basis could also be a), where you have given me your consent to such marketing.

You can opt-out of marketing emails at any time by clicking the unsubscribe link in any such email. I process the data for as long as I have a customer relationship with you or if the processing is based on your consent until you withdraw it. When you ask me not to send you any promotional materials, your account will be flagged as "unsubscribed from marketing" in my internal database, and you won't receive any further marketing emails from me. I am still required to process data for accountancy, tax and other business purposes if you are my customer.

3. You respond to my surveys

I sometimes send surveys to my customers to improve my product. Responding to my surveys is completely voluntary. I process personal data such as your name, contact details and other information you choose to share with me. I do not process any personal data if a survey is anonymous.

The purpose is to gather your feedback to continuously improve my products and services and provide you with better customer service in the future. The lawful basis is a) consent. I review this data at my regular GDPR audits and delete personal data as appropriate; however, no later than two years after responding to the survey.

4. You supply services to or collaborate with me

When you enter into an agreement with me either as a vendor, partner or data processor, I process personal data such as your name, contact details and correspondence. The purpose is to enter into this agreement and communicate with you before, during and after our formal business relationship.

The lawful bases are b) contract, c) legal obligation related to accounting, tax and other business laws I am required to abide by, and f) where my legitimate interest is to be able to communicate with you before, during and after our formal business relationship (described under the paragraph "You communicate with me" above). I store personal data for as long as we have a formal business relationship and then for up to 5 years after, in accordance with our legal obligations for accounting, tax and other business purposes.

5. You use my website

When you use my website, I briefly process your IP address and user agent, which are considered personal data under the GDPR. With DDoS (Distributed Denial of Service) attacks increasing every year, it is necessary to safeguard my website with strong security measures so that it stays safe and works well. For this, I am forced to keep partial access logs. The purposes for this processing are a) to protect against cyberattacks such as the DDoS one and b) to analyze my website traffic to optimize and run my business effectively. The lawful basis is f), where my legitimate interests protect my business against cyberattacks and optimize and run my business effectively.

Whom I share your personal data with

To run my business efficiently and securely, I sometimes will have to share your personal data with other (trusted) parties such as:

  • Data processors (providers of various services that process your personal data on my behalf)
  • My accountant
  • Professional advisors from other industries (such as law and finance)
  • IT support (when necessary)
  • Public authorities (when I am obliged to report to them)

I require that all such recipients secure data in accordance with good information security and as per the requirements of this Privacy notice. I review and quality assure all vendors and data processors and enter into a data processing agreement / addendum whenever necessary.

I use data processors for -

  1. Accounting / bookkeeping
  2. Email, calendar and digital meetings
  3. This website, including online payments providers
  4. Transactional emails to customers
  5. Support ticket system

I don't publish further details (like names) of my data processors to protect my business. If you'd like to know more about my processing and with whom I share your personal data, please get in touch with me. I practice data minimization, so I will only use data suppliers to process your personal data when required (e.g. Stripe for payment processing).

Transfer of personal data outside the EU/EEA

In some cases, your personal data will be transferred to a "third country", i.e. outside the EU / EEA. For example, where I use data processors to manage email services. I only use data processors I trust that are well known, reputable, and have a data processing agreement / addendum.

I have ensured that every data processor in a third country has necessary safeguards in place like the EU adequacy decision, standard contractual clauses (SCC) or binding corporate rules (BCR).

I conduct risk assessments for every data processor I use in my business. I review, in particular, the data processor's technical and organizational security measures, reputation and safeguards for international transfers of personal data.

If you still have any concerns or questions, please get in touch with me.

Information security

I take information security as seriously as privacy, and I will always do my utmost to safeguard your personal data in the best possible way. For example, I use strong passwords, data encryption, two-factor authentication and several other measures to secure my data and prevent unauthorized persons from accessing, altering, deleting, or in any way affecting the data I store, including your personal data.

I only allow others to access or process your personal data in accordance with my instructions and only when strictly necessary.

Accessing and correcting your personal Data

You have a right to access your personal data and request a correction if you believe it is inaccurate. If you have submitted Personal Information and would like to have access to it, or if you would like to have it corrected, please get in touch with me using the contact information provided below.

How to contact me

If you have any questions regarding this Privacy Policy or to access your information, please send an email to - pratyushg444@gmail.com.