Home/Privacy Policy

Privacy Policy

Effective 9 May 2026 · Business Tech Navigator Operated by Vatsal Shah. This policy describes what personal data we collect, why we use it, and what choices you have when you use this site, join the email list, or use the contact form. For privacy requests, use the contact options below or [email protected].

Contact

Privacy & data rights

Access, correction, deletion, or grievances — send details through the form or to [email protected].

Contact form [email protected]
Transparency note: This is an operational summary for visitors and subscribers, not personalised legal advice. We update it when practices change materially. For your own situation, consult counsel in your jurisdiction.

1. Who we are (data controller / operator)

For the purposes of the Digital Personal Data Protection Act, 2023 (India) and comparable frameworks worldwide, the operator responsible for this website and its associated processing activities is the publisher of Business Tech Navigator. You can reach us through the contact form on this site or by email at [email protected]. Where this site is hosted or uses processors in other countries, we describe cross-border handling below.

2. Scope

This policy applies to visitors who browse public pages, subscribers to our email list, and anyone who submits information through forms on this site. It does not govern third-party sites linked from our content; their privacy practices are governed by their own policies. Use of the site is also subject to our Terms of Use.

3. Legal frameworks we align with

We design data practices to be compatible with:

  • India: The Digital Personal Data Protection Act, 2023 (DPDP Act) and rules thereunder; principles derived from the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) where relevant to security and sensitive categories.
  • European Economic Area, United Kingdom, and Switzerland: Transparency and rights language consistent with the EU and UK GDPR (as applicable to visitors from those regions), including lawful bases, retention, and international transfer safeguards described below.
  • United States (including California): Disclosures consistent with the California Consumer Privacy Act (CCPA) as amended by the CPRA for “business” practices that apply to personal information, including categories collected and purposes—without “selling” or “sharing” personal information for cross-context behavioural advertising (we do not operate that model).
  • Other regions: Where local law grants you rights (access, correction, deletion, objection, portability, or withdrawal of consent), we honour requests that are verifiable and proportionate, subject to legal exceptions.

4. Personal data we may collect

Depending on how you interact with us, categories may include:

  • Browsing and technical data: IP address, approximate location derived from IP, user agent, referrer URL, pages viewed, timestamps, device/browser type. This may be collected in server logs and, if enabled, first-party analytics.
  • Email signup: Email address; optional name; source of the form (e.g. home/footer); page URL; technical metadata (IP, user agent); timestamps. Signups are stored in our database and may be forwarded by HTTPS webhook to automation tools we control (e.g. for spreadsheets or CRM).
  • Contact form: Name, email, subject, message content, and metadata needed to deliver and secure the request.
  • Cookies and similar technologies: See Section 7.

We do not intentionally collect special categories of personal data (e.g. health, biometric templates) through this site. Please do not submit such information in free-text fields unless strictly necessary and lawful.

5. Purposes and lawful bases

We process personal data only for specified, legitimate purposes:

  • Delivering the publication: Serving pages, content, and media (performance of service / legitimate interests in operating a secure website).
  • Email updates: Recording your signup; sending occasional messages if you opted in; syncing leads through our automation stack where configured (consent where required; legitimate interests in operating the list and integrations).
  • Responding to enquiries: Processing contact submissions (performance of pre-contractual steps at your request, or legitimate interests).
  • Security and abuse prevention: Detecting fraud, spam, and technical incidents (legitimate interests; legal obligation where applicable).
  • Compliance: Meeting legal, regulatory, or law-enforcement requests where valid (legal obligation).
  • Improvement: Aggregated or de-identified analytics to understand readership patterns (legitimate interests; where analytics cookies are non-essential, we rely on consent where required).

6. Retention

We retain data only as long as needed for the purposes above, including:

  • Server logs: Typically rotated or deleted within a limited window unless needed for security investigations.
  • Signup records: Retained as needed to operate the list, prove consent where relevant, and honour deletion or opt-out requests.
  • Contact messages: Long enough to respond and resolve the thread, unless a longer period is required for legal claims.

7. Cookies and similar technologies

We may use cookies or local storage for essential site functions (e.g. security tokens, session integrity where applicable). If we deploy non-essential cookies (e.g. analytics or preference storage), we will provide a clear choice mechanism where law requires consent. You can control cookies through your browser settings; blocking some cookies may affect functionality.

8. Analytics

If first-party or privacy-oriented analytics are enabled, they are configured to minimise personal data (e.g. aggregation, IP truncation where supported). We do not use analytics to build individual profiles for sale to third parties.

9. Sharing and processors

We do not sell your personal information. We may share data with:

  • Infrastructure, email, and automation providers that host the site, deliver email, or receive webhook payloads on our instructions (processors), configured in admin.
  • Professional advisers where required (e.g. legal compliance).
  • Authorities when legally compelled by a valid demand.

Processors are bound by contractual terms requiring confidentiality, security measures, and processing only on documented instructions, consistent with India DPDP expectations and GDPR-style Article 28 concepts where applicable.

10. Cross-border transfers

Your data may be processed in India and, depending on hosting or email routing, in other countries. Where transfers from the EEA/UK/Switzerland occur, we rely on appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) as recognised from time to time. Indian residents’ data is primarily intended to be processed with reasonable safeguards under Indian law.

11. Security

We implement administrative, technical, and organisational measures appropriate to the risk—including access controls, TLS where supported for data in transit, secure credential handling for administration, and vendor diligence. No method of transmission over the Internet is 100% secure; we encourage strong unique passwords on your side for any accounts you maintain with us (if introduced in future).

12. Your rights

Depending on your location, you may have rights to access, correct, update, delete, restrict or object to certain processing, withdraw consent (where processing is consent-based), data portability (where technically feasible), and to lodge a complaint with a supervisory authority.

  • India (DPDP): Rights include access to information about personal data processed, correction and erasure in prescribed circumstances, grievance redressal, and nomination. Submit requests via the contact form or [email protected]; we may verify identity before acting.
  • EEA/UK: You may have GDPR/UK GDPR rights as described above; supervisory authority contacts are public in your country.
  • California: You may have rights to know, delete, and correct personal information, and to opt out of sale/sharing (we do not sell or share as defined under CPRA for targeted advertising). Non-discrimination applies.

Opt-out / deletion: use any unsubscribe link in messages we send, or contact us via the contact form / [email protected] to remove your signup record where applicable.

13. Children

This site is directed at professionals and general adult audiences, not children under 18 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have, contact us at [email protected] and we will delete it promptly.

14. Automated decision-making

We do not use personal data for solely automated decisions that produce legal or similarly significant effects concerning you.

15. Grievance / privacy requests

For privacy questions, data subject requests, or grievances (including under Indian law where applicable): use the contact form on this website or email [email protected]. We will respond within reasonable timelines required by applicable law, typically within 30–45 days for complex requests unless a shorter period applies.

16. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The “Effective date” at the top will be revised for material updates. Continued use after posting constitutes acceptance where law permits; where consent is required for new processing, we will obtain it separately.

17. Regulatory references (non-exhaustive)

For readers who want primary sources: India—Digital Personal Data Protection Act, 2023; Information Technology Act, 2000. EU/EEA—Regulation (EU) 2016/679 (GDPR). UK—UK GDPR and Data Protection Act 2018. US California—Civil Code §§ 1798.100 et seq. (CCPA/CPRA).