How NitiBharat collects, uses, and protects your personal data — in full compliance with the Digital Personal Data Protection Act, 2023.
NitiBharat ("we", "us", "our") is a DPDP compliance consultancy based in New Delhi, India. We provide data protection readiness assessments, privacy gap analysis, vendor risk reviews, policy documentation, and corporate privacy training under the Digital Personal Data Protection Act, 2023.
For the purposes of the DPDP Act, 2023, NitiBharat acts as the Data Fiduciary in relation to personal data processed through our website (nitibharat.com), tools, and engagement processes.
We collect only the personal data necessary for the purposes described in this policy. The categories of data we collect are:
| Category | Data Elements | How Collected |
|---|---|---|
| Contact & Identity | Full name, email address, mobile number | Contact form, tool registration |
| Professional | Company name, job title, industry sector | Contact form, consultation booking |
| Engagement Data | Service interest, assessment responses, free-text queries | Tool interactions, form submissions |
| Payment Data | Transaction ID, order amount (no card/bank details stored by us) | Razorpay payment gateway (PCI-DSS compliant) |
| Usage Data | Pages visited, tools used, time on site, referring URL | Automatically via server logs |
| Communications | Email correspondence, consultation notes | Email exchanges, meetings |
We do not collect sensitive personal data (as defined under the DPDP Act) unless explicitly required for a specific engagement and consented to separately.
We process your personal data only for specific, lawful purposes. Under the DPDP Act, 2023, our legal basis is your free, specific, informed, and unambiguous consent — given when you submit a form, use a tool, or engage with our services.
| Purpose | Data Used |
|---|---|
| Responding to consultation and enquiry requests | Name, email, mobile, company, message |
| Delivering paid and free tool outputs (assessments, reports, policies) | Name, email, assessment responses |
| Processing payments for paid tools and services | Email, order ID (payment handled by Razorpay) |
| Sending requested templates and resources | Name, email |
| Compliance awareness communications (where opted in) | Name, email |
| Improving our tools and website | Anonymised usage data |
| Legal, regulatory, and audit obligations | As required by applicable law |
We do not use your personal data for automated profiling, targeted advertising, or any purpose not listed above without obtaining fresh consent.
We do not sell or rent your personal data. We share data only with the following categories of Data Processors, and only to the extent necessary:
Each of these processors is contractually required to handle your data only on our instructions and in accordance with applicable data protection law.
We may disclose personal data to competent authorities if required by law, court order, or to protect the rights and safety of individuals.
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.
| Data Category | Retention Period |
|---|---|
| Contact & enquiry data | 24 months from last interaction, or until withdrawal of consent |
| Tool assessment responses | 12 months, then anonymised or deleted |
| Payment transaction records | 7 years (as required under the Companies Act / GST law) |
| Email communications | 36 months from last communication |
| Server logs (anonymised) | 90 days |
After the retention period, data is securely deleted or anonymised so it can no longer be linked to you.
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
Know what personal data we hold about you and how it is being processed.
Request correction or updating of inaccurate or incomplete personal data.
Request deletion of your personal data, subject to legal retention obligations.
Withdraw consent at any time. This does not affect processing done before withdrawal.
Raise a complaint with our Grievance Officer and receive a response within 48 hours.
Nominate another individual to exercise your rights in the event of death or incapacity.
To exercise any of these rights, email us at hello@nitibharat.com with the subject line "Data Principal Rights Request". We will respond within 72 hours and resolve the request within 30 days.
Our website uses minimal cookies required for functionality. We do not use third-party advertising cookies or tracking pixels.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session cookies | Maintain your session as you navigate the site | Until browser closes |
| Server log cookies | Basic analytics via Hostinger server logs (anonymised) | 90 days |
We do not use Google Analytics, Facebook Pixel, or any third-party behavioural tracking on this website. You can disable cookies in your browser settings without affecting core site functionality.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
In the event of a personal data breach that is likely to result in risk to your rights, we will notify you and the Data Protection Board of India within 72 hours of becoming aware, as required under the DPDP Act, 2023.
Our website and services are intended for business professionals and are not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@nitibharat.com and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will:
We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.
In accordance with the Digital Personal Data Protection Act, 2023, and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, NitiBharat has appointed a Grievance Officer to address data protection concerns.
If you are not satisfied with our response, you have the right to approach the Data Protection Board of India once it is constituted under the DPDP Act, 2023.
