Effective date: 28 April 2026·Last updated: 28 April 2026
Riwayat E Kalamkar (“Riwayat,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit riwayatekalamkar.com(the “Site”) or otherwise interact with us in a business capacity.
1. Who We Are
Riwayat E Kalamkar is a family-owned manufacturer of pashmina, cashmere, and silk-cashmere textiles, founded in 1991 and headquartered in Noida, Uttar Pradesh, India. We supply finished and bespoke products to luxury houses, retailers, and distributors across approximately 35 countries.
For the purposes of the EU General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection Act, 2023 (DPDP Act), Riwayat E Kalamkar acts as the data controller for personal information processed via this Site.
2. Scope of This Policy
This Policy applies to information we collect through the Site, including via our contact form, attachments you upload, and standard server logs. It does not apply to third-party websites that may be linked from the Site, nor to information you provide to us through other channels (for example, in-person meetings, trade fairs, or contractual negotiations) except where we say so expressly.
3. Information We Collect
3.1 Information you provide. When you submit our contact form, we collect the information you choose to share with us, which may include:
Your name
Your business email address
Telephone number (in international E.164 format)
Company name and country
Company website URL
The category and contents of your inquiry
Any attachment you choose to upload (PDF, JPG, or PNG, up to 5 MB) such as a brief, mood board, or request for quotation
3.2 Information collected automatically. When you visit the Site, our infrastructure providers automatically collect limited technical information for security, fraud prevention, and operational reliability. This may include your IP address, approximate geographic location derived from that IP, browser type and version, operating system, referring URL, and the date and time of access.
3.3 Information from anti-bot challenges. Our contact form is protected by Cloudflare Turnstile, which performs a passive challenge to confirm you are a human visitor. Turnstile may read certain device and browser signals (for example, hardware concurrency, time zone, and behavioural telemetry) to issue a verification token. Turnstile does not require a cookie to function in our configuration.
4. How We Use Your Information
We use the information we collect to:
Respond to your inquiry and follow up on potential business arrangements
Send you a transactional acknowledgement that we have received your message, including a reference number for your records
Triage and route inquiries to the appropriate member of our team (for example, wholesale, custom design, or sample requests)
Maintain the security, integrity, and availability of the Site, including detecting and preventing spam, abuse, and unauthorised access
Comply with applicable legal, regulatory, accounting, or reporting obligations
Establish, exercise, or defend legal claims
We do not use your information for behavioural advertising, and we do not sell your personal information.
5. Legal Bases for Processing
Where the GDPR applies, we rely on the following legal bases under Article 6 of the GDPR:
Performance of a contract or pre-contractual steps — to respond to your inquiry and progress potential supply arrangements at your request
Legitimate interests — to operate, secure, and improve the Site, to maintain records, and to prevent abuse, where these interests are not overridden by your rights
Legal obligation — where processing is necessary to comply with a legal duty to which we are subject
Consent — where you have explicitly opted in to a particular processing activity, which you may withdraw at any time
Where the DPDP Act applies, we process your personal data on the basis of your consent (given by submitting the contact form) and for the legitimate uses permitted under the Act.
6. How We Share Your Information
We share personal information only with the parties below, and only to the extent reasonably necessary:
Our staff, on a strictly need-to-know basis, to handle your inquiry
Service providers who process information on our behalf under written agreements (see Section 7)
Professional advisers such as lawyers, accountants, auditors, or insurers, where reasonably required
Public authorities or courts, where disclosure is required by law, regulation, or valid legal process
Successors in interest, in the event of a merger, acquisition, reorganisation, or sale of all or a substantial part of our business
7. Third-Party Service Providers
We rely on the following third-party processors to operate the Site. Each provider is bound by its own privacy and security commitments, which we encourage you to review.
Cloudflare, Inc. — website hosting (Cloudflare Pages), serverless compute (Pages Functions), and bot mitigation (Turnstile). Cloudflare may process your IP address and request metadata.
Resend, Inc. — transactional email delivery for our acknowledgement and internal notification messages, which include the personal information you submit.
ntfy.sh — lightweight push-notification service used to alert our team that a new inquiry has arrived. The notification contains a brief summary (your name, country, inquiry category, and reference ID) but not the full message body.
Google Fonts (Google LLC) — serves the typefaces used on the Site. Google may receive your IP address and basic request headers as part of standard font delivery.
8. International Data Transfers
Riwayat E Kalamkar is established in India. Our service providers operate global infrastructure that may store or process personal information in the European Union, the United Kingdom, the United States, and other jurisdictions.
Where personal information of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to a country that has not been granted an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms offered by our processors.
9. Data Retention
We retain personal information for as long as is necessary to fulfil the purposes described in this Policy, including:
Inquiry correspondence — retained for up to 36 months from last contact, after which it is deleted or anonymised, unless a longer period is required for an active commercial relationship or to comply with law
Attachments — retained alongside the related inquiry and deleted on the same schedule
Server and security logs — typically retained by our hosting and security providers for short rolling windows in accordance with their own policies
Where we have a legitimate need to retain information for longer (for example, to defend a legal claim or comply with a record-keeping obligation), we will keep only what is strictly necessary and protect it appropriately.
10. Your Rights
Depending on your country of residence, you may have the following rights in relation to your personal information:
Access — to obtain a copy of the personal information we hold about you
Correction — to ask us to correct information that is inaccurate or incomplete
Erasure — to ask us to delete your personal information, subject to limited exceptions
Restriction — to ask us to limit how we use your information in certain circumstances
Portability — to receive a structured, commonly used, machine-readable copy of information you provided to us
Objection — to object to processing carried out on the basis of legitimate interests
Withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Nomination (DPDP Act) — to nominate another individual to exercise your rights in the event of your death or incapacity
Complaint — to lodge a complaint with the Data Protection Board of India or, if you are in the EEA or UK, with your local supervisory authority
To exercise any of these rights, please contact us using the details in Section 15. We may need to verify your identity before acting on your request and will respond within the timeframes required by applicable law.
11. Cookies & Similar Technologies
The Site does not use first-party advertising or analytics cookies. Limited cookies or similar technologies may be set by our infrastructure providers for essential purposes, including security, load-balancing, and bot mitigation. These are strictly necessary for the Site to function and are not used to track you across other websites.
You can control cookies through your browser settings. Disabling all cookies may affect certain functions of the Site, including the contact form.
12. Security
We implement appropriate technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit (HTTPS), input validation and length limits on the contact form, captcha-based bot mitigation, an attachment type and size allowlist, and access controls on internal correspondence.
No method of transmission over the internet or electronic storage is, however, completely secure. We cannot guarantee absolute security, and any transmission of information is at your own risk.
13. Children's Data
The Site is intended for business users and is not directed at children. We do not knowingly collect personal information from individuals under the age of 18. If you believe a child has provided us with personal information, please contact us and we will take prompt steps to delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or applicable law. The “Last updated” date at the top of this page indicates when the Policy was most recently revised. Material changes will be highlighted on the Site and, where required by law, brought to your attention.
15. Contact Us
For any questions, requests, or concerns about this Privacy Policy or our handling of your personal information, please contact us:
If you are located in the European Economic Area, the United Kingdom, or India, and you remain unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority or the Data Protection Board of India.
This Privacy Policy was last updated on 28 April 2026 and is provided in English for international consistency. In the event of a translation, the English version shall prevail.
