Privacy Policy

Effective Date: 15/11/2024

Brand Content Strategy (BCS) is committed to protecting your privacy and ensuring your personal data is handled in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and safeguard your personal data when you engage with our services, digital products, or website.

1. Data Controller Information

BCS acts as the data controller for the personal data collected through our services, digital products, and website. Contact us should you have any questions or concerns about this policy.

2. Personal Data We Collect

2.1 Information You Provide

  • Name, email address, phone number, and business details during registration or purchases.

  • Payment information, processed securely through third-party payment providers (Stripe, PayPal).

2.2 Automatically Collected Data

  • IP address, browser type, operating system, and device information.

  • Interaction data, such as pages viewed, time spent on the site, and clicks.

2.3 Cookies and Tracking Technologies

We use cookies to enhance your experience and gather analytics. For more details, please refer to the Squarespace, Inc. Cookie Policy.

3. Legal Basis for Processing Personal Data

We process your data in accordance with GDPR under the following legal bases:

  • Consent: When you opt-in to receive marketing communications.

  • Contractual Necessity: To fulfil orders or provide services you have purchased.

  • Legitimate Interests: For analytics, fraud prevention, and improving our offerings.

  • Legal Obligation: To comply with laws or regulatory requirements.

4. How We Use Your Data

We use your personal data to:

  • Provide and improve our services, digital products, and website.

  • Process transactions and deliver orders.

  • Send updates, marketing communications, and promotional offers (if you have consented).

  • Respond to inquiries and provide customer support.

  • Ensure compliance with legal obligations and security standards.

5. Sharing Your Data

We do not sell your personal data. However, we may share your data with:

  • Service Providers: Trusted third parties who assist with payment processing, hosting, or analytics.

  • Legal Authorities: If required by law or necessary to protect our rights.

  • Business Transfers: In case of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.

All third-party processors are required to comply with GDPR and maintain adequate safeguards for your data.

6. Data Retention

We retain your data only as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specific retention periods include:

  • Transactional data: Retained for 10 years to comply with financial regulations.

  • Marketing data: Retained until you opt out.

7. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.

  • Right to Rectification: Request corrections to inaccurate or incomplete data.

  • Right to Erasure: Request the deletion of your personal data, subject to legal obligations.

  • Right to Restrict Processing: Request that we limit the processing of your data under certain circumstances.

  • Right to Data Portability: Request your data in a structured, machine-readable format for transfer to another controller.

  • Right to Object: Object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Withdraw your consent at any time, where processing is based on consent.

Contact us to exercise your rights.

8. International Data Transfers

If you are located outside India and the EU, please note that your data may be transferred to, stored, or processed in the US or other jurisdictions (i.e. Squarespace, Inc. servers). We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data.

9. Data Security

We implement robust technical and organisational measures to protect your personal data, including:

  • Encryption of sensitive data.

  • Secure storage and restricted access.

  • Regular security audits and updates.

However, no system is completely secure, and we cannot guarantee absolute protection against unauthorised access.

10. Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

11. Cookies Policy

We use cookies and similar technologies to personalise your experience, provide analytics, and enhance website performance. For detailed information, please see our Cookie Policy.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices, and we encourage you to review their policies before providing personal data.

13. Updates to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page with the effective date indicated.

14. Contact Information

Contact us for privacy-related inquiries or to exercise your GDPR rights.

By using our services, digital products, or website, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.