Effective: [Insert Date]
Consumer Protection Act 2019
Ensures fair trade practices, clear return policies, and redressal mechanisms.
Action: Maintain a compliant grievance redressal process, transparent pricing, return/refund options, and terms.
GST Invoice Requirements (CGST/SGST/IGST)
Mandates proper invoicing for goods/services sold, indicating applicable tax components.
Action: Integrate GST-compliant invoicing via ERP/WordPress systems; include GSTIN on all invoices.
DPDPA 2023 (Digital Personal Data Protection Act)
India’s version of GDPR for digital data—consent-based data handling, breach reporting, etc.
Action: Update privacy policy, get consent before collecting data, appoint a Data Protection Officer (DPO) if needed.
RBI Approval for Rudraksha Exports
Export of religious items like rudraksha requires compliance with FEMA and RBI regulations.
Action: Work with a licensed exporter; file AD code with customs; check RBI circulars for updates.
Gemstone Certification (IGI/GII/Other)
Sales must include authenticated certification to prove authenticity and quality.
Action: Partner with certified gem testing labs (e.g., IGI, GII); issue certificates with every sale.
Data Processing Agreements (DPAs)
Required when using third-party processors (e.g., hosting, email tools) who handle EU user data.
Action: Sign DPAs with all processors (Google, AWS, Mailchimp, etc.); store documentation.
Right to Erasure
Also called the “Right to be Forgotten.” Users can request data deletion.
Action: Enable account deletion features; respond to deletion requests within 30 days.
EU Representative
Non-EU companies must appoint a local contact for GDPR queries.
Action: Appoint a GDPR rep (can be a legal firm or consultant); mention contact in Privacy Policy.
CITES Compliance (Crystals)
Crystals/minerals may be restricted if harvested unethically or harm endangered species.
Action: Ensure source certification from ethical mines; avoid materials listed under CITES.
Lead Content Testing
Particularly for items like incense holders, diya lamps, etc., EU laws restrict heavy metals.
Action: Source lab tests (EN 71/REACH); label products with compliance info.
California: CCPA/CPRA Compliance
Like GDPR but state-specific; opt-out rights, cookie banners, Do Not Sell requests.
Action: Cookie consent tool; add CCPA/CPRA compliance page; ensure data portability.
New York: Auto-Renewal Law (S7003B)
Subscription-based services must have clear opt-in, cancellation, and renewal policies.
Action: Clear opt-in checkbox for subscriptions; simple cancellation UI; renewal reminders.
FTC Disclaimers
Any metaphysical or spiritual claims must include disclaimers like “for entertainment purposes only.”
Action: Add disclaimers to site footers, product pages, and service descriptions.
FDA Restrictions on Health Claims
Avoid suggesting healing crystals, reiki, or rituals “treat” medical conditions.
Action: Avoid medical language unless backed by science; include disclaimer: “This is not a substitute for medical treatment.”
Hadith Compliance
Religious items must not contradict local Islamic beliefs.
Action: Avoid marketing rudraksha or yantras using language offensive or contradictory to Islamic practices.
Prohibited Items (KSA: Rudraksha)
Rudraksha and certain idols may be banned in Saudi Arabia.
Action: Use IP/geolocation-based product visibility or exclude from shipping to such regions.
Fulfillment Centers
Often, a local partner is legally required to store/ship religious products.
Action: Partner with logistics providers in UAE/Kuwait; check customs paperwork.
Fatwa Certification for Consultations
Spiritual consultation services may need approval or certification depending on the nature of advice.
Action: Consult with a local mufti or advisory board if targeting GCC consumers.
External Legal Review
Ensures ongoing compliance with rapidly changing laws.
Action: Hire compliance/legal consultants to review policies once a year.
Policy Update Cycle
All internal policies must be reviewed and updated at least annually.
Action: Maintain a policy versioning system; notify teams of changes.
Purpose: These emails act as GDPR/CCPA compliance contacts and for any regulatory inquiries.
| Region | Key Focus | Must-Have |
|---|---|---|
| India | Tax, Data, Product Authenticity | GST invoices, DPDPA consent, IGI certification |
| EU | Data Privacy, Ethical Sourcing | GDPR rep, DPAs, REACH/CITES certification |
| US | Privacy, Subscriptions, Disclaimers | Cookie banner, auto-renewal policy, FTC/FDA info |
| Middle East | Religious Sensitivities, Fulfillment Laws | Local partnerships, religious product screening |