Data Protection Policy
We are committed to protecting your personal data and respecting your privacy rights in accordance with applicable data protection laws.
Last Updated: January 1, 2024
Effective Date: January 1, 2024
Our Data Protection Principles
Data Minimization
We collect only the minimum data necessary for our services
Transparency
Clear information about what data we collect and how we use it
User Control
You have full control over your personal data and privacy choices
Security First
Strong technical and organizational measures protect your data
Limited Retention
We keep data only as long as necessary for legitimate purposes
Legal Compliance
Full compliance with applicable data protection regulations
Data Controller Information
Who Controls Your Data
VyomA acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Data Controller Details
Organization: VyomA
Registration: Indian Private Entity
Address: Bangalore, Karnataka, India - 560001
Contact: privacy@vyoma.online
Data Protection Officer
Role: Privacy and Data Protection Lead
Email: dpo@vyoma.online
Responsibilities: Oversight of data protection compliance
Response Time: Within 72 hours
Personal Data We Collect
Calculator Usage - No Personal Data Collected
✅ Your land measurement calculations are completely private and never collected or stored.
How Our Calculators Protect Your Privacy:
- • Client-side processing: All calculations happen in your browser
- • No data transmission: Your input values never leave your device
- • No storage: We don't save your calculation history
- • Offline capable: Works without internet connection once loaded
- • No tracking: We don't monitor what you calculate
Personal Data We Do Collect
We collect minimal personal data only when you voluntarily provide it for specific services:
Contact Form Submissions
- Name (required)
- Email address (required)
- Phone number (optional)
- State/region (optional)
- Message content
- Timestamp of submission
Newsletter Subscriptions
- Email address
- Subscription date
- Subscription preferences
- Email interaction data (opens, clicks)
Website Analytics
- Anonymized IP address
- Browser type and version
- Device type and screen resolution
- Pages visited and time spent
- Referrer website
- General geographic location (country/state)
Technical Information
- Server log data (IP, timestamp, request)
- Error logs for debugging
- Performance metrics
- Security event logs
Legal Basis for Data Processing
Under data protection laws (including GDPR), we must have a valid legal basis for processing your personal data. Here are the legal bases we rely on:
Consent
When we use it:
- Newsletter subscriptions
- Analytics cookies
- Marketing communications
Your rights: You can withdraw consent at any time
Legitimate Interest
When we use it:
- Responding to contact form inquiries
- Website security and fraud prevention
- Service improvement and optimization
Balancing test: We ensure our interests don't override your rights
Legal Obligation
When we use it:
- Tax and accounting records
- Legal compliance reporting
- Court orders or legal requests
Note: We only process what's legally required
Vital Interest
When we use it:
- Emergency situations
- Life-threatening circumstances
- Public health emergencies
Note: Rarely applicable to our services
Data Sharing and Third-Party Processors
What We Don't Do
❌ We do not sell, rent, or trade your personal data to third parties for marketing purposes.
Specifically, we do NOT:
- • Sell your email addresses to marketers
- • Share personal data with data brokers
- • Provide user information to advertisers
- • Exchange data for commercial gain
- • Create user profiles for external use
Authorized Third-Party Processors
We work with carefully selected service providers who process personal data on our behalf. All processors are bound by strict data protection agreements:
Analytics Services
Provider: Google Analytics
Data Processed: Anonymized usage statistics
Purpose: Website performance analysis
Safeguards: IP anonymization, data retention controls
Location: EU and US (adequacy decision)
Email Services
Provider: Professional email hosting
Data Processed: Contact form submissions, newsletters
Purpose: Communication and support
Safeguards: Encryption, access controls
Location: India and EU
Hosting Services
Provider: Cloud hosting providers
Data Processed: Website data, server logs
Purpose: Website hosting and delivery
Safeguards: Encryption, access logging, backups
Location: India, Singapore, EU
Security Services
Provider: CDN and security providers
Data Processed: IP addresses, request logs
Purpose: DDoS protection, performance optimization
Safeguards: Limited retention, anonymization
Location: Global network with data residency controls
Legal Disclosure Requirements
We may disclose personal data only when legally required or in specific circumstances:
Legal Obligations
- • Court orders and legal proceedings
- • Government requests under applicable law
- • Tax and regulatory compliance
- • Law enforcement investigations
Emergency Situations
- • Protecting life or preventing serious harm
- • Preventing fraud or security threats
- • Protecting our legal rights
- • Public safety concerns
Our Commitment: We will notify you of any legal disclosure request when legally permitted, and we will challenge overly broad or inappropriate requests to protect your privacy.
International Data Transfers
Cross-Border Data Protection
As a global service, some of your personal data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for all international transfers.
Adequate Protection Jurisdictions
Primary Locations:
- India: Primary data processing location
- European Union: GDPR adequacy for EU users
- Singapore: Strong data protection laws
- Canada: PIPEDA compliance
Transfer Safeguards
Protection Mechanisms:
- Standard Contractual Clauses: EU-approved contracts
- Adequacy Decisions: Government-recognized protections
- Binding Corporate Rules: Internal data protection rules
- Explicit Consent: When other safeguards aren't available
Special Note for US Transfers
For transfers to the United States, we rely on Standard Contractual Clauses and additional safeguards such as encryption, data minimization, and access controls to ensure your data receives adequate protection.
Data Security Measures
Technical Security Measures
Encryption
- • In Transit: TLS 1.3 encryption for all communications
- • At Rest: AES-256 encryption for stored data
- • Database: Encrypted database storage
- • Backups: Encrypted backup systems
Access Controls
- • Role-based access: Minimal necessary permissions
- • Multi-factor authentication: Required for admin access
- • Regular audits: Access review and monitoring
- • Principle of least privilege: Limited data access
Infrastructure Security
- • Secure hosting: ISO 27001 certified data centers
- • Network security: Firewalls and intrusion detection
- • Regular updates: Security patches and updates
- • Monitoring: 24/7 security monitoring
Vulnerability Management
- • Security testing: Regular penetration testing
- • Code reviews: Security-focused code analysis
- • Dependency scanning: Third-party library monitoring
- • Incident response: Prepared response procedures
Organizational Security Measures
Staff Training
Regular privacy and security training for all team members with access to personal data
Confidentiality Agreements
All staff and contractors sign comprehensive privacy and confidentiality agreements
Background Checks
Appropriate background verification for personnel with data access
Policies and Procedures
Comprehensive data protection policies covering all aspects of data handling
Incident Response
Documented procedures for handling data breaches and security incidents
Regular Reviews
Periodic assessment and improvement of security measures and practices
Data Retention and Deletion
Our Retention Policy
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.
| Data Type | Retention Period | Deletion Trigger | Legal Basis |
|---|---|---|---|
| Contact Form Data | 2 years from last contact | Automatic deletion after period | Support provision |
| Newsletter Subscriptions | Until unsubscribed | User unsubscribes | Consent |
| Analytics Data | 26 months (anonymized) | Google Analytics retention settings | Legitimate interest |
| Server Logs | 90 days | Automatic rotation | Security and performance |
| Legal Records | 7 years | Legal requirement ends | Legal obligation |
Secure Deletion Process
When data retention periods expire or deletion is requested:
- Data is securely overwritten using industry-standard methods
- Backup copies are identified and removed within 30 days
- Third-party processors are notified to delete their copies
- Deletion is verified and documented for compliance
Your Data Protection Rights
Your Fundamental Rights
Under data protection laws, you have several important rights regarding your personal data. These rights are free to exercise and we will respond within the legally required timeframes.
Right of Access
What it means: Request a copy of the personal data we hold about you
Includes: Data categories, processing purposes, retention periods
Response time: Within 30 days
Cost: Free (additional copies may incur reasonable fees)
Right of Rectification
What it means: Correct inaccurate or incomplete personal data
Includes: Updating contact information, correcting errors
Response time: Within 30 days
Cost: Free
Right of Erasure
What it means: Request deletion of your personal data
Conditions: When no longer necessary, consent withdrawn, unlawfully processed
Response time: Within 30 days
Limitations: Legal obligations may prevent deletion
Right to Restrict Processing
What it means: Limit how we process your data
When available: Accuracy disputed, processing unlawful, data no longer needed
Response time: Within 30 days
Effect: Data stored but not actively processed
Right to Data Portability
What it means: Receive your data in a structured, machine-readable format
Applies to: Data processed by consent or contract
Response time: Within 30 days
Format: JSON, CSV, or other standard formats
Right to Object
What it means: Object to processing based on legitimate interests
Applies to: Marketing, profiling, legitimate interest processing
Response time: Within 30 days
Effect: We must stop unless compelling legitimate grounds exist
Right to Withdraw Consent
What it means: Withdraw consent for processing at any time
Applies to: Newsletter subscriptions, analytics cookies
Response time: Immediate
Effect: Processing stops, but past processing remains lawful
Right to Lodge a Complaint
What it means: File a complaint with data protection authorities
When: If you believe we've violated your data protection rights
Authority: Your local data protection authority
Note: You can also contact us first to resolve issues
How to Exercise Your Rights
To exercise any of your data protection rights, please contact us using the information below. We may need to verify your identity before processing your request.
Contact Information
Email: privacy@vyoma.online
Subject Line: Data Protection Rights Request
Response Time: Within 30 days (may extend to 60 days for complex requests)
Cost: Free (reasonable fees may apply for excessive requests)
Information to Include
- • Full name and contact information
- • Description of your request
- • Specific right you want to exercise
- • Relevant dates or reference numbers
- • Proof of identity (if requested)
Complaints and Supervisory Authority
Your Right to File Complaints
If you believe we have not handled your personal data properly or violated your data protection rights, you have the right to file a complaint with the relevant supervisory authority.
Try to Resolve With Us First
We encourage you to contact us first so we can try to resolve any concerns:
- Email: privacy@vyoma.online
- Subject: Data Protection Complaint
- Response: Within 48 hours
- Resolution: We'll work to address your concerns promptly
Supervisory Authority Contact
For EU Residents:
Contact your local Data Protection Authority or the lead supervisory authority in your country.
For Indian Residents:
Contact the appropriate data protection authority under Indian data protection laws.
Find Your Authority: EU DPA Directory
Updates to This Policy
Policy Change Procedures
We may update this Data Protection Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Minor Updates
- • Clarifications and formatting improvements
- • Contact information updates
- • Non-material changes
Notice: Updated date changed
Material Changes
- • New data collection practices
- • Changes to processing purposes
- • Modified retention periods
Notice: Email notification + prominent notice
Your Options: For material changes, you'll have the option to withdraw consent, object to processing, or request data deletion if you disagree with the new terms.
Contact Our Data Protection Team
Data Protection Officer
Primary Contact
privacy@vyoma.online
Data Protection Officer
dpo@vyoma.online
Response Time
Within 72 hours for urgent matters
Languages
English, Hindi (limited)
What We Can Help With
Your Data, Your Rights, Our Responsibility
We're committed to protecting your privacy and ensuring you have full control over your personal data. If you have any questions or concerns, we're here to help.