Data Deletion Policy

At BanglaDock, we respect your privacy and your right to control your personal data. This Data Deletion Policy explains how you can request the deletion of your personal information from our systems, in compliance with international privacy laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We believe in transparency and giving you control over your data. This policy outlines your rights, the types of data we collect, how to request deletion, and what happens after your request is processed.

This Data Deletion Policy applies to all users of BanglaDock, including:

• Registered users with accounts on our platform
• Customers who have purchased products or services
• Users who have contacted our support team
• Visitors to our website
• Newsletter subscribers

This policy covers personal data collected through our website, during transactions, and through communications with our team. It does not cover data processed by third-party services that we do not control.

Our data deletion practices are based on the following legal frameworks:

Before requesting data deletion, it's helpful to understand what personal data we typically store. The following table outlines the categories of data we collect and their retention periods:

Note: Some data may be retained longer due to legal obligations (see Exceptions section).

We classify the data we collect into the following categories:

• Identity Data: First name, last name, username, profile picture
• Contact Data: Email address, phone number, billing address
• Financial Data: Payment card details (tokenized), transaction history, invoices
• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, products viewed, download history, search queries
• Marketing Data: Newsletter preferences, email open rates, click-through rates
• Communication Data: Support tickets, emails, chat transcripts

You can request deletion of your personal data through the following methods:

You can use the following template when submitting a data deletion request via email:

To protect your privacy and prevent unauthorized deletion requests, we must verify your identity before processing any data deletion request. We may ask for:

• Email verification: We'll send a confirmation email to the address associated with your account. You must click the verification link.
• Order information: Recent order numbers or purchase dates from your account.
• Payment details: Last 4 digits of payment method or billing address.
• Government ID: In rare cases where identity cannot be verified through other means (we will inform you before requesting this).
• Phone verification: SMS code sent to your registered phone number (if applicable).

Once we receive and verify your deletion request, here's the timeline you can expect:

GDPR Requirement: Under GDPR, we must respond to deletion requests within 30 days (extendable by 60 days for complex requests). We always meet or exceed this requirement.

When you request data deletion, we follow this comprehensive process:

1. Request Logging: Your request is logged in our privacy system with a unique tracking ID.
2. Identity Verification: We verify your identity through the methods described above.
3. Account Identification: We locate all data associated with your account across our systems.
4. Data Mapping: We identify where your data resides (main database, backups, logs, third-party services).
5. Deletion from Active Systems: We remove your personal data from all active production databases.
6. Anonymization: Where complete deletion isn't possible, we anonymize the data.
7. Third-Party Notification: We notify third-party service providers to delete your data (where contractually required).
8. Backup Deletion: We ensure data is removed from backup systems within the backup retention period.
9. Verification: We verify that deletion has been completed successfully.
10. Confirmation: We send you final confirmation with details of what was deleted.

Due to legal, regulatory, or legitimate business requirements, we may need to retain certain data even after you request deletion:

Under GDPR Article 17(3), the right to erasure does not apply to the extent that processing is necessary:

• For exercising the right of freedom of expression and information
• For compliance with a legal obligation (EU or Member State law)
• For the performance of a task carried out in the public interest
• For archiving purposes in the public interest, scientific or historical research, or statistical purposes
• For the establishment, exercise, or defense of legal claims

Once your data deletion request is fully processed:

• Account Access: You will no longer be able to log in to your BanglaDock account.
• Download Access: You will lose access to all purchased products and download history.
• Email Communications: You will be removed from all marketing email lists.
• Personal Data: Your personal information (name, email, etc.) will be deleted from active systems.
• Backups: Data may remain in our backup systems for up to 30 days before being overwritten.
• Anonymized Data: Some data may be retained in anonymized form for analytics.

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights under the GDPR:

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, or shared about you.
• Right to Delete: Request deletion of personal information collected from you.
• Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell data).
• Right to Non-Discrimination: No discrimination for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use: Limit use of sensitive personal information.

You have the right to request a copy of the personal data we hold about you. This includes:

• The categories of personal data we process
• The purposes of processing
• The categories of recipients with whom we share data
• The retention period or criteria used to determine retention
• Information about data sources (if not collected directly from you)

To make an access request, email privacy@bangladock.com with "Access Request" in the subject line. We will provide the information in a commonly used electronic format within 30 days.

You have the right to request correction of inaccurate or incomplete personal data. To request rectification:

1. Log in to your account and update your information directly in Account Settings, or
2. Email privacy@bangladock.com with "Rectification Request" and specify what information needs correction.

We will process rectification requests within 30 days and notify you once the correction is complete.

You have the right to request that we restrict processing of your personal data in certain circumstances, including:

• When you contest the accuracy of the data (until we verify accuracy)
• When processing is unlawful but you oppose deletion
• When we no longer need the data but you need it for legal claims
• When you have objected to processing (pending verification)

If processing is restricted, we may still store your data but not use it further.

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. This includes:

• Marketing: You can unsubscribe from marketing emails at any time using the link in emails.
• Legitimate Interests: You can object to processing based on our legitimate interests by emailing privacy@bangladock.com.
• Profiling: You can object to automated decision-making or profiling.

If you object, we will stop processing unless we have compelling legitimate grounds that override your interests.

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. This right applies to:

• Data you provided to us
• Data processed based on consent or contract
• Data processed by automated means

To request data portability, email privacy@bangladock.com with "Portability Request". We will provide your data in JSON or CSV format within 30 days.

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

We use various third-party service providers to help us operate our business. These providers process data on our behalf and are contractually obligated to comply with data protection laws. When you request data deletion, we will:

• Notify relevant third-party processors of your deletion request
• Require them to delete your data from their systems
• Verify compliance where contractually possible

Our current data processors include:

We implement strict security measures to ensure your data is securely deleted:

• Secure Deletion: Data is overwritten or securely erased using industry-standard methods.
• Access Controls: Only authorized personnel can initiate and verify deletion processes.
• Audit Trails: All deletion activities are logged and auditable.
• Verification: We verify successful deletion before confirming to you.
• Backup Rotation: Backups are rotated and old backups are securely deleted.

In the unlikely event of a data breach that affects your personal data:

• We will notify you within 72 hours of becoming aware of the breach (as required by GDPR).
• We will notify relevant supervisory authorities.
• We will provide information about the nature of the breach, likely consequences, and measures taken.
• We will advise you on steps you can take to protect yourself.

If you are not satisfied with our response to your data deletion request, you have the right to lodge a complaint with a supervisory authority:

• EU/EEA Residents: Your local Data Protection Authority (DPA)
• UK Residents: Information Commissioner's Office (ICO)
• Swiss Residents: Federal Data Protection and Information Commissioner (FDPIC)
• California Residents: California Attorney General

Before filing a complaint, please contact us at disputes@bangladock.com to attempt resolution. We will respond within 30 days.

For all data deletion requests and privacy-related inquiries, please contact our Data Protection Officer:

Response Time: We aim to respond to all privacy inquiries within 2-3 business days.

We may update this Data Deletion Policy from time to time to reflect changes in:

• Legal requirements or interpretations
• Our data processing practices
• New features or services
• User feedback

When we make material changes, we will update the "Effective Date" at the top of this page and may notify users via email or website notice. Your continued use of BanglaDock after changes constitutes acceptance of the updated policy.

BY USING BANGLADOCK, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS DATA DELETION POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. YOU FURTHER ACKNOWLEDGE THAT THIS POLICY WORKS IN CONJUNCTION WITH OUR PRIVACY POLICY AND TERMS OF SERVICE.

This Data Deletion Policy is effective as of January 1, 2025. Any changes to this policy will be posted on this page with an updated effective date. We encourage you to review this page periodically for any updates.