Back to Home

Privacy Policy & DPDPA Compliance

Effective Date: March 2026

Digital Personal Data Protection Act (DPDPA) Compliant

1. Introduction

Welcome to ELA Jewels (ESPL). Your privacy is critically important to us. This Master Privacy Policy outlines how we collect, process, manage, and irreversibly erase your Personally Identifiable Information (PII) in strict accordance with the Digital Personal Data Protection Act (DPDPA) and international GDPR standards.

2. What Data We Collect

To provide you with our services, we act as a Data Fiduciary and collect the following:

Identity & Contact Data: Name, Email Address, and encrypted account credentials.
Technical Data: Masked IP address, User-Agent strings (Device/OS/Browser), and secure session cookies for our Visitor Analytics engine.
Commercial Data: Wishlist items, cart payloads, and historical order receipts.

3. Purpose of Processing (Why We Need It)

We process your data strictly under the legal basis of Explicit Consent or Legitimate Business Interests to:

Provide secure authentication and authorization via our unified Hub Portal.
Process and fulfill jewelry orders dynamically via the database.
Monitor holistic web traffic via our internal Visitor Analytics interface.

4. Your Rights as a Data Principal

Under the DPDPA, you maintain absolute control over your digital footprint. Our platform provides native mechanisms for:

Right to Erasure (Right to be Forgotten): If requested, our administrators use the User Data Control module to globally and irreversibly anonymize all of your personal identifiers matching your System ID.
Right to Data Portability: You may request a JSON export of all your commercial and identity data currently stored in our MySQL ledger.
Right to Withdraw Consent: You can instantly clear your `dpdp_consent` cookies from your local browser at any time.

5. Security & Global Audit Logging

Access to personal data is restricted exclusively to authenticated personnel with the Super Admin or Admin rank. Every administrative mutation (such as role changes or data erasure) is permanently recorded in our immutable DPDP Security Audit Log (including the Admin's ID, Time, and action taken) to ensure zero unauthorized access.

6. Contact Our Data Protection Officer (DPO)

To assert your rights (such as Account Deletion/Anonymization) or request a JSON export of your data, please contact our Super Admin directly at:

Email: superadmin@elajewels.com