Last Updated: 23 April 2026 · This page applies to EU/EEA and UK users · Contact: reachpavan02@gmail.com
1. Our Commitment to GDPR
Wisherly is committed to compliance with the General Data Protection Regulation (GDPR) — EU Regulation 2016/679 — and the UK GDPR (as retained in domestic law by the European Union (Withdrawal) Act 2018) for all users in the European Economic Area (EEA) and United Kingdom.
This page explains how we comply with GDPR obligations, your rights as an EU/UK data subject, and how to exercise them.
2. Data Controller
The data controller responsible for your personal data is:
Sanjee Gopinath Pavan Kumar (also referred to as "SG Pavan Kumar"), Proprietor
Trading as: Wisherly - Supar Digital Moments
2nd Floor #35, 2nd Main 2nd Cross 2nd Stage, Pipe Line Road Vijayanagar
Bengaluru, Karnataka 560040, India
Email: reachpavan02@gmail.com
As a non-EU entity processing EU personal data, we are subject to GDPR obligations under Article 3(2), which applies to businesses outside the EU that offer goods or services to EU residents or monitor their behaviour.
3. Legal Bases for Processing
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Article 6(1)(b) — Performance of contract |
| Delivering Wisherly pages and services | Article 6(1)(b) — Performance of contract |
| Processing payments | Article 6(1)(b) — Performance of contract |
| Analytics and platform improvement | Article 6(1)(f) — Legitimate interests |
| Security and fraud prevention | Article 6(1)(f) — Legitimate interests |
| Marketing communications | Article 6(1)(a) — Consent |
| Non-essential cookies | Article 6(1)(a) — Consent |
| Compliance with legal obligations (tax, accounting) | Article 6(1)(c) — Legal obligation |
Special Category Data: We do not intentionally collect special category data (Article 9). If such data appears in user-generated content, we process it solely on the basis of your explicit consent by virtue of uploading it.
4. Data Minimisation
We collect only the personal data necessary for the purposes described in our Privacy Policy. We do not collect data speculatively or for undefined future use.
5. Your GDPR Rights
5.1 Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and to receive a copy, along with supplementary information about how it is processed.
Email reachpavan02@gmail.com — Subject: "GDPR — Access Request"
5.2 Right to Rectification (Article 16)
You have the right to have inaccurate data corrected and incomplete data completed. You can update your information via your account settings or by contacting us.
5.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data where it is no longer necessary, you withdraw consent, or you object and there are no overriding legitimate grounds. We will fulfil requests within 30 days unless we have a legal obligation to retain the data (for example, tax/invoice records retained for 8 years under Indian tax law).
Email reachpavan02@gmail.com — Subject: "GDPR — Erasure Request"
5.4 Right to Restriction of Processing (Article 18)
You have the right to request that we restrict processing of your data in certain circumstances — for example, while you contest its accuracy.
5.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, machine-readable format (e.g. JSON or CSV) and to transmit it to another controller.
Email reachpavan02@gmail.com — Subject: "GDPR — Portability Request"
5.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests, including profiling. You have an absolute right to object to direct marketing at any time.
5.7 Rights Related to Automated Decision-Making (Article 22)
We do not currently make automated decisions with legal or significant effects on individuals. If we introduce such processing, we will update this page and seek appropriate consent.
5.8 Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
6. Response Timeframes
We will respond to all GDPR rights requests within 30 days. In complex cases we may extend by a further 60 days, in which case we will notify you within the initial 30-day window. We will not charge a fee unless requests are manifestly unfounded or excessive.
7. International Data Transfers
Your data is primarily stored in India. Some of our sub-processors are located outside the EU/UK:
| Provider | Location | Transfer Mechanism |
|---|---|---|
| Google Firebase (data store, auth) | India (asia-south1) / United States | Standard Contractual Clauses (SCCs) |
| Vercel (frontend hosting) | United States / global CDN | Standard Contractual Clauses (SCCs) |
| Razorpay (payments) | India | Processing within India |
All international transfers are subject to appropriate safeguards under GDPR Chapter V, specifically Standard Contractual Clauses as approved by the European Commission.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Transaction and invoice records | 8 years (Indian tax law) |
| Support communications | 2 years |
| Analytics data | 26 months |
| Consent records | Duration of account + 5 years |
9. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (Article 33) and notify affected data subjects without undue delay if the breach is likely to result in a high risk (Article 34).
10. Children's Data
For EU/UK users:
- Users aged 16 and above may consent independently (some EU member states set a lower age of 13-15).
- Users below the applicable age require verifiable parental consent.
- We do not knowingly process data of children under 13.
If you believe we have inadvertently collected data from a child without consent, contact us immediately at reachpavan02@gmail.com.
11. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority.
- EU users: EDPB Member Authorities
- UK users: Information Commissioner's Office (ICO)
12. Contact
SG Pavan Kumar (Proprietor)
Trading as: Wisherly - Supar Digital Moments
2nd Floor #35, 2nd Main 2nd Cross 2nd Stage, Pipe Line Road Vijayanagar
Bengaluru, Karnataka 560040, India
Email: reachpavan02@gmail.com
Subject line: "GDPR Enquiry — [Your Name]"
We aim to respond to all GDPR communications within 30 days.
This GDPR Compliance Statement reflects our obligations under EU Regulation 2016/679 and the UK GDPR as retained in domestic law by the European Union (Withdrawal) Act 2018.