HomeAboutServicesExpertiseBlog
ProjectsRashik, baZar & moreReviewsClient testimonialsORRObserver Readiness RatingResearchPre-prints & publications
Book SessionContact

Privacy Policy

Last Updated: February 8, 2026
Version 2.0 — This policy complies with GDPR (EU), CCPA (California), ePrivacy Directive, and Bangladesh Digital Security Act 2018.

1. Introduction

Welcome to jarifurrahim.one, the official personal portfolio website of G.K.M. Jarif Ur Rahim (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the ePrivacy Directive (2002/58/EC), and the Bangladesh Digital Security Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

G.K.M. Jarif Ur Rahim

Founder & Lead Consultant, Rashik — The Awakening

Email: [email protected]

Phone: +880 1973 843752

Location: Bangladesh

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Processing ActivityLegal Basis
Essential website functionalityLegitimate interest (Art. 6(1)(f))
Analytics & statisticsExplicit consent (Art. 6(1)(a))
Contact form submissionsConsent & contract performance (Art. 6(1)(a), (b))
Appointment bookingContract performance (Art. 6(1)(b))
Email notificationsConsent (Art. 6(1)(a))

4. Information We Collect

4.1 Information You Provide Voluntarily

We collect personal information that you voluntarily provide when:

  • Booking a consultation appointment (name, email, phone number, service type)
  • Submitting a contact form inquiry (name, email, message)
  • Interacting with our blog content (comments, if applicable)

4.2 Information Collected Automatically (With Consent)

Only after you give explicit consent through our cookie banner, we collect anonymous, aggregated analytics data including: pages visited, referrer URL, browser type, device type, and approximate country. This data is collected through Umami Analytics, a privacy-focused, open-source tool that does not use tracking cookies anddoes not collect personally identifiable information.

5. Cookies & Tracking Technologies

In compliance with the ePrivacy Directive and GDPR, we categorize our cookies as follows. Non-essential cookies are never loaded until you give explicit, informed consent through our cookie banner.

5.1 Essential Cookies (Always Active)

NamePurposeDurationType
session_tokenUser authentication sessionSession / 7 daysHTTP Cookie (httpOnly, Secure)
themeRemember dark/light theme preferencePersistentlocalStorage
jarifurrahim-cookie-consentStore your cookie consent choicePersistentlocalStorage

5.2 Analytics (Requires Your Consent)

NamePurposeProviderData Collected
Umami AnalyticsAnonymous website usage statisticsUmami (privacy-focused, open-source)Page views, referrers, browser, device, country (all anonymized, no PII)

Important: We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers. Our analytics solution (Umami) is privacy-focused and does not create user profiles or share data with third parties.

6. How We Use Your Information

We use the collected information for the following purposes:

  • To process and manage your consultation bookings
  • To respond to your inquiries and provide support
  • To send appointment confirmations and reminders (via email)
  • To improve our website and services (using anonymized analytics, with consent)
  • To comply with legal obligations

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Data TypeRetention Period
Contact form submissions12 months after last interaction
Appointment records24 months after appointment date
Analytics dataAggregated, anonymized (no personal data retained)
Cookie consent recordsUntil consent is withdrawn or policy version changes

8. Data Protection & Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our website uses SSL/TLS encryption for all data transmissions. Authentication tokens are stored as httpOnly, Secure cookies to prevent XSS attacks. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, privacy, safety, or property
  • With service providers who assist in operating our website (under strict confidentiality agreements and data processing agreements)

10. International Data Transfers

Our website is hosted on infrastructure that may process data in regions outside your country of residence. When data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses (SCCs) where applicable, to protect your data in accordance with GDPR requirements. Analytics data processed by Umami is anonymized and does not constitute personal data transfer.

11. Your Rights

Under GDPR (EU/EEA Residents)

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your personal data
  • Right to Restrict Processing (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Request transfer of your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interest
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing

Under CCPA (California Residents)

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).

12. Manage Your Cookie Consent

You have the right to withdraw your cookie consent at any time. This is as easy as giving consent in the first place, as required by GDPR Article 7(3).

Your Current Consent Status:

No consent recorded yet. The cookie banner will appear on your next page visit.

13. Third-Party Links

Our website may contain links to third-party websites (such as social media platforms, Rashik.org, or baZar.rashik.org). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Children's Privacy

Our website is not intended for children under 13 years of age (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. When we make material changes to cookie usage, we will update the consent version, which will automatically re-prompt all users to review and re-consent to the updated policy.

16. Contact Information

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us:

G.K.M. Jarif Ur Rahim

Data Controller & Website Owner

Email: [email protected]

Phone: +880 1973 843752

WhatsApp: +880 1973 843752

Location: Bangladesh

17. Regulatory Compliance

This website operates in compliance with:

  • GDPR (Regulation (EU) 2016/679) — For EU/EEA visitors
  • ePrivacy Directive (2002/58/EC, amended 2009) — Cookie consent requirements
  • CCPA (California Civil Code §1798.100-199) — For California residents
  • Bangladesh Digital Security Act 2018 — Local compliance
  • Bangladesh ICT Act 2006 (as amended) — Digital security standards

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your local authority at edpb.europa.eu.