Privacy Policy
This Policy constitutes an electronic record within the meaning of the IT Act, 2000 and is published in compliance with Rule 3(1) of the IT (Intermediary Guidelines) Rules, 2021, Rule 4 of the IT (SPDI) Rules, 2011, and Section 5 of the DPDP Act, 2023.
Upon accessing the Website or enrolling in any Programme, the Data Principal shall be deemed to have accorded free, specific, informed, and unambiguous Consent to the collection, Processing, storage, and transfer of Personal Data in the manner prescribed herein. Capitalised terms not defined herein shall bear the meanings assigned under the Terms & Conditions.
- IDENTITY OF THE DATA FIDUCIARY
Bharat BrandDShala LLP is the Data Fiduciary, as defined under Section 2(i) of the DPDP Act, 2023, in respect of all Personal Data collected through the Website and Programmes.
It is hereby clarified that BrandDShala is a legally distinct and independent entity from Nilon’s Enterprises Private Limited. References to Mr. Dipak Sanghavi’s experience at Nilon’s are illustrative only. No Personal Data collected hereunder is shared with, processed by, or transferred to Nilon’s Enterprises in any form whatsoever.
- PERSONAL DATA COLLECTED
2.1 Data furnished by the Data Principal
Upon registration for a Programme or subscription to BrandDShala’s communications, the following Personal Data shall be collected: full name; email address; WhatsApp/mobile number; job role or business stage; city or location, where voluntarily disclosed; business name and sector, where relevant; and content submitted through community forums, live session Q&As, or assignments on the LMS Platform.
2.2 Data collected automatically
Upon access to the Website, the following data shall be collected automatically: IP address (truncated where supported); device and browser type; pages visited and time spent thereon; referring URL; approximate geographic location derived from IP; cookie and session identifiers; and, on the LMS Platform, course progress, module completion, login timestamps, and session attendance records.
2.3 Payment data
Payments are processed exclusively through TagMango, engaged as a Data Processor hereunder. BrandDShala shall not collect, receive, or store card numbers, UPI identifiers, CVV codes, OTPs, or bank credentials. Only payment confirmation status and basic order metadata shall be received from TagMango. The processing of payment data shall be governed by TagMango’s privacy policy at tagmango.com.
2.4 Community and session data
It is hereby brought to the notice of the Data Principal that posts and contributions made in BrandDShala community forums or live Q&A sessions shall be visible to all enrolled participants of the relevant Programme. Live sessions may be recorded and shared with enrolled participants; advance notice shall be provided where applicable. Personal Data of third parties shall not be disclosed in community spaces without a lawful basis for such disclosure.
2.5 Data not collected
Sensitive personal data or information (“SPDI”) as defined under Rule 3 of the IT (SPDI) Rules, 2011, including financial account details, medical records, biometric data, and passwords, shall not be knowingly collected by BrandDShala. Upon inadvertent submission of SPDI, the Data Principal is requested to notify support@bharatbranddshala.com, whereupon such data shall be deleted forthwith.
- PURPOSE AND LEGAL BASIS OF PROCESSING
Personal Data shall be Processed solely for the purposes specified hereunder and for no other purpose incompatible therewith, in accordance with the principle of purpose limitation under Section 6(4) of the DPDP Act.
Purpose | DPDP Act | GDPR |
Registration and delivery of the enrolled Programme | Consent – Section 6 | Contract – Art. 6(1)(b) |
Dispatch of Programme communications, joining links, recordings, and assignments | Consent; legitimate use | Contract – Art. 6(1)(b) |
Management of LMS Platform access and course progress | Consent; legitimate use | Contract – Art. 6(1)(b) |
Facilitation of community participation and live Q&As | Consent at enrolment | Contract – Art. 6(1)(b) |
Dispatch of marketing and promotional communications | Explicit Consent – separate opt-in | Consent – Art. 6(1)(a) |
Website analytics and user experience improvement | Consent via cookie banner | Consent – Art. 6(1)(a) |
Advertising measurement and remarketing via Meta and Google | Consent via cookie banner | Consent – Art. 6(1)(a) |
Issuance of GST invoices and statutory accounting records | Legal obligation – CGST Act, 2017 | Legal obligation – Art. 6(1)(c) |
Fraud prevention and enforcement of Terms & Conditions | Legitimate use; legal obligation | Legitimate interests – Art. 6(1)(f) |
Compliance with orders of courts, tribunals, or regulatory authorities | Legal obligation | Legal obligation – Art. 6(1)(c) |
Grievance redressal under the IT Act, DPDP Act, and Consumer Protection Act, 2019 | Legal obligation | Legal obligation – Art. 6(1)(c) |
- RETENTION OF PERSONAL DATA
Personal Data shall be retained only for so long as is necessary for the purpose for which it was collected, or as mandated under Applicable Law, in accordance with the storage limitation principle under the DPDP Act.
Category | Retention Period |
Programme registration and enrolment data | 3 years from date of last interaction |
LMS Platform course progress and community data | Access period + 1 year post-expiry |
Marketing subscribers (email and WhatsApp) | Until opt-out; deleted within 30 days thereafter |
Payment confirmation records (TagMango) | 8 years – Section 36, CGST Act, 2017 |
GST invoices and billing records | 8 years from close of relevant financial year |
Website analytics data (Google Analytics 4) | 14 months |
Cookie consent logs | 12 months from date of consent or withdrawal |
Grievance records | 3 years from resolution |
- DISCLOSURE OF PERSONAL DATA
Personal Data shall not be sold, rented, or traded to any third party. Disclosure shall be made only to the categories of recipients enumerated below, to the minimum extent necessary for the stated purpose.
5.1 Data Processors
Processor | Purpose | Location |
TagMango | Payment processing and enrolment management | India |
Aisensy (Meta WhatsApp Business Platform) | Delivery of WhatsApp communications to opted-in Data Principals | India / Meta infrastructure |
Meta Platforms Ireland Ltd. / Meta Platforms, Inc. | Advertising measurement via Meta Pixel – upon Consent only | USA / Ireland |
Google LLC / Google Ireland Ltd. | Website analytics via Google Analytics 4 – upon Consent only | USA / Ireland |
LMS Platform provider (grow.bharatbranddshala.com) | Hosting of course, community, assignments, and recordings | India / cloud |
Video conferencing platforms (Zoom / Google Meet) | Hosting of live sessions and webinars | USA |
5.2 Professional advisors
Personal Data may be disclosed to lawyers, chartered accountants, and auditors engaged by BrandDShala, each of whom shall be bound by contractual and professional confidentiality obligations.
5.3 Statutory disclosure
Personal Data shall be disclosed to courts, tribunals, law enforcement, or regulatory authorities where required by operation of law, court order, or direction of a competent authority.
5.4 Business succession
In the event of a merger, amalgamation, acquisition, or sale of BrandDShala’s business or assets, Personal Data may be transferred to the successor entity. Not less than fourteen (14) days’ prior notice shall be provided to the Data Principal by email or notice on the Website.
5.5 Community visibility
It is clarified that posts made in community forums or live Q&As are visible to all enrolled participants. BrandDShala shall not be liable for the use made of such information by other participants. All participants are bound by the participant-to-participant confidentiality obligations prescribed under the Terms & Conditions.
- CROSS-BORDER TRANSFER
Where Personal Data is transferred outside India to processors such as Meta and Google, such transfer shall be effected in accordance with the data transfer mechanisms recognised under the DPDP Act, 2023 and rules framed thereunder. In respect of Data Principals resident in the European Union or United Kingdom, transfers shall be made on the basis of Standard Contractual Clauses under Article 46(2)(c) of the EU GDPR or the UK International Data Transfer Addendum, as applicable.
- SECURITY
In compliance with Section 43A of the IT Act and Section 8(4) of the DPDP Act, reasonable technical and organisational security measures shall be maintained, including TLS/HTTPS encryption in transit, role-based access controls, and contractual confidentiality obligations on all Data Processors.
In the event of a personal data breach, the Data Protection Board of India and affected Data Principals shall be notified within the timelines prescribed under the DPDP Rules, 2025. For EU/UK Data Principals, the relevant supervisory authority shall be notified within seventy-two (72) hours.
- RIGHTS OF THE DATA PRINCIPAL
The following rights are available to the Data Principal under Sections 11-14 of the DPDP Act, 2023:
Right to Access [Section 11] – A summary of Personal Data being Processed and the purposes thereof may be obtained upon request.
Right to Correction and Erasure [Section 12] – Correction of inaccurate Personal Data and erasure of data no longer required for its stated purpose may be requested. It is clarified that data subject to statutory retention obligations – including GST and payment records – cannot be erased on request.
Right to Withdraw Consent [Section 13] – Consent may be withdrawn at any time. Withdrawal shall not affect the lawfulness of Processing carried out prior to such withdrawal but may result in discontinuation of the relevant Programme or service.
Right to Nominate [Section 14] – A nominee may be designated to exercise data rights in the event of the Data Principal’s death or incapacity, in the manner prescribed under the DPDP Rules.
Right to Grievance Redressal [Section 13(3)] – A grievance may be lodged with the Grievance Officer. Upon non-resolution within thirty (30) days, an appeal may be preferred to the Data Protection Board of India under Section 20 of the DPDP Act.
Additional rights for EU/UK Data Principals – Rights to data portability (Article 20), restriction of Processing (Article 18), and objection to Processing (Article 21) shall additionally be available. Complaints may be lodged with the ICO (ico.org.uk) or the relevant national Data Protection Authority.
All rights requests shall be submitted to support@bharatbranddshala.com with the subject line “Data Principal Rights Request.” Verified requests shall be responded to within thirty (30) days of receipt.
- COOKIES AND TRACKING
Non-essential cookies, including analytics cookies via Google Analytics 4 and advertising cookies via Meta Pixel, shall be blocked by default and activated only upon explicit Consent through the cookie consent mechanism on the Website. The complete cookie inventory, consent mechanism, and opt-out procedure are set out in the Cookie Policy at bharatbranddshala.com/cookie-policy, which forms part of this Policy.
- WHATSAPP COMMUNICATIONS
WhatsApp communications shall be transmitted through Aisensy, operating on Meta’s WhatsApp Business Platform, in compliance with the TCCCPR, 2018 and its Second Amendment, 2025. BrandDShala’s DLT Principal Entity registration is maintained with TRAI as required thereunder. Consent may be withdrawn at any time by replying STOP to any WhatsApp message received from BrandDShala. The full opt-in/opt-out procedure is set out in the WhatsApp Policy at bharatbranddshala.com/whatsapp-policy.
- PERSONS BELOW THE AGE OF MAJORITY
BrandDShala’s Programmes are designed for persons who are eighteen (18) years of age or above. In accordance with Section 9 of the DPDP Act, Processing of Personal Data of a child shall require verifiable Consent of the parent or lawful guardian. Upon becoming aware that Personal Data of a person below eighteen years of age has been collected without verifiable parental Consent, such data shall be deleted forthwith.
- GRIEVANCE OFFICER
In compliance with Rule 3(2) of the Intermediary Guidelines, 2021, Section 13(3) of the DPDP Act, and Rule 4 of the Consumer Protection (E-Commerce) Rules, 2020:
|
|
Name | Radhika S |
Designation | Chief of staff |
support@bharatbranddshala.com | |
Address | 33272, 33278,OPP CERA REGENT PARK, MADHUBAN BAUG, Baner Gaon, Pune Pune Maharashtra 411045 India |
Acknowledgement | Within 48 hours of receipt |
Resolution | Within 30 days of receipt – Rule 3(2)(a), Intermediary Guidelines |
- AMENDMENTS
This Policy may be amended by BrandDShala from time to time. In the event of a material amendment, not less than fourteen (14) days’ prior notice shall be provided by email or notice on the Website. Continued use of the Website or any Programme following the effective date of an amendment shall be deemed to constitute acceptance of the amended Policy.
- GOVERNING LAW AND DISPUTES
This Policy shall be governed by the laws of India. Disputes not resolved through the grievance mechanism shall be referred to arbitration before a sole arbitrator under the Arbitration and Conciliation Act, 1996, with seat at Pune, Maharashtra. The courts at Pune shall have exclusive supervisory jurisdiction.
This Policy constitutes a legally binding electronic document under the IT Act, 2000 and the Indian Evidence Act, 1872.
Bharat BrandDShala LLP
LLPIN: AVC-2365
support@bharatbranddshala.com
WhatsApp Marketing Opt-in & Opt-out Policy
This Policy governs BrandDShala’s use of WhatsApp for communications and is to be read alongside the Privacy Policy. It is framed in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the Telecom Commercial Communications Customer Preference Regulations, 2018 (“TCCCPR”) as amended in 2025, and Meta’s WhatsApp Business Messaging Policy.
- Basis of Communication
WhatsApp communications are initiated solely upon receipt of explicit, recorded consent obtained when you: registered for a webinar, masterclass, or programme through a form that disclosed WhatsApp communications; subscribed via a BrandDShala landing page or lead form containing a WhatsApp opt-in; initiated contact with us on WhatsApp; or clicked a WhatsApp CTA where consent language was expressly displayed. Consent is recorded with timestamp, source, consent text, and opted-in status, in satisfaction of Section 6 of the DPDP Act, 2023.
- Message Delivery Platform
Messages are delivered via Aisensy, a Meta-authorised WhatsApp Business Solution Provider. Your name, WhatsApp number, opt-in status, and message metadata are processed by Aisensy and Meta solely for message delivery. No WhatsApp data is shared with any third party for independent marketing purposes.
- Types of Messages Sent
Category | Examples | Opt-In Required? |
Programme updates & reminders | Joining links, schedule changes, recordings | Yes – at registration |
Webinar reminders | Date/time alerts for registered events | Yes – at registration |
Marketing & promotional | New programmes, offers, free events | Yes – explicit checkbox |
Service messages | Payment confirmations, support replies | No – service obligation |
- Message Frequency
Promotional and marketing broadcasts shall not ordinarily exceed 2-4 messages per week. Additional messages may be sent around programme launches or live events. The right to opt out at any time is reserved to you.
- How to Opt Out
Opt-out may be exercised at any time, instantly, without condition:
- Reply STOP (or UNSUBSCRIBE / OPT-OUT) to any WhatsApp message from BrandDShala – the Aisensy system processes opt-out in real time; or
- Email support@bharatbranddshala.com with subject “WhatsApp Opt-Out” and your number – processed within 2 working days.
Following opt-out, all marketing and promotional messages cease immediately. Strictly service-related messages (e.g., payment confirmation for an existing enrolment) may continue until the relevant service obligation is discharged. Re-opt-in may be effected by replying START or re-registering through any BrandDShala form.
- TRAI Compliance
Promotional WhatsApp broadcasts are sent only between 10:00 AM and 9:00 PM IST, consistent with TRAI’s permitted promotional window under TCCCPR, 2018. Opted-out numbers and numbers on the National DND Registry are not contacted for promotional purposes. Opt-in records, opt-in source, and opt-out requests are maintained in compliance with applicable law.
- Data Processed
For WhatsApp messaging, the following data is processed: name; WhatsApp number; opt-in status, source, and timestamp; message delivery status; and inbound replies. Retention periods and data rights are governed by the Privacy Policy. To exercise any right – including access, correction, erasure, or grievance – contact support@bharatbranddshala.com.
This Policy is to be read alongside the Privacy Policy, Terms & Conditions, and Disclaimer published on this Website.
Instant opt-out: Reply STOP to any WhatsApp message from BrandDShala.