Effective Date: 4 April 2026
Last Updated: 4 April 2026
Entity: vCISOdesk (operating as vCISOdesk)
Website: vcisodesk.com
Governing Law: Digital Personal Data Protection Act, 2023 (India)
1. Introduction
vCISOdesk (“we,” “us,” or “our”) operates vcisodesk.com and the vCISOdesk content platform. We are committed to protecting your digital personal data in compliance with India’s Digital Personal Data Protection (DPDP) Act, 2023 and the DPDP Rules, 2025. This policy explains what data we collect, why we collect it, and what rights you have as a Data Principal.
2. Data We Collect
We act as a Data Fiduciary under the DPDP Act and collect only the minimum personal data necessary:
- Email address — when you subscribe to the vCISOdesk newsletter or fill out our contact form.
- Name — when you voluntarily provide it via the contact form or email.
- Website usage data — through Google Analytics 4, which collects anonymised, aggregated data such as pages viewed, session duration, device type, and approximate geographic region. This data does not personally identify you.
- Cookies and similar technologies — see the Cookie Notice section below.
We do not collect sensitive personal data such as financial information, government IDs, biometric data, health records, or passwords.
3. How We Use Your Data
We process your personal data only for the following specific, lawful purposes:
- Newsletter delivery — to send you the weekly vCISOdesk newsletter you subscribed to.
- Responding to enquiries — to reply to messages submitted via our contact form or email.
- Website improvement — to understand how visitors use our site so we can improve content and user experience (using anonymised analytics only).
We do not sell, rent, or share your personal data with any third party for marketing or commercial purposes. We do not use your data for automated decision-making or profiling.
4. Consent
By providing your email address through our subscription form or contacting us, you give free, specific, informed, and unambiguous consent for us to process your data for the purposes stated above. You may withdraw this consent at any time (see Your Rights below). Upon withdrawal, we will cease processing your data within 72 hours and delete it within 30 days unless retention is required by law.
5. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights:
- Right to Access — You can request a summary of the personal data we hold about you and how it is being processed.
- Right to Correction — You can ask us to correct or update any inaccurate personal data.
- Right to Erasure — You can request that we delete your personal data. We will comply within 30 days, unless we are legally required to retain it.
- Right to Withdraw Consent — You can withdraw your consent at any time by emailing us or clicking “unsubscribe” in any newsletter.
- Right to Grievance Redressal — If you are unsatisfied with our response, you may escalate your concern to the Data Protection Board of India.
- Right to Nominate — You may nominate another person to exercise your data rights on your behalf, as provided under the Act.
To exercise any of these rights, email us at hello@vcisodesk.com with the subject line: “Data Rights Request.” We will acknowledge your request within 48 hours and act on it within 30 days.
6. Cookie Notice
Our website uses cookies and similar technologies to improve your browsing experience.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Strictly Necessary | Required for basic website functionality (session management, security) | Session |
| Analytics (Google Analytics 4) | Anonymised usage data to help us understand traffic patterns and improve content | Up to 14 months |
We do not use advertising cookies, tracking cookies, or any third-party marketing cookies.
Managing your cookies: You can control or disable cookies through your browser settings at any time. Disabling essential cookies may affect site functionality. Disabling analytics cookies will not affect your experience.
7. Data Security
We implement reasonable security safeguards as required under the DPDP Act to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- HTTPS encryption on all pages
- Hostinger server-level security (Mumbai data centre)
- Limited access to personal data (restricted to authorised team members only)
- Regular review of data handling practices
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected:
- Newsletter subscribers: Until you unsubscribe or request deletion.
- Contact form submissions: For up to 12 months after your last interaction, then deleted.
- Analytics data: Retained in anonymised form by Google Analytics per their data retention settings (up to 14 months).
9. Data Breach Notification
In the unlikely event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as soon as we become aware of the breach, and provide a detailed report within 72 hours, including the nature of the breach, data affected, and remedial steps taken.
10. Children’s Data
Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices. Any updates will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically.
12. Contact Us for Privacy Questions
If you have any questions about this Privacy Policy, your data rights under the DPDP Act, or how we handle your information, contact us at:
Email: hello@vcisodesk.com
Subject Line: Privacy Enquiry
LinkedIn: vCISOdesk
We aim to respond to all privacy-related enquiries within 48 hours.
This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, as applicable to vCISOdesk’s operations.