This Data Deletion Policy establishes the procedures and standards followed by Bibliophiles for deleting personal and operational data that is no longer required for business operations, legal compliance, or customer service.
The purpose of this policy is to:
Protect customer privacy and sensitive information.
Ensure responsible handling of personal data, including children's personalization data.
Comply with applicable data protection regulations such as Information Technology Act (India), Digital Personal Data Protection Act (DPDP) 2023, and international privacy standards where applicable.
Maintain transparency with customers regarding how their data is deleted.
2. Scope
This policy applies to:
Customer personal data
Children's personalization data (names, labels, customization inputs)
Order and transaction data
Account information
Marketing and communication data
Website analytics data
Third-party partner data processed by Bibliophiles
It applies to all:
Employees
Contractors
Vendors
Technology systems used by Bibliophiles.
3. Types of Data Covered
3.1 Personal Information
Includes but is not limited to:
Customer name
Email address
Phone number
Shipping address
Billing details
Account login credentials
3.2 Children's Personalization Data
Bibliophiles products involve personalization for children. This may include:
Childβs name used on labels or books
Custom text entered by parents
Personal messages
This category receives enhanced protection and deletion priority.
3.3 Transaction Data
Includes:
Order details
Payment confirmations
Product purchased
Order history
Refund records
3.4 Marketing Data
Includes:
Newsletter subscriptions
Campaign engagement
Promotional interactions
3.5 Technical and Analytics Data
Includes:
IP address
Device information
Browser data
Website usage analytics
4. Data Retention Periods
Bibliophiles retains data only for the duration necessary for operational, legal, and financial requirements.
Data Type
Retention Period
Customer Account Data
Until account deletion or 24 months of inactivity
Order and Transaction Data
7 years (for financial compliance)
Children Personalization Data
Deleted after order fulfillment unless retained by user account
Marketing Data
Until user unsubscribes or withdraws consent
Website Analytics Data
Up to 24 months
Customer Support Data
Up to 36 months
5. User-Initiated Data Deletion
Customers have the right to request deletion of their personal data.
5.1 Deletion Request Methods
Users may request deletion via:
Account dashboard
Email request to customer support
Privacy request form on the website
5.2 Identity Verification
Before processing a deletion request, Bibliophiles verifies the requester's identity through:
Registered email verification
Account authentication
Additional confirmation if required
6. Data Deletion Process
Once a deletion request is validated, Bibliophiles follows the process below:
Step 1: Request Logging
All deletion requests are recorded in the internal Data Privacy Request Log.
Step 2: Data Identification
The system identifies all associated data including:
Account details
Personalization entries
Order history
Support communications
Marketing data
Step 3: Data Removal
The following actions are taken:
Personal information removed from active databases
Personalization inputs deleted
Marketing data removed from mailing lists
User account permanently disabled or removed
Step 4: Backup Deletion
Where data exists in backup systems:
It is flagged for deletion
Removed in the next scheduled backup cycle
Step 5: Confirmation
The user receives confirmation once deletion is completed.
Typical completion timeline: 7β30 days.
7. Exceptions to Data Deletion
Certain data cannot be immediately deleted due to legal or operational requirements.
Examples include:
Financial records required for tax compliance
Fraud prevention records
Legal dispute records
Payment processor records retained by payment gateways
Such data is restricted and archived, not actively used.
8. Automated Data Deletion
Bibliophiles employs automated systems to ensure timely deletion of unnecessary data.
Examples:
Automatic deletion of abandoned account data after inactivity period
Removal of unused personalization data after order completion
Removal of unsubscribed marketing data
9. Third-Party Data Processors
Bibliophiles works with third-party service providers including:
Payment gateways
Shipping providers
Email marketing platforms
Analytics platforms
All partners are required to:
Follow secure data handling practices
Delete customer data when no longer required
Comply with applicable privacy laws.
10. Security Measures
Data deletion processes are secured through:
Role-based access control
Encryption of sensitive data
Audit logs for deletion activities
Restricted database permissions
Only authorized personnel can perform or approve deletion operations.
11. Internal Responsibilities
Data Protection Officer / Privacy Lead
Responsible for:
Overseeing deletion requests
Ensuring policy compliance
Reviewing deletion logs
Engineering / IT Team
Responsible for:
Implementing deletion mechanisms
Ensuring secure removal from databases
Maintaining audit logs
Customer Support Team
Responsible for:
Receiving user requests
Verifying identity
Escalating deletion requests
12. Audit and Monitoring
Bibliophiles periodically reviews:
Deletion logs
System compliance
Third-party data processing agreements
Internal audits ensure that data deletion procedures are functioning correctly.
13. Policy Updates
This policy may be updated periodically to reflect:
Changes in law or regulation
New technology infrastructure
Operational improvements
Updated versions will be published on the Bibliophiles website.
14. Contact for Data Deletion Requests
For questions or requests regarding data deletion:
