BookMySand - Book Sand Online | Quick Delivery in Telangana

General Data Protection Regulation (GDPR)

How BookMySand complies with the General Data Protection Regulation (GDPR) for EU users

Last Updated: January 10, 2025 | Version 1.0

BookMySand is committed to GDPR compliance for all EU users

1. Your Rights Under GDPR

As an EU user of BookMySand, you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access (Article 15)

You can request a copy of all personal data we hold about you, including order history, delivery addresses, and account information.

Right to Rectification (Article 16)

You can update or correct any inaccurate personal data through your account settings or by contacting us.

Right to Erasure (Article 17)

You can request deletion of your personal data. Go to Settings → Privacy → Delete My Account. We provide a 30-day grace period.

Right to Restriction (Article 18)

You can request that we limit how we process your data in certain circumstances.

Right to Portability (Article 20)

You can download your data in a structured, machine-readable format (JSON) for transfer to another service.

Right to Object (Article 21)

You can object to processing of your data for marketing purposes. You can manage this in Settings → Privacy → Manage Consents.

2. Data Protection Measures

BookMySand implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

Encryption: HTTPS/TLS for data in transit, bcrypt for password hashing
Access Controls: Role-based access control (RBAC), multi-factor authentication (OTP)
Security Monitoring: 24/7 security monitoring, automated threat detection
Regular Audits: Security audits and penetration testing
Data Minimization: We only collect data necessary for providing our sand ordering services
Secure Storage: Data stored in AWS Asia Pacific (India) with encryption at rest

3. Legal Basis for Processing (Article 6)

We process your personal data based on the following legal bases:

Contract Performance: To provide our sand ordering services (order processing, delivery coordination, payment processing)
Consent: For marketing communications (you can withdraw anytime)
Legitimate Interests: Security, fraud prevention, service improvement
Legal Obligation: Compliance with laws, tax regulations, court orders

4. Data Processing Agreement (DPA)

For business customers who process personal data using BookMySand services, we provide a comprehensive Data Processing Agreement (DPA) that outlines:

Our responsibilities as a data processor
Your rights as a data controller
Data security measures and breach notification procedures
Sub-processor agreements and safeguards
Data retention and deletion policies

To request a DPA, please contact: dpo@bookmysand.com

5. International Data Transfers

Data Storage Location: AWS Asia Pacific (India) - ap-south-1

If we transfer data outside the EU, we ensure:

Standard Contractual Clauses (SCCs) are in place
Adequate safeguards per GDPR Article 46
Compliance with EU data protection requirements

6. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Through Your Account: Access, update, or delete data via Settings → Privacy
Email Request: Contact our Data Protection Officer at dpo@bookmysand.com
Response Time: We will respond within 30 days (as required by GDPR Article 12)

Data Protection Officer (DPO)

Email: dpo@bookmysand.com

Response Time: 30 days (as per GDPR requirements)

7. Right to Lodge a Complaint

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority (supervisory authority).

Find your authority: EDPB Members