Privacy Policy

Rogan Art operates www.roganart.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in compliance with:

    • EU General Data Protection Regulation (GDPR) (for EU residents).

    • India’s Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011.

    • India’s Digital Personal Data Protection Act, 2023 (DPDPA) (once enacted).

By using this Website, you consent to the practices described below.

1. Definitions

    • Personal Data: Information that identifies you (e.g., name, email, phone number).

    • Processing: Any operation performed on Personal Data (e.g., collection, storage, deletion).

    • Data Principal: You, the individual to whom the data belongs.

    • Data Fiduciary: Roganart.com, responsible for processing your data.

2. Lawful Basis for Processing (GDPR Compliance)

We process your data only when we have a lawful basis:

    • Contractual Necessity: To fulfill orders, manage accounts, or deliver services.

    • Legal Obligations: To comply with Indian laws (e.g., tax, fraud prevention).

    • Consent: For marketing communications (you may withdraw consent anytime).

    • Legitimate Interests: To improve services, secure the Website, or prevent misuse.

3. Information We Collect

A. Data You Provide:

    • Mandatory: Name, email, phone number, shipping address.

    • Voluntary: Communication preferences, feedback, or survey responses.

B. Automatically Collected Data:

    • Technical: IP address, device type, browser, cookies (see Cookie Policy).

    • Usage: Pages visited, time spent, purchase history.

C. Payment Data:

    • Credit/debit card details processed securely via PCI-DSS compliant gateways (e.g., Razorpay, Stripe). We do not store full card details.

4. How We Use Your Data

Purpose Legal Basis
Process orders & payments Contractual necessity
Send service updates Legitimate interest
Marketing communications Consent (opt-in required)
Prevent fraud Legal obligation
Improve user experience Legitimate interest

5. Data Sharing & Disclosure

We share data only as necessary:

    • Service Providers: Payment processors, shipping partners, IT vendors (bound by confidentiality agreements).

    • Legal Requirements: Disclose data to authorities under Indian law (e.g., court orders, tax audits).

    • Cross-Border Transfers: Data may be transferred outside India/EU to trusted partners. We ensure safeguards (e.g., GDPR Standard Contractual Clauses) for international transfers.

We do not sell your data to third parties.

6. Your Rights (GDPR & DPDPA Compliance)

You have the right to:

    • Access: Request a copy of your Personal Data.

    • Correction: Update inaccurate or incomplete data.

    • Erasure (“Right to Forget”): Delete data (subject to legal retention periods).

    • Restrict Processing: Limit how we use your data.

    • Data Portability: Receive your data in a machine-readable format.

    • Withdraw Consent: Opt out of marketing emails via the “Unsubscribe” link.

    • Lodge Complaints: Contact India’s Data Protection Board (once operational) or your local EU supervisory authority.

To exercise these rights, email [Insert Email] with “Data Request” in the subject line.

7. Data Retention

We retain your data only as long as necessary:

    • Active Accounts: Until deletion is requested.

    • Legal Obligations: Tax records (7 years), transaction logs (as per Indian laws).

    • Inactive Accounts: Deleted after [X] years of inactivity.

8. Security Measures (IT Act Compliance)

    • Encryption: TLS for data transmission; AES-256 for storage.

    • Access Controls: Limited to authorized personnel via password-protected systems.

    • Audits: Regular security assessments to prevent breaches.

    • Incident Response: Notify affected users and authorities within 72 hours of a breach (per GDPR).

9. Children’s Privacy

We do not knowingly collect data from individuals under 18 (or 13 for EU residents) without parental consent.

10. Updates to This Policy

Changes will be posted here with a revised “Last Updated” date. Material changes will be notified via email or Website banners.

11. Contact Us

Grievance Officer (IT Act Compliance):
Name: Rogan Art
Email: [cc@roganart.com]
Address: Rogan Art Kutch Trust, Near Apna Ghar, Navavas, Madhapar, Bhuj-Kutch, Gujarat, India

Governing Law: Disputes under this policy are subject to Indian law, with jurisdiction in Bhuj, Gujarat.

  Cookie Policy | Terms & Conditions

Shopping Cart