🇪🇺 EU Data Protection

GDPR Compliance

We are committed to protecting the personal data of EU/EEA residents in full compliance with the General Data Protection Regulation (GDPR). Learn about your rights and how we safeguard your information.

📅 Last Updated: April 08, 2026
⚖️ Regulation: EU 2016/679
Status: Fully Compliant

Your Data, Your Rights

The General Data Protection Regulation (GDPR) is the world's strongest data protection law. We fully comply with all GDPR requirements to ensure your personal data is protected, secure, and used transparently.

GDPR at a Glance

Here's what GDPR compliance means for you:

🛡️
Data Protection
Your data is secured with industry-standard encryption and security measures
👤
Your Rights
Access, rectify, delete, or port your personal data at any time
📋
Transparency
Clear information about data collection, use, and sharing practices
Consent
Explicit consent required for data processing activities

📋 Table of Contents

1 Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It regulates how organizations process the personal data of individuals residing in the European Union (EU) and European Economic Area (EEA).

1.1 What is GDPR?

GDPR is Regulation (EU) 2016/679 of the European Parliament and of the Council. It establishes:

  • Rules for the processing of personal data
  • Rights for individuals regarding their personal data
  • Obligations for organizations that process personal data
  • Significant penalties for non-compliance (up to €20 million or 4% of global turnover)

1.2 Who Does GDPR Apply To?

GDPR applies to:

  • Data Subjects: Individuals residing in the EU/EEA, regardless of nationality
  • Data Controllers: Organizations that determine the purposes and means of processing
  • Data Processors: Organizations that process data on behalf of controllers
  • Geographic Scope: Any organization offering goods/services to EU/EEA residents

1.3 Our Commitment

Debasis Bhattacharjee is fully committed to GDPR compliance. We:

  • Process personal data lawfully, fairly, and transparently
  • Collect data only for specified, explicit, and legitimate purposes
  • Ensure data is adequate, relevant, and limited to what is necessary
  • Maintain data accuracy and keep it up to date
  • Retain data only as long as necessary
  • Implement appropriate security measures
  • Respect and facilitate your GDPR rights
ℹ️ Important Note

This GDPR Compliance page should be read in conjunction with our Privacy Policy, which provides comprehensive details about our data practices. This page specifically addresses GDPR requirements for EU/EEA residents.

2 Data Controller Information

Under GDPR, the data controller is the entity that determines the purposes and means of processing personal data.

2.1 Data Controller Details

Field Information
Business Name Debmedia Technologies LLP
Proprietor Debasis Bhattacharjee
Registered Location West Bengal, India
Website https://www.debasisbhattacharjee.com
Email privacy@debasisbhattacharjee.com

2.2 Representative in the EU

As we are based outside the EU but process data of EU residents, we have appointed (or are in the process of appointing) an EU representative in accordance with Article 27 GDPR.

  • Status: Under appointment process
  • Contact: eu-representative@debasisbhattacharjee.com
  • Purpose: To serve as a point of contact for EU data subjects and supervisory authorities

2.3 Data Protection Officer (DPO)

For GDPR-related inquiries, you can contact our Data Protection Officer:

  • Email: dpo@debasisbhattacharjee.com
  • Role: Oversees GDPR compliance, handles data subject requests
  • Response Time: Within 30 days as required by GDPR

2.4 Data Processors We Use

We engage third-party data processors who process personal data on our behalf:

  • Cloud Hosting Providers: For website hosting and data storage
  • Email Service Providers: For email communications
  • Payment Processors: For transaction processing
  • Analytics Providers: For website analytics

All data processors are contractually bound to GDPR compliance through Data Processing Agreements (DPAs).

4 Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data. We are committed to respecting and facilitating these rights.

👁️
Right to Access (Article 15)
You can request a copy of all personal data we hold about you, including information about how it's being used.
✏️
Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data at any time.
🗑️
Right to Erasure (Article 17)
Also known as "right to be forgotten," you can request deletion of your personal data in certain circumstances.
🚫
Right to Restriction (Article 18)
You can request that we limit how we use your personal data while a dispute is being resolved.
📤
Right to Data Portability (Article 20)
You can request your data in a structured, machine-readable format to transfer to another service.
Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing purposes.
🤖
Rights Related to Automated Decision-Making (Article 22)
You have rights regarding automated decisions that significantly affect you, including profiling.
↩️
Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
⚖️
Right to Lodge a Complaint (Article 77)
You have the right to file a complaint with your local data protection authority if you believe your rights have been violated.

4.1 How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Email us: dpo@debasisbhattacharjee.com or privacy@debasisbhattacharjee.com
  2. Subject Line: "GDPR Rights Request - [Your Request Type]"
  3. Include: Your name, email address, account details (if applicable), and specific request
  4. Verification: We may request additional information to verify your identity

4.2 Response Timeline

  • We will respond within one month of receiving your request
  • Complex requests may be extended by two additional months with notification
  • You will be informed of any delays and the reasons
  • Requests are handled free of charge unless manifestly unfounded or excessive

4.3 Limitations

Some rights may be limited in certain circumstances:

  • When we have a legal obligation to retain data
  • For the establishment, exercise, or defense of legal claims
  • When deletion would prejudice our legitimate interests
  • For compliance with regulatory requirements
⚠️ Important

We take your GDPR rights seriously. If we cannot fulfill your request, we will explain why and inform you of your right to lodge a complaint with the relevant supervisory authority.

5 Data We Collect

We collect only the personal data necessary to provide our services and comply with our legal obligations. Here's what we collect and why:

5.1 Categories of Personal Data

Data Category Examples Purpose Legal Basis
Identity Data Name, username, title Account management, personalization Contract
Contact Data Email, phone number, address Communication, service delivery Contract
Financial Data Payment card details, billing address Payment processing Contract
Transaction Data Purchase history, order details Order fulfillment, customer service Contract
Technical Data IP address, browser, device info Security, website functionality Legitimate Interest
Usage Data Pages viewed, time spent, clicks Website improvement, analytics Legitimate Interest
Marketing Data Preferences, communication consent Marketing communications Consent
Profile Data Interests, preferences, feedback Personalization, service improvement Legitimate Interest

5.2 Special Category Data

We do NOT intentionally collect special category personal data (sensitive data) such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data
  • Health data
  • Sex life or sexual orientation

If such data is inadvertently collected, it will be deleted immediately upon discovery.

5.3 Children's Data

Our services are not directed at children under 16 years of age (or the applicable age of consent in your country). We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it immediately.

5.4 Data Minimization

In accordance with GDPR principles, we:

  • Collect only data that is necessary for specified purposes
  • Avoid collecting excessive or irrelevant information
  • Regularly review data collection practices
  • Delete unnecessary data

6 Data Processing Activities

We process your personal data for specific, explicit, and legitimate purposes as outlined in our Privacy Policy and this GDPR compliance page.

6.1 Purpose Limitation

We process personal data only for the purposes for which it was collected:

  • Service Provision: Delivering products and services you've requested
  • Communication: Responding to inquiries and providing support
  • Transaction Processing: Processing payments and orders
  • Security: Protecting against fraud and unauthorized access
  • Legal Compliance: Meeting regulatory and legal obligations
  • Service Improvement: Enhancing user experience and functionality
  • Marketing: Sending promotional communications (with consent)

6.2 Automated Decision-Making and Profiling

We do NOT engage in automated decision-making that produces legal effects or similarly significantly affects you.

We may use limited profiling for:

  • Personalizing website content and recommendations
  • Improving marketing relevance (with consent)
  • Fraud detection and prevention

You have the right to object to profiling and request human review of automated decisions.

6.3 Data Accuracy

We take steps to ensure personal data is accurate and up-to-date:

  • Providing self-service account management tools
  • Regularly reviewing and updating data
  • Correcting inaccuracies when notified
  • Deleting outdated information

6.4 Processing Records

In compliance with Article 30 GDPR, we maintain records of processing activities including:

  • Name and contact details of the controller
  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • Details of international transfers
  • Retention periods
  • Security measures
📊 Transparency

We maintain transparent processing practices and are happy to provide additional information about our data processing activities upon request.

7 International Data Transfers

As we are based outside the EU/EEA, your personal data may be transferred to and processed in countries that do not provide the same level of data protection as the EU.

7.1 Transfer Mechanisms

We ensure adequate protection for international data transfers through:

  • Standard Contractual Clauses (SCCs): EU Commission-approved contracts with data processors (Article 46)
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Binding Corporate Rules: For transfers within corporate groups (when applicable)
  • Explicit Consent: In specific circumstances where you provide informed consent

7.2 Countries We Transfer Data To

  • India: Our primary operations and data storage location
  • United States: Some third-party service providers (with appropriate safeguards)
  • Other Countries: As necessary for service providers with SCCs in place

7.3 Safeguards for Transfers

When transferring data outside the EU/EEA, we:

  • Conduct transfer impact assessments
  • Implement supplementary measures where necessary
  • Ensure contractual commitments from recipients
  • Maintain the same security standards globally
  • Monitor and review transfers regularly

7.4 Your Rights Regarding Transfers

You have the right to:

  • Request information about transfers and safeguards
  • Obtain a copy of relevant SCCs
  • Object to transfers in certain circumstances
  • Withdraw consent for transfers based on consent

7.5 Data Localization

While we cannot guarantee all data remains within the EU/EEA:

  • We minimize transfers where possible
  • We use EU-based service providers when feasible
  • We maintain copies of essential data within the EU where required
  • We comply with local data residency requirements
🌍 International Operations

IMPORTANT: While we are based in India, we implement GDPR-compliant practices for all EU/EEA data subjects. Your data is protected with the same high standards regardless of where it is processed.

8 Data Retention Periods

In accordance with GDPR's storage limitation principle, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

8.1 Retention Criteria

We determine retention periods based on:

  • The purpose for which the data was collected
  • Legal and regulatory requirements
  • Contractual obligations
  • Legitimate business needs
  • Your preferences and consent duration

8.2 Specific Retention Periods

Data Type Retention Period Reason
Account Data Until deletion + 30 days Service provision, legal obligations
Transaction Records 7 years Tax, accounting, legal compliance
Marketing Consent Until withdrawn + 90 days Marketing communications
Customer Support 3 years Quality assurance, dispute resolution
Website Analytics 26 months Business analysis, service improvement
Security Logs 1 year Security, fraud prevention
Legal Claims Duration of claim + 6 years Legal defense

8.3 Deletion Process

When retention periods expire:

  • Data is securely deleted or anonymized beyond recovery
  • Backups are overwritten within 90 days
  • Physical records are shredded
  • Electronic data uses secure erasure methods
  • Deletion is logged and verified

8.4 Extended Retention

We may retain data beyond standard periods when:

  • Required by law or regulation
  • Necessary for legal claims or disputes
  • Subject to legal hold or investigation
  • You have explicitly requested extended retention

8.5 Right to Erasure

You can request early deletion of your data if:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Legal obligations require deletion

9 Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 GDPR.

9.1 Technical Security Measures

  • Encryption: 256-bit SSL/TLS for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Network Security: Firewalls, intrusion detection/prevention systems
  • Secure Development: Security by design and default principles
  • Regular Updates: Timely security patches and updates
  • Monitoring: 24/7 security monitoring and logging
  • Data Backups: Regular encrypted backups with secure storage

9.2 Organizational Security Measures

  • Data Protection Policies: Comprehensive internal policies
  • Employee Training: Regular GDPR and security training
  • Confidentiality Agreements: All staff sign NDAs
  • Access Logging: All data access is logged and reviewed
  • Incident Response Plan: Documented breach response procedures
  • Regular Audits: Internal and external security assessments
  • Vendor Management: Due diligence on all data processors

9.3 Data Breach Notification

In the unlikely event of a data breach:

  • Supervisory Authority: Notified within 72 hours (Article 33)
  • Affected Individuals: Notified without undue delay if high risk (Article 34)
  • Documentation: All breaches documented, even if not reported
  • Mitigation: Immediate steps taken to contain and remediate
  • Communication: Clear, plain language notifications

9.4 Data Protection Impact Assessments (DPIA)

We conduct DPIAs for high-risk processing activities:

  • Before implementing new technologies or systems
  • For large-scale processing of special category data
  • When using innovative processing methods
  • For systematic monitoring or profiling

9.5 Pseudonymization and Anonymization

Where appropriate, we:

  • Pseudonymize data to reduce identification risks
  • Anonymize data for analytics and research
  • Separate identifying information from other data
  • Use data minimization techniques
🔒 Continuous Improvement

We continuously review and update our security measures to address emerging threats and maintain compliance with evolving security standards and GDPR requirements.

10 Cookies & Tracking Technologies

We use cookies and similar tracking technologies in compliance with the ePrivacy Directive and GDPR requirements.

10.1 Cookie Consent

In accordance with EU law:

  • Essential Cookies: Used without consent (strictly necessary)
  • Non-Essential Cookies: Require explicit opt-in consent
  • Cookie Banner: Clear information before consent
  • Granular Control: Category-specific consent options
  • Easy Withdrawal: Simple opt-out mechanisms

10.2 Cookie Categories

Category Purpose Consent Required
Strictly Necessary Essential website functionality, security No
Performance Analytics, site optimization Yes
Functionality Remember preferences, settings Yes
Marketing Targeted advertising, tracking Yes

10.3 Managing Cookie Preferences

You can manage cookies through:

  • Cookie Settings: Access from our cookie banner or footer
  • Browser Settings: Block or delete cookies directly
  • Opt-Out Tools: Third-party opt-out mechanisms
  • Do Not Track: We respect DNT signals where feasible

10.4 Third-Party Cookies

We use some third-party cookies:

  • Google Analytics (with IP anonymization)
  • Social media plugins (if you interact with them)
  • Payment processors (during checkout)

Third-party cookies are subject to the privacy policies of those providers.

10.5 Detailed Cookie Information

For comprehensive cookie details, including:

  • Cookie names and durations
  • Specific purposes
  • Third-party cookie providers
  • How to opt out of specific cookies

Please refer to our detailed Cookie Policy or contact us for more information.

11 Data Protection Officer

In accordance with Article 37 GDPR, we have designated a Data Protection Officer (DPO) to oversee our GDPR compliance program.

11.1 DPO Contact Information

  • Email: dpo@debasisbhattacharjee.com
  • Postal Address: Data Protection Officer, Debmedia Technologies LLP, West Bengal, India
  • Response Time: Within 30 days as mandated by GDPR

11.2 DPO Responsibilities

Our DPO is responsible for:

  • Monitoring GDPR compliance across the organization
  • Advising on data protection impact assessments
  • Providing training and awareness to staff
  • Acting as the point of contact for data subjects
  • Cooperating with supervisory authorities
  • Investigating data protection concerns
  • Maintaining records of processing activities

11.3 When to Contact the DPO

You should contact our DPO for:

  • Exercising your GDPR rights
  • Questions about how your data is processed
  • Complaints about data handling
  • Data breach concerns
  • GDPR compliance inquiries
  • General data protection questions

11.4 DPO Independence

Our DPO operates independently and:

  • Reports directly to senior management
  • Is not penalized for performing DPO duties
  • Has sufficient resources and access
  • Maintains professional confidentiality
  • Is free from conflicts of interest
📧 Direct Communication

You can communicate directly with our DPO regarding any data protection matters. Your communications with the DPO are treated with the highest level of confidentiality.

12 Complaints & Supervisory Authority

If you believe your GDPR rights have been violated, you have the right to lodge a complaint.

12.1 Internal Complaint Process

We encourage you to contact us first:

  1. Contact our DPO: dpo@debasisbhattacharjee.com
  2. Describe the Issue: Provide details of your concern
  3. We Investigate: We will thoroughly investigate your complaint
  4. Response: You will receive a detailed response within 30 days
  5. Resolution: We will work with you to resolve the matter

12.2 Right to Lodge a Complaint with Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in:

  • Your EU/EEA member state of habitual residence
  • Your place of work
  • The place of the alleged infringement

12.3 Finding Your Supervisory Authority

You can find your relevant data protection authority at:

  • EDPB Website: https://edpb.europa.eu/about-edpb/board/members_en
  • Each EU Member State has its own data protection authority
  • Examples:
    • Germany: Bundesdatenschutzbeauftragte
    • France: CNIL (Commission Nationale de l'Informatique et des Libertés)
    • UK: Information Commissioner's Office (ICO)
    • Ireland: Data Protection Commission (DPC)

12.4 Judicial Remedy

Under Article 79 GDPR, you also have the right to:

  • Bring proceedings against us in the courts
  • Seek judicial remedy for GDPR violations
  • Claim compensation for damages

12.5 No Retaliation

We guarantee:

  • No retaliation for filing complaints
  • Continued service regardless of complaints
  • Fair and impartial investigation
  • Respectful treatment throughout the process
⚖️ Your Rights

IMPORTANT: Lodging a complaint with a supervisory authority or court does not affect any other administrative or judicial remedy you may have. You can pursue multiple avenues simultaneously if desired.

13 Updates & Additional Information

13.1 Policy Updates

We may update this GDPR compliance page to reflect:

  • Changes in our processing activities
  • New GDPR guidance or requirements
  • Feedback from supervisory authorities
  • Improvements to our practices

Material changes will be communicated via email to registered EU/EEA users.

13.2 Compliance Documentation

Available upon request:

  • Records of processing activities (Article 30)
  • Data Protection Impact Assessments
  • Standard Contractual Clauses
  • Data Processing Agreements
  • Security certifications and audits

13.3 Brexit Considerations

For UK residents:

  • We comply with the UK GDPR and Data Protection Act 2018
  • The ICO is the relevant supervisory authority
  • Your rights remain essentially the same as under EU GDPR

13.4 Further Information

For more details, please review our related policies:

Questions About GDPR?

Our Data Protection Officer is here to answer any questions you may have about GDPR compliance, your rights, or our data practices.

Contact DPO