Effective Date: 4 April 2026
Last Updated: 6 June 2026
Entity: vCISOdesk (an unincorporated content brand operating as vCISOdesk)
Website: vcisodesk.com
Governing Law: Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025 (India)
1. Introduction
vCISOdesk (“we,” “us,” or “our”) operates vcisodesk.com and the vCISOdesk content platform. We are committed to protecting your digital personal data in compliance with India’s Digital Personal Data Protection (DPDP) Act, 2023 and the DPDP Rules, 2025. We are the Data Fiduciary for the personal data described in this notice. This notice is published in line with Section 5 of the DPDP Act and Rule 3 of the DPDP Rules, and explains what data we collect, why we collect it, and what rights you have as a Data Principal.
2. Data We Collect
We collect only the minimum personal data necessary:
- Email address — when you opt in to vCISOdesk email updates or fill out our contact form.
- Name — when you voluntarily provide it via the contact form or email.
- Website usage data — through Google Analytics 4, which collects pseudonymised, aggregated data such as pages viewed, session duration, device type, and approximate geographic region. We do not use it to identify you personally.
- Cookies and similar technologies — see the Cookie Notice below.
We do not collect sensitive personal data such as financial information, government IDs, biometric data, health records, or passwords.
3. How We Use Your Data
We process your personal data only for the following specific, lawful purposes:
- Email updates — if you opt in, to send you the vCISOdesk updates you asked for. (Our email programme is being set up; we will state the sending cadence on the sign-up form when it goes live, and you can unsubscribe at any time.)
- Responding to enquiries — to reply to messages submitted via our contact form or email.
- Website improvement — to understand how visitors use our site so we can improve content and user experience (using pseudonymised analytics only).
We do not sell or rent your personal data, and we do not share it with any third party for their own marketing or commercial purposes. We do share the minimum necessary data with the service providers (Data Processors) who operate this site on our behalf under written, DPDP-equivalent terms — see Cross-Border Transfers below for who they are. We do not use your data for automated decision-making or profiling.
4. Consent
By providing your email address through our opt-in form or by contacting us, you give free, specific, informed, and unambiguous consent for us to process your data for the purposes stated above. You may withdraw this consent at any time (see Your Rights below). Upon withdrawal, we will stop processing your data within 72 hours and delete it within 30 days unless retention is required by law.
5. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights:
- Right to Access — a summary of the personal data we hold about you, how it is being processed, and the identities of any Data Processors with whom it has been shared.
- Right to Correction — to correct or update any inaccurate personal data.
- Right to Erasure — to request that we delete your personal data; we comply within 30 days unless legally required to retain it.
- Right to Withdraw Consent — at any time, by emailing us or clicking “unsubscribe” in any email.
- Right to Grievance Redressal — to raise any concern about your personal data with us.
- Right to Nominate — to nominate another person to exercise your data rights on your behalf, as provided under the Act.
Grievance Officer. To exercise any of these rights, or to raise a concern, contact our Grievance Officer at hello@vcisodesk.com with the subject line “Data Rights Request.” We acknowledge your request within 48 hours and act on it within 30 days. If you are not satisfied with our response, you may then complain to the Data Protection Board of India through its official complaint portal.
6. Cookie Notice
Our website uses cookies and similar technologies to improve your browsing experience.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Strictly Necessary | Required for basic website functionality (session management, security) | Session |
| Analytics (Google Analytics 4) | Pseudonymised usage data to help us understand traffic patterns and improve content | Up to 14 months |
We do not serve third-party advertising and do not use advertising or marketing cookies. If this ever changes, we will update this policy and our cookie notice before doing so.
Managing your cookies: You can control or disable cookies through your browser settings at any time. Disabling essential cookies may affect site functionality. Disabling analytics cookies will not affect your experience.
7. Data Security
We implement reasonable security safeguards as required under the DPDP Act to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- HTTPS encryption on all pages
- Hostinger server-level security (Mumbai data centre)
- Limited access to personal data (restricted to authorised team members only)
- Regular review of data handling practices
8. Cross-Border Transfers
Some of the service providers who help us run this site process data outside India — currently Google (Google Analytics, for pseudonymised usage measurement; United States). Our website and its data are hosted with Hostinger in a Mumbai (India) data centre. If our email programme later uses a provider that processes subscriber data outside India, we will name it here before that begins. These transfers rely on the mechanisms permitted under Section 16 of the DPDP Act and the DPDP Rules, 2025. As of the date of this policy, the Central Government has not restricted transfers to these jurisdictions, and we remain responsible for protecting your data wherever it is processed.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected:
- Email subscribers: Until you unsubscribe or request deletion.
- Contact form submissions: For up to 12 months after your last interaction, then deleted.
- Analytics data: Retained in pseudonymised form by Google Analytics per their data-retention settings (up to 14 months).
10. Data Breach Notification
In the unlikely event of a personal data breach, we will (a) notify the Data Protection Board of India without delay and provide a detailed report within 72 hours covering the nature of the breach, the data affected, and the remedial steps taken; and (b) notify affected Data Principals without delay, in plain language, telling you what data was involved, what you can do to protect yourself, and how to contact us with any questions.
11. Children’s Data
Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children, and we do not undertake behavioural monitoring of, or direct advertising at, children. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices. Any updates will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically.
13. Contact Us for Privacy Questions
If you have any questions about this Privacy Policy, your data rights under the DPDP Act, or how we handle your information, contact us at:
Email: hello@vcisodesk.com
Subject Line: Privacy Enquiry
LinkedIn: vCISOdesk
We aim to respond to all privacy-related enquiries within 48 hours.
This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, as applicable to vCISOdesk’s operations.