DILJIT DOSANJH

Privacy Policy

Last Updated: 25 June 2026

Controller: Famous Studios Inc.

Scope: diljitdosanjh.com, its checkout and stores, and related communications

This Privacy Policy explains how Famous Studios Inc. (the "Company", "we", "us", or "our") collects, uses, shares, and protects personal information when you visit diljitdosanjh.com (the "Site"), make a purchase, create an account, sign up for communications, or otherwise interact with us. We are committed to handling your information responsibly and in line with applicable data-protection laws, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR and Data Protection Act 2018 ("UK GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), Canada's PIPEDA, and comparable laws elsewhere.

Please read this Policy together with our Cookie Policy and Terms of Service.

2.1 Definitions

Personal information (or "personal data") means any information that identifies, relates to, or can reasonably be linked to an identified or identifiable individual.

Processing means any operation performed on personal information, such as collection, storage, use, disclosure, or deletion.

Controller means the party that determines the purposes and means of processing. For most activities described here, the Company is the controller.

Processor (or "service provider") means a party that processes personal information on our behalf and under our instructions.

You means any visitor, customer, account holder, or subscriber whose personal information we process.

2.2 Who Is Responsible for Your Information

The Company is the controller of personal information processed through the Site. Our contact details, including those of our privacy team, are set out in Section 2.18 and in the Legal Notice.

For visitors in the European Union and the United Kingdom, we will appoint and identify an EU/UK representative where one is required under Article 27 GDPR / UK GDPR; that representative's details will be published here once designated.

2.3 Information We Collect

We collect information in three ways: information you give us, information we collect automatically, and information we receive from third parties.

Personal information you provide

  • Identity and contact data — name, email address, postal and billing addresses, and telephone number.
  • Account data — username, password (stored in hashed form), preferences, and order history, where you create a customer account or join a membership or VIP fan club.
  • Communications — messages you send through contact forms, customer-support requests, surveys, competitions, and your contact preferences.
  • User submissions — content you choose to submit, such as reviews, fan content, or social tags, subject to the Terms of Service and Fan Content Policy.

Purchase information

  • Order data — products purchased, order value, currency, discount and gift-card codes, and transaction history.
  • Payment data — payments are processed by our payment providers (see Section 2.8). We do not store full card numbers; we receive limited details such as the card type, the last four digits, an authorisation result, and the billing address needed to complete and protect the transaction.
  • Delivery data — shipping address, delivery instructions, and tracking information shared with carriers.

Technical information

  • Device and connection data — IP address, browser type and version, operating system, device identifiers, language, and referring URLs.
  • Usage data — pages viewed, items added to cart, search terms, clicks, session duration, and similar interaction data.
  • Cookies and similar technologies — see Section 2.6 and the Cookie Policy.

Marketing data

  • Preferences and consent — your email and SMS subscription status, the consent you have given or withdrawn, and your engagement with our messages (such as opens and clicks).
  • Audience and advertising data — where you consent, identifiers used to measure and (in future) deliver advertising through platforms such as Google and Meta.

Information from third parties

We may receive information from our hosting and e-commerce platform (Shopify), analytics providers, payment and fraud-prevention partners, shipping carriers, social media platforms you interact with, and advertising partners, consistent with their terms and your choices.

2.4 How We Use Your Information

We use personal information to:

  • operate the Site and provide its features;
  • process, fulfil, and deliver your orders, including preorders, digital downloads, gift cards, and (in future) tickets;
  • create and manage accounts, memberships, and the VIP fan club;
  • take payments and prevent, detect, and investigate fraud and other prohibited activity;
  • provide customer support and respond to your enquiries;
  • send transactional messages (such as order confirmations and shipping updates);
  • send marketing communications where permitted, and personalise content and offers;
  • measure and improve the performance, security, and usability of the Site;
  • understand our audience through analytics; and
  • comply with legal obligations and enforce our terms.

2.5 Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to process and deliver your orders, manage your account, and provide customer support.
  • Consent — for non-essential cookies, marketing emails and SMS, and certain analytics and advertising. You may withdraw consent at any time without affecting prior processing.
  • Legitimate interests — to secure and improve the Site, prevent fraud, understand our audience, and conduct direct marketing to existing customers where permitted, balanced against your rights.
  • Legal obligation — to meet tax, accounting, consumer-protection, and other legal requirements.

Where we rely on legitimate interests, you may ask us for more information about our balancing assessment using the contact details in Section 2.18.

2.6 Cookies and Analytics

The Site uses cookies and similar technologies, including:

  • Shopify — to operate the store, maintain your cart and session, and secure checkout.
  • Google Analytics 4 (GA4) — to understand how visitors use the Site.
  • Google Tag Manager — to manage the tags that load analytics and (where you consent) advertising technologies.

Where required by law, analytics and advertising technologies load only after you give consent, and we use Google Consent Mode v2 to respect your choices. We may in future add Google Ads, Meta Pixel, and TikTok Pixel; these will operate on a consent basis where required. Full details, categories, and your controls are set out in the Cookie Policy.

2.7 How We Share Information

We do not sell your personal information for money. We share personal information only as described here:

  • Service providers and processors — who perform services for us under contract (Section 2.8).
  • Payment and fraud partners — to take payment and protect against fraud and chargebacks.
  • Shipping and logistics partners — to deliver your orders and handle customs.
  • Advertising and analytics partners — where you consent, to measure and (in future) deliver advertising. Some advertising cookie activity may be treated as a "sale" or "sharing" under CCPA/CPRA; see Section 2.13 for how to opt out.
  • The Artist's representatives and official partners — record labels, publishers, promoters, and tour partners, where necessary for the relevant activity (for example, a ticketed event), under appropriate confidentiality and data-protection terms.
  • Professional advisers, regulators, and authorities — where required by law (Section 2.17).
  • Acquirers — in the context of a business transfer (Section 2.16).

2.8 Service Providers and Processors

We engage carefully selected providers to deliver the Site and our services. Each is bound by contract to process personal information only on our instructions and to keep it secure. A current list, including the categories above (e-commerce platform, analytics, tag management, email and SMS providers, payment providers, shipping providers, hosting, and customer support), is maintained in Appendix A — Third-Party Processors.

2.9 International Data Transfers

We are based in the United States, and our providers may process personal information in the United States and other countries. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognised as providing an adequate level of protection, we put in place an appropriate safeguard, which is normally the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where relevant), supplemented by additional technical and organisational measures as appropriate. You may request a copy of the relevant safeguard using the contact details in Section 2.18.

2.10 Data Retention

We keep personal information only for as long as necessary for the purposes described in this Policy, after which we delete it or irreversibly anonymise it. In general:

  • Order and transaction records are kept for the period required by tax, accounting, and consumer-protection law (commonly up to seven years).
  • Account data is kept while your account is active and for a reasonable period afterwards.
  • Marketing data is kept until you unsubscribe or withdraw consent, and for a short suppression period thereafter so we can honour your choice.
  • Analytics data is kept for the retention period configured in our analytics tools.
  • Support communications are kept for as long as needed to resolve your matter and for our records.

2.11 Security

We maintain technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, and alteration. These include encryption in transit, access controls, the use of reputable processors, and payment handling through PCI-DSS-compliant providers. No method of transmission or storage is completely secure, but we work to protect your information and to notify you and the relevant authorities of a personal-data breach where the law requires.

2.12 Children's Privacy

The Site is intended for a general audience and is not directed to children. We do not knowingly collect personal information from children under the age of 13 (or under the higher age of digital consent that applies in your country, such as 16 in parts of the EU). If you believe a child has provided us with personal information, please contact us at support@diljitdosanjh.com and we will take appropriate steps to delete it.

2.13 Your Rights

Depending on where you live, you may have some or all of the following rights. We will not discriminate against you for exercising them.

GDPR and UK GDPR rights (EU / UK / EEA)

  • Access a copy of your personal data.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Portability of data you provided, in a structured, machine-readable format.
  • Objection to processing based on legitimate interests, and to direct marketing at any time.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (for example, the Irish Data Protection Commission in the EU, or the UK Information Commissioner's Office).

California rights (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose, and share.
  • Right to access and to receive a copy of your personal information.
  • Right to delete personal information, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the "sale" or "sharing" of personal information and of targeted advertising. You can exercise this through our cookie controls and by honouring the Global Privacy Control (GPC) signal.
  • Right to limit the use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.

We do not knowingly sell or share the personal information of consumers under 16 without opt-in consent.

Rights in other regions

Customers in Canada, Australia, New Zealand, India, the Middle East, and elsewhere have the rights granted by their local laws, which commonly include access, correction, and the ability to complain to a regulator. We honour those mandatory rights and will not ask you to waive them.

2.14 Marketing Communications

We send marketing communications only where permitted by law and your choices.

  • Newsletter and email marketing — we send promotional emails where you have subscribed or where otherwise permitted. Every marketing email contains an unsubscribe link, and you can opt out at any time. See the Newsletter Terms.
  • SMS marketing — where launched, SMS marketing is sent only to subscribers who provide express consent, with clear opt-out instructions (for example, replying STOP). See the SMS Terms.
  • Contact forms and surveys — we use the information you provide to respond to you and improve our services.
  • Orders — we always send service messages relating to your purchases (such as confirmations and shipping updates); these are not marketing and continue regardless of your marketing choices.
  • Fraud prevention — we may use your information to detect and prevent fraudulent or abusive activity.

2.15 Automated Decision-Making

We may use automated tools, including those provided by Shopify and our payment and fraud partners, to screen orders for fraud risk. These tools may flag or decline transactions. We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a lawful basis and, where required, human review. You may contact us to request review of a decision that affected an order.

2.16 Business Transfers

If the Company is involved in a merger, acquisition, financing, reorganisation, sale of assets, or insolvency, personal information may be transferred as part of that transaction. We will require any acquirer to honour this Policy or provide notice of any material change, and to protect personal information consistent with applicable law.

2.17 Legal Requests and Compliance

We may disclose personal information where we believe in good faith that it is necessary to comply with a law, regulation, legal process, or enforceable governmental request; to enforce our Terms of Service and other policies; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of the Company, the Artist, our users, or the public.

2.18 How to Exercise Your Rights and Contact Us

To exercise any right, or to ask a question about this Policy, contact our privacy team:

Email: support@diljitdosanjh.com

Post: Famous Studios Inc., 376 Drummond Drive, Hayward, CA 94542, Attn: Privacy

We will verify your identity before acting on a request and will respond within the time required by applicable law (generally one month under GDPR/UK GDPR and 45 days under CCPA/CPRA, each extendable where permitted). You may use an authorised agent where the law allows, and we may ask the agent for proof of authority.

2.19 Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, provide additional notice. Your continued use of the Site after an update takes effect means you have read the updated Policy. Previous versions are tracked in Appendix C — Revision History.