ElitePens Privacy Protection Commitment
Your privacy and data security are fundamental to our service excellence. This policy outlines how ElitePens collects, uses, and protects your personal information in accordance with Indian data protection laws.
Last Updated: October 2, 2025
How we protect your information
Legal Framework Compliance - ElitePens operates under strict adherence to Indian data protection laws, ensuring your information is protected with the same precision we apply to our handcrafted writing instruments.
We adhere to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. Our data handling practices meet international standards including GDPR principles for global customers.
Data Security Measures - We implement multi-layered security protocols including SSL encryption, secure servers located in India, and regular security audits, treating your data with the same care as our premium pen materials.
All personal information is protected through industry-standard encryption, secure servers located in India, and regular security audits. We implement multi-layered security protocols including SSL encryption, secure payment gateways, and restricted access controls.
Third-Party Data Sharing - ElitePens does not sell, rent, or trade your personal information to third parties, maintaining the same exclusivity and confidentiality we apply to our custom pen designs.
ElitePens does not sell, rent, or trade your personal information to third parties. We only share data with trusted service providers (payment processors, shipping partners) under strict confidentiality agreements and only for order fulfillment purposes.
Data Retention Policies
We retain customer data only as long as necessary for business operations and legal compliance. Order information is kept for 7 years as required by Indian tax laws, while marketing data is retained for 3 years or until you opt out.
What details we request during orders
Information We Collect
We collect personal information including your name, email address, phone number, shipping address, and payment details. For corporate clients, we may collect business information, tax identification numbers, and authorized representative details.
Collection Methods
Information is collected through our website forms, order processing systems, customer service interactions, and corporate account applications. We also collect usage data through cookies and analytics tools to improve our website performance.
Purpose of Data Usage
Your information is used to process orders, provide customer support, send order updates, and offer personalized services. We may use your data for marketing communications only with your explicit consent, which you can withdraw at any time.
Payment Information Security
Payment details are processed through PCI DSS compliant payment gateways. We do not store credit card information on our servers. All financial transactions are encrypted and processed securely through trusted payment partners.
Why we use your data & how long we keep it
Privacy Policy Updates
We regularly review and update our privacy practices to reflect changes in laws and business operations. Significant changes will be communicated through email notifications and website announcements at least 30 days before implementation.
Data Processing Transparency
We provide clear information about how your data is processed, including the legal basis for processing, data retention periods, and your rights regarding your personal information. All processing activities are documented and auditable.
Accountability Measures
ElitePens has appointed a Data Protection Officer to oversee compliance and handle privacy-related inquiries. We conduct regular privacy impact assessments and maintain comprehensive records of data processing activities.
Breach Notification Procedures
In the unlikely event of a data breach, we will notify affected customers within 72 hours and report to relevant authorities as required by law. We maintain incident response procedures to minimize impact and prevent future occurrences.
When we share information (and why)
Access and Portability Rights
You can request a copy of all personal data we hold about you, including order history, account information, and communication records. Data will be provided in a machine-readable format within 30 days of your request.
Data Correction and Updates
You have the right to correct inaccurate information and update your personal details at any time through your account settings or by contacting our customer support team. Changes will be reflected across all our systems within 48 hours.
Consent Withdrawal
You can withdraw consent for marketing communications, data processing, or any specific use of your information at any time. Withdrawal requests will be processed immediately, though some data may be retained for legal compliance purposes.
Data Deletion Rights
You can request complete deletion of your personal data, subject to legal retention requirements. We will remove your information from active systems within 30 days, though some data may be retained in secure archives for legal compliance.
Your choices: access, updates & deletion
Encryption and Security Protocols
All data transmission between your device and our servers is protected by industry-standard SSL/TLS encryption. We use AES-256 encryption for data at rest, ensuring your personal information remains secure even in the unlikely event of a data breach.
Access Controls and Authentication
Our systems implement multi-factor authentication and role-based access controls. Only authorized personnel with specific business needs can access customer data, and all access is logged and monitored for security compliance.
Regular Security Audits
We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities. Our security team works with independent cybersecurity experts to ensure our systems meet the highest security standards.
Incident Response Procedures
In the event of a security incident, we have comprehensive response procedures in place. Our incident response team is trained to quickly assess and contain any potential threats, with immediate notification to affected customers and relevant authorities.
International data handling
Cross-Border Data Transfers
When we need to transfer your data internationally, we ensure adequate protection through standard contractual clauses and other appropriate safeguards. All international transfers comply with Indian data protection laws and destination country requirements.
GDPR Compliance for EU Customers
For customers in the European Union, we comply with GDPR requirements including data subject rights, lawful basis for processing, and data protection impact assessments. EU customers have additional rights under GDPR that we fully respect.
Data Localization Requirements
We maintain data localization compliance as required by Indian law, ensuring that sensitive personal data is stored within India while maintaining the ability to provide our premium services to international customers.
Third-Party Service Providers
When we work with international service providers, we ensure they meet our security standards and comply with applicable data protection laws. All third-party agreements include strict data protection clauses and regular compliance monitoring.
Privacy Inquiries and Support
For privacy-related questions, data requests, or concerns about your personal information, our dedicated privacy team is available to assist you.