Privacy Policy
Effective Date: 1st September 2023
This Privacy Policy describes how [Studio Backdrops India Private Limited] (referred to herein as “we,” “us,” or “our,” and acting as the Data Fiduciary under the DPDP Act) collects, uses, discloses, and retains the personal data of users (“Data Principals”) who interact with our website, https://studiobackdrops.com.
We are committed to protecting the personal data of our Data Principals and ensuring compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).
1. Identity of the Data Fiduciary and Grievance Redressal
The Data Fiduciary is the entity responsible for determining the purposes and means of processing your personal data.
| Detail | Information |
| Legal Name (Data Fiduciary) | StudioBackdrops.com |
| GRO Contact Email | grievance@studiobackdrops.com |
The GRO is your first point of contact for exercising your rights or raising any privacy-related grievances concerning your personal data.
2. Principle of Notice and Consent
We process your personal data based on your specific, informed, and unambiguous consent, which you provide through explicit actions (e.g., clicking a checkbox, submitting an order).
Before seeking your consent, we provide this Notice. By continuing to use our website or submitting your data, you acknowledge that you have read and understood this policy and the purposes for which your data is collected.
3. Personal Data Collected, Purpose, and Retention
We collect personal data only for the defined, lawful purposes outlined below.
| Data Category | Specific Data Points | Purpose of Processing | Legal Basis (DPDP Act) | Retention Period |
| User Registration/Checkout | Name, billing/shipping address, email, phone number, payment method details (processed by payment gateway). | To fulfill and ship your order (Contract), process payments, issue invoices, and provide warranty support. | Consent (to enter a contract) and Legitimate Use (compliance with Indian tax laws). | 8 Years after the last transaction (required for tax and warranty documentation). |
| Comments & Site Interaction | Name, email, website (optional), comment content, IP address, browser user agent string. | To publish comments (Consent), manage user interaction, and detect/prevent spam (Legitimate Use). | Consent (for publishing) and Legitimate Use (security/spam). | 5 Years from the date of the last user activity on the account/comment thread. |
| Promotional/Marketing | Email address, phone number (for SMS/WhatsApp), purchase history. | To send you follow-up mails, order notifications, promotional campaigns, and special offers, only if you have provided explicit, separate consent. | Consent (specific, revocable opt-in). | Until you withdraw consent (by clicking “unsubscribe” or notifying the GRO). |
| Media Uploads | Images uploaded to the website. | To display content on the website. | Consent (user submission). | Warning: We strongly advise against uploading images with embedded location data (EXIF GPS). Visitors may download and extract this data. |
| Login Data | User ID, login time/date. | To manage your session, maintain security, and save display preferences (Cookies). | Legitimate Use (website security and functionality). | Login cookies last 2 days; temporary cookies (session) are discarded upon closing the browser. |
4. Cookies and Tracking Technologies
We use cookies to enhance your experience. Cookies are small text files stored by your browser.
-
Essential Cookies: Used for site security, login functionality, and managing your shopping cart. These are necessary for the website to function, and we rely on Legitimate Use for processing.
-
Non-Essential/Preference Cookies: If you leave a comment, you may opt-in to save your name/email in a cookie for one year. This is for your convenience.
We implement a cookie consent banner that allows you to accept or reject non-essential cookies. You can manage your browser settings to refuse or delete cookies at any time.
5. Disclosure to Data Processors (Third Parties)
We share your personal data with the following categories of third-party Data Processors, strictly to fulfill the defined purposes outlined in Section 3. These processors are contractually obligated to protect your data under the DPDP Act standards.
| Category of Processor | Purpose of Disclosure | Data Shared |
| Payment Gateways | To process transactions and secure payments. | Order value, payment type, transaction ID (We do not store full card details). |
| Shipping & Logistics Partners | To fulfill and deliver your orders. | Name, shipping address, phone number. |
| Email/SMS/WhatsApp Marketing Services | To manage promotional campaigns and service updates (based on your consent). | Email address, phone number. |
| Gravatar & Spam Detection Services | To check for spam, ensure security, and display user avatars. | Email hash (anonymized string), IP address, user agent string. |
| Website Hosting & Cloud Services | To store and host the website and its data securely. | All stored data. |
We affirm that we do not sell or rent your personal data to third parties for monetary gain.
6. Data Principal’s Rights
Under the DPDP Act, you have the following rights regarding your personal data held by us. You may exercise these rights by contacting our Grievance Redressal Officer (GRO) using the contact details provided in Section 1.
-
Right to Access: You have the right to receive a summary of the personal data we hold about you and the processing activities.
-
Right to Correction: You have the right to request the correction or completion of inaccurate or incomplete personal data.
-
Right to Erasure: You have the right to request that we erase your personal data (the “right to be forgotten”), subject to specific legal exceptions (e.g., data required for tax or fraud prevention).
-
Right to Grievance Redressal: You have the right to contact our GRO for any questions or complaints.
-
Right to Withdraw Consent: You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
7. Data Security
We implement reasonable security safeguards and technical measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data. These measures include encrypted connections (SSL), secure hosting, and restricted access to data storage systems.
8. Amendments to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements, particularly the evolving rules under the DPDP Act. We will notify you of any material changes by posting the new policy on this page.