Data Protection Policy
Effective Date: July 2, 2026 | Last Updated: July 2, 2026
GDPR Standards
We process personal data under lawful bases specified in the General Data Protection Regulation, including the necessity of processing for the performance of a contract or to take steps at your request prior to entering into a contract, compliance with legal obligations, and our legitimate business interests in maintaining operational efficiency and security. For visitors originating within the European Economic Area, we act as both data controller and data processor depending on the scope of the project and user interactions.
You have the absolute right to inspect, verify, correct, restrict processing, or request the permanent deletion of any personal data stored on our servers. Any transfers of personal data outside the EEA are governed by standard contractual clauses approved by the European Commission to ensure a high level of protection for your information. Our data protection systems are audited internally to safeguard compliance and maintain complete transparent documentation.
CCPA Standards
In accordance with the California Consumer Privacy Act, Suman Web Design does not engage in the sale of personal information to third parties. We collect only the minimum necessary categories of data required to address design inquiries, execute contracts, and coordinate project deliveries. California residents are granted the right to receive disclosure regarding the specific pieces of data collected, the business purposes behind the collection, and the right to request erasure without facing any form of service discrimination.
To exercise your rights under California consumer privacy laws, you may submit a formal request via our registered email address. We will verify your identity within forty-five days of receiving the request and supply a portable, structured copy of any relevant information collected over the preceding twelve-month period.
Indian IT Act & DPDP Compliance
Under Section 43A of the Indian Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, we implement reasonable security practices and procedures to protect sensitive personal data or information from unauthorized disclosure, modification, or access. We operate as a Data Fiduciary under the DPDP Act, ensuring that your digital personal data is processed solely for specified, lawful purposes for which you have provided explicit, unambiguous consent.
Our operational framework ensures that consent can be withdrawn at any time with the same ease it was granted. Upon withdrawal of consent, we will cease processing your personal data and direct our third-party hosting partners to delete all records from active storage systems, unless retention is required to fulfill outstanding legal mandates under Indian law.
User Rights
We believe in absolute data transparency. You have the right to request a complete CSV or JSON copy of all lead inputs, messages, and project specifications associated with your email address. You may also request modifications to project notes, correction of contact details, or request that your files be transferred to another service provider under data portability regulations.
All requests for data access or erasure are processed free of charge and completed within thirty days of verification. We keep an internal log of compliance requests to ensure that audit parameters are met, preserving client privacy at every step of the query lifecycle.
Security Measures
We secure data using advanced cryptographic controls, including transport-layer security for all data in transit and industry-standard encryption algorithms for data at rest. Access to database endpoints is strictly controlled through multi-factor authentication, white-listed IP addresses, and session tokens to ensure that only authorized administrative staff can access client details.
In the unlikely event of a security breach that risks unauthorized access to your personal data, we will notify you and relevant authorities within seventy-two hours of discovering the anomaly, providing details on the nature of the breach, affected data categories, and immediate mitigation actions taken.
Contact Information
For any queries related to data protection, privacy controls, or to exercise your rights, please reach out directly:
Email: sumansadhu0001@gmail.com
WhatsApp Support: +91 98835 81298
Location: Asansol, West Bengal, India