Privacy Policy
roshanamarujala.com
1. Introduction & Scope
This Privacy Policy explains how Roshan Amar Ujala (“we,” “us,” “our,” or “the Owner”), operator of roshanamarujala.com (the “Site”), collects, uses, shares, and protects information about visitors (“you”).
It applies to all visitors worldwide, including residents of the European Economic Area (EEA), the United Kingdom (UK), and all United States jurisdictions, with specific provisions for California. The Site is a personal portfolio and professional blog. It has no user accounts, no online store, and no public user-generated content beyond messages you choose to send us.
By using the Site you acknowledge that you have read and understood this Policy. Where the law requires your consent (for example, for non-essential cookies), we collect that consent separately and do not rely on your mere use of the Site.
Current status: the Site has no contact-form backend, no newsletter, and no active analytics. The only way to contact us is the email link, which opens your own mail application; we store only the messages you choose to send. Google Analytics is configured but not currently active, so no analytics or advertising cookies are set. The clauses below that describe analytics or a newsletter apply only if and when those features are enabled, at which point this Policy and the consent banner will reflect it.
2. Information We Collect
We practise data minimisation and collect only what is described below.
| Category | Examples | Sensitive? |
|---|---|---|
| Identifiers | Name and email address you submit via the contact form or newsletter signup | No (treated as sensitive for known minors under 16, see §13) |
| Internet / network activity | IP address (transiently, via analytics), pages viewed, referring URLs, time on page, clicks | No |
| Online identifiers / cookies | Cookie identifiers and similar technologies (see Cookie Policy) | No |
| Device information | Browser type and version, operating system, screen size, device type | No |
| Approximate location | Coarse, city/region-level location derived from IP by analytics (never precise GPS) | No |
| Communications content | The message text you include in a contact form or email to us | Only if you choose to include sensitive details |
We do not knowingly collect government IDs, financial account numbers, precise geolocation, biometric data, or special-category data (e.g., health, religion, sexual orientation). Please do not send such information through the Site.
3. How We Collect Information
- Directly from you: when you complete the contact form, subscribe to the newsletter, or email us. Providing this information is voluntary.
- Automatically: through cookies and analytics that activate only after you consent to the relevant category. These capture network activity, device, and coarse-location data.
- From service providers: our analytics and hosting providers generate technical logs while delivering their services.
4. Why We Collect Information
- Communication, to read and respond to your inquiries and to send a newsletter you requested.
- Analytics & site improvement, to understand which content is useful and improve the Site.
- Security & integrity, to detect, prevent, and investigate abuse, spam, fraud, and technical faults.
- Legal compliance, to meet legal obligations and to establish, exercise, or defend legal claims.
We do not sell your personal information for money, and we do not engage in cross-context behavioural advertising. (If Google AdSense is enabled in future, this Policy will be updated and your consent re-obtained where required.)
5. Legal Basis for Processing (GDPR / UK GDPR)
| Processing activity | Lawful basis |
|---|---|
| Responding to your contact-form / email inquiry | Consent and/or steps taken at your request (Art. 6(1)(a)/(b)) |
| Sending the newsletter | Consent (Art. 6(1)(a)), withdrawable at any time |
| Strictly necessary / essential cookies and basic security | Legitimate interests (Art. 6(1)(f)), operating a secure, functional website |
| Analytics and any future advertising cookies | Consent (Art. 6(1)(a)), obtained before the cookies are set |
| Meeting legal obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have balanced those interests against your rights. You may object at any time (see §9).
6. Who We Share Information With
- Analytics provider, Google LLC (Google Analytics 4): receives pseudonymous usage and device data after you consent.
- Hosting provider: processes server logs and delivers Site content; data may be processed on servers in the United States.
- Email / newsletter provider: if you subscribe, your name and email are processed to send the messages you requested.
- Professional advisors and authorities: legal/security advisors and government or law-enforcement bodies where required by law or to protect rights and safety.
All providers act as our processors/service providers under contracts that restrict use of the data to providing their services. We do not sell or rent your personal information.
7. Cookies & Tracking Technologies
We use cookies and similar technologies. Essential cookies are always active because the Site cannot function securely without them. All non-essential cookies (analytics and any future advertising) are disabled until you opt in through our consent banner, and you can change your choice any time via the “Cookie Settings” link in the footer. Full details are in our Cookie Policy.
8. International Data Transfers
We operate from New Delhi, India, and our providers (including Google and our host) may process data in the United States and other countries, which may have different data-protection laws. When we transfer personal data out of the EEA or UK we rely on appropriate safeguards, principally the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures and, where applicable, the EU-U.S. Data Privacy Framework for certified recipients such as Google. Contact us (§16) for more information.
9. Your Privacy Rights
Depending on where you live, you have some or all of the rights below. We honour these for all visitors as a matter of policy, except where a right is specific to a legal regime.
California residents (CCPA/CPRA)
- Right to Know the categories and specific pieces of personal information collected, the sources, purposes, and recipients.
- Right to Delete personal information we hold (subject to legal exceptions).
- Right to Correct inaccurate personal information.
- Right to Opt Out of the “sale” or “sharing” of personal information (see §11).
- Right to Limit the use of sensitive personal information.
- Right to Non-Discrimination for exercising your rights.
EEA / UK residents (GDPR / UK GDPR)
- Access, Rectification, Erasure (“right to be forgotten”), and Data Portability.
- Object to processing based on legitimate interests, and to direct marketing at any time.
- Restrict processing in certain circumstances.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with your supervisory authority (UK: the Information Commissioner’s Office, ico.org.uk; EEA: your national Data Protection Authority).
Residents of other US states (e.g., Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others) have comparable rights to access, correct, delete, obtain a portable copy, opt out of targeted advertising and data sales, and appeal a denied request.
10. How to Exercise Your Rights (DSAR Process)
- Email roshanamarujala@gmail.com with the subject “Privacy Request” and describe the right you wish to exercise.
- Identity verification: to protect your data, we will ask you to confirm details we already hold (such as the email address you used to contact us). Authorized agents acting for California residents must provide proof of authorization.
- Response time: we respond within 45 days (CCPA) or one month (GDPR/UK GDPR). Complex requests may be extended once, as permitted by law (up to 45 more days under CCPA; up to two further months under GDPR), and we will tell you why.
- Cost: requests are free, except where the law permits a reasonable fee for manifestly unfounded, excessive, or repetitive requests.
- Appeals: if we deny your request and your state grants an appeal right, reply to our decision email to appeal; we will respond within the statutory window.
11. Do Not Sell or Share My Personal Information
We do not sell your personal information for monetary value, and we do not “share” it for cross-context behavioural advertising as defined under the CCPA/CPRA. To give California (and other state) residents full control:
- A “Do Not Sell or Share My Personal Information” link appears in the footer of every page.
- Activating it disables analytics and any advertising technologies for your browser and triggers a visible on-screen confirmation, we do not process opt-outs silently.
- Global Privacy Control (GPC): we detect and automatically honour the GPC browser signal as a valid opt-out of sale/sharing, without requiring further action, consistent with California law and other states recognising universal opt-out signals (including Colorado, Connecticut, Texas, and Oregon).
You do not need an account to exercise this right, and we will not discriminate against you for doing so.
12. Data Retention
| Data type | Retention period |
|---|---|
| Contact-form / email correspondence (name, email, message) | Up to 24 months after our last correspondence, then deleted |
| Newsletter subscriber (name, email) | Until you unsubscribe; removed within 30 days of request |
| Google Analytics 4 user & event data | 14 months (configured maximum), then auto-deleted; aggregate, non-identifying reports may be kept longer |
| Cookie-consent records / audit log (timestamp, choices, policy version, user agent) | 24 months |
| Server / hosting access logs (incl. IP) | Up to 90 days |
13. Children’s Privacy
The Site is intended for users aged 16 and older and is not directed to children under 13. In line with the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. Under the CCPA/CPRA, personal information of consumers under 16 is treated as sensitive, and we do not knowingly sell or share it. For EEA/UK visitors, the minimum age to consent to non-essential cookies and to subscribe is 16 (or the lower age set by your country’s law). If you believe a child has provided us personal information, contact us (§16) and we will delete it promptly.
14. Security Measures
We maintain reasonable administrative, technical, and organizational safeguards appropriate to a personal website, including HTTPS/TLS encryption in transit, access controls and strong authentication, reputable providers with their own security programs, and data minimisation. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If a breach affecting your personal data occurs, we will notify you and the relevant authorities as required by law.
15. Changes to This Policy
We may update this Policy to reflect changes in our practices or the law. We will revise the “Last Updated” date and, for material changes, post a prominent notice (and obtain fresh consent where required). Continued use after an update constitutes acceptance of the revised Policy to the extent permitted by law.
16. Contact Information
- Email: roshanamarujala@gmail.com (subject: “Privacy Request”)
- Operator: Roshan Amar Ujala, New Delhi, India
EEA/UK visitors unsatisfied with our response may complain to their local supervisory authority (UK: the Information Commissioner’s Office, ico.org.uk).
17. Google-Specific Disclosure
This Site uses Google services (Google Analytics 4 and Google Search Console; potentially Google AdSense in future). Google may use cookies and process data as a third party. To learn how Google uses information from sites that use its services, see:
https://www.google.com/policies/privacy/partners/
We have configured Google Analytics with IP anonymization and a 14-month data-retention limit, use Google Consent Mode v2 so Google tags respect your consent choices, and do not transmit personally identifiable information to Google in URLs, events, or custom parameters. As noted above, Google Analytics is not currently active; this disclosure applies once it is enabled.
18. India: Digital Personal Data Protection Act, 2023
As the Site is operated from New Delhi, India, we act as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act). We process only the personal data you choose to send us (for example, the email you write to us), for the limited purpose of responding to you, and we keep it no longer than necessary. As a Data Principal you may request access to, correction of, or erasure of your personal data, withdraw any consent you have given, and nominate another person to exercise your rights. To make a request or raise a grievance, contact us at roshanamarujala@gmail.com (see Section 16).