PRIVACY POLICY

Last updated: 23-August-2024

  1. Introduction
    1. Please read this Privacy Policy carefully. By using the Platform, you indicate, agree and acknowledge that you understand, agree and consent to this Privacy Policy and to the collection and use of information in accordance with this Privacy Policy.

      Welcome to www.teachmint.com ("Website") and Teachmint Application ("Application"), a platform that brings together student engagement, content delivery and administration tools in one place and is focused on helping educators and institutes go online to support a blended learning approach and digital learning solutions through video conferencing and related services for digital learning management(Website and Application are hereinafter collectively referred to as the "Platform") owned and managed by Teachmint Technologies Private Limited and its affiliates("Company"). “Affiliate” means any entity that directly or indirectly Controls, is Controlled by or is under common Control with the Company. “Control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of an entity, whether through the ownership of voting securities or otherwise.

      Your visit and use of the Platform for student engagement, content delivery, administration tools, digital learning solutions through video conferencing, collaboration, and related services, support, professional services offered on the Platform ("Services") are subject to this privacy, security and cookies policy ("Privacy Policy") and other terms and conditions of the Platform. This Privacy Policy ensures our firm commitment to your privacy vis-à-vis the protection of your information .

      In this Privacy Policy "we", "our" and "us" refers to Teachmint and "you", "your" and/or “Users” refers to the user of the Platform

      If you are a resident of India and under the age of 18, or if you are resident of any other country and are considered to be of any age determined for use of internet services but are less than the contractual age determined by the applicable laws of such country, by using the Platform, you confirm to us that: (i) your use of the Platform is with the permission of your parent or legal guardian, (ii) you and your parent or legal guardian have reviewed this Privacy Policy to make sure that you and your parent or legal guardian understand and agree to it and (iii), if required, you and your parent or legal guardian shall perform or undertake such activities which will entitle you to enter into a legally binding and enforceable agreement with the Company. By using this Website and/or Application or accepting this Privacy Policy, you and your parent or legal guardian represent and warrant to the Company that you or your parent or legal guardian are 18 years of age or older, and that you have the right, authority and capacity to use the Website and/or Application and agree to this Privacy Policy.

      Our Privacy Policy governs your use of the Services on the Platform, and explains how we collect, safeguard and disclose information that results from your use of the Service. We reserve the right to amend and supplement to complete this Privacy Policy at any time.

      Whenever there is a change to our Privacy Policy, we post updates on our Website and/or Application. We encourage you to regularly review this Privacy Policy to get the latest updates to ensure you know and exercise the right to manage your Personal Information.

      Our organization recognizes that protecting the privacy of Personally Identifiable Information (PII) is essential to our business and reputation. As such, we are committed to maintaining the confidentiality, integrity, and availability of PII and to ensuring that it is collected, used, disclosed, and retained only in accordance with applicable laws and regulations and our own policies and procedures.

  2. Definitions
    1. Unless otherwise defined elsewhere in this Privacy Policy, the following terms shall have the meanings assigned to them as herein below for the purposes of this Privacy Policy:

      "USAGE DATA" means information and data collected and captured as a result of the use of Service.

      "COOKIES" means small data files stored on your device (computer or mobile device).

      “DATA CONTROLLER” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

      “DATA PROCESSORS” OR “SERVICE PROVIDERS” means any natural or legal person who processes the data on behalf of the Data Controller. We are the Data Processors of your personal information. We may use the services of various Service Providers in order to process your data more effectively.

      “PERSONALLY IDENTIFIABLE INFORMATION (PII) PRINCIPAL” means any individual whose personal data is being collected, processed or used by Teachmint. Teachmint is processing the personal data of the below PII principals (Including, but not limited to).

      - Students

      - Parents

      - Teachers

  3. Information Collection and Use
  4. 3.1 Collection of Data

    1. In order to avail the Services under the Platform, registration by the User is mandatory. You are fully responsible for all activities that occur under your account. You specifically agree that the Company shall not be responsible for unauthorized access to or alteration of your transmissions or data, any material or data sent or received or not sent or received through the Platform. By registering, you consent to provide information including Personal Data.
    2. The Company respects the privacy of the Users of the Services and is committed to reasonably protect it in all respects. The information about the user as collected by the Company are:
      1. Information supplied by Users;
      2. Information automatically tracked while navigation;
      3. Inferred information through usage and log data;
      4. Information collected from any other sources (like third party providers or social media platforms).
    3. In order to provide Services and to maintain and improve the Platform, we require certain information (including Personal Data) and may obtain your Personal Data when you register with us, when you express an interest in obtaining information about us or our products and Services, when you participate in activities on our Platform or otherwise contact us. Such Personal Data may be collected in various ways including during the course of your:
      1. Registration as a User on the Platform;
      2. Availing Services offered on the Platform. Instances of such Services include but are not limited to, communicating with the Company customer service by phone, email or otherwise or posting user reviews in relation to Services/products available on the Platform;
      3. Granting permission to share credentials of your online accounts maintained with third parties: We may receive personal information about you from such third parties, including commercially available sources and business partners. If you access the Platform through a connected service on the Platform, the information we collect may include your information available through such connected services.

    3.2 Types of Data Collected

    1. We collect different types of information, including your Personal Data, for various purposes to provide and improve our Service for you.
      1. Personal Data
      2. While using our Service, we may ask you to provide us with certain Personal Data i.e. PII that can be used to contact or identify you. Personal Data/PII may include, but is not limited to:

        1. Email address
        2. First name and last name
        3. Phone number
        4. Address, City, Country, State, Province, ZIP/Postal/Pin code
        5. Other contact information
        6. Gender and other demographics
        7. Date of birth and age
        8. Location Data
        9. Cookies and Usage Data

        We may use your Personal Data/PII to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link.

      3. Usage Data
      4. We may also collect information that your browser sends whenever you visit our Platform and/or use the Service or when you access the Platform by or through any device (“Usage Data”).

        This Usage Data may include information such as server log, your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data

        When you access the Platform with a device, this Usage Data may include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

      5. Location Data
      6. We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.

      7. Cookies Data
      8. We use cookies and similar tracking technologies to track the activity on our Platform and we hold certain information.

        Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

        For optimum performance, we recommend that you choose to accept all Cookies. However, you may restrict this to accept only necessary cookies, which include session, preference and analytics Cookies. Please note that in order to use our Services, it is mandatory to accept necessary Cookies.

        Examples of Cookies we use:

        • Necessary Cookies
          • Session Cookies: temporary Cookies that are generated when you log in to the Platform. They are designed to enhance the functioning of our Services during your current visit or session. These Cookies help maintain your login status, remember items you've selected, or track your progress through a multi-step process, such as adding data linked to your account.
          • Preference Cookies: store information about your preferences and settings on the Platform. For example, your language preference, font size, or the region you have selected. These Cookies make your online experience more personalized and convenient by saving your choices for future visits.
          • Analytics Cookies: are used to collect data on how users interact with the Platform. They track information such as the pages visited, the time spent on each page, and the actions taken by users (e.g., clicks, form submissions, etc.). This data is then analyzed to gain insights into user behavior and improve the Platform's performance, content, and user interface. Analytics cookies are valuable for understanding user preferences and making data-driven decisions to enhance the user experience.
          • Other Cookies: such as other third-party analytics Cookies and advertising Cookies that are used to serve you with advertisements and information that are tailored to user behavior and interests.

    3.3. Purpose for Collection and Use of Data

    1. All required information is Service dependent and the Company may use the above said user Information to maintain, protect and improve the Services (including advertising) and for developing new services. Any Personal Data provided by you will not be considered as sensitive if it is freely available and / or accessible in the public domain like any comments, messages, blogs, scribbles available on social platforms like Facebook, twitter etc..
    2. The Company uses the collected data for various purposes including:
      1. to create and maintain an online account with the Platform;
      2. to maintain our Platform and enable you to avail the Services; to notify you about changes to our Service;
      3. to allow you to participate in interactive features of our Service when you choose to do so; to provide customer support;
      4. to analyse information so that we can improve our Platform and Services;
      5. to notify the necessary information related to the Platform and Services and your online account on the Platform from time to time; to monitor your usage of our Platform and Services;
      6. to maintain records and provide you with an efficient, safe and customized experience while using the Platform;
      7. to detect, prevent and address technical issues;
      8. to furnish your information to Service Providers to the extent necessary for delivering the relevant Services;
      9. aggregated and individual, anonymized and non-anonymized data may periodically be transmitted to Service Providers to help us improve the Platform and our Services;
      10. to fulfill any other purpose for which you provide it;
      11. to verify your identity and prevent fraud or other unauthorized or illegal activity;
      12. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
      13. to dispatch transaction-related communications such as welcome letters, billing reminders, and purchase confirmations;
      14. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
      15. to provide aggregate statistics about Users, traffic patterns, and other related information to reputable third parties, however this information when disclosed will be in an aggregate form and does not contain any of personally identifiable information;
      16. to comply with applicable laws, rules, and regulations;
      17. in any other way we may describe when you provide the information; and
      18. for any other purpose with your consent.
    3. You agree that we may use Personal Information about you or share the same with third party service providers to improve our marketing and promotional efforts, to analyze site usage, improve the Platform's content and Service offerings through integrations, and customize the Platform's content, layout, and Services.
    4. You authorize us to contact you via email or phone call or sms and offer you our services, imparting product knowledge, offer promotional offers running on Application, for which reasons, PII collected may be used.

    3.4. Retention of Data

    1. We will retain your Personal Data only for so long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and to enforce our legal agreements and policies.
    2. We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
    3. We reserve the right to retain the aggregated and anonymized data derived from the Personal Data collected from the users of the Platform including your Personal Data, for any purposes (commercial and non-commercial) as the Company deems fit and proper.

    3.5. Consent Management

    1. We collect consent from users of the Platform at the time of registering on the Website or Platform (through any of the available interfaces). You consent to this Privacy Policy by reading this from the hyperlink on the registration page and proceeding to create an account on the Platform. You may manage your consent in the manner set out below.

    3.6 Withdrawal of Consent

    1. You may withdraw your consent given for collecting any Information and Personal Data under this Privacy Policy and pursuant to use of the Services, at any time by sending an email to [email protected]. In such an event, the Company reserves the right to not allow you further usage of the Website and the Application or provide/use any Services thereunder, without any obligations or liability, whatsoever, whether in contract, tort, law, equity or otherwise, in this regard.

    3.7 Your Rights (Accessing, Updating, and Deleting Your Personal Data)

    1. You have certain rights in relation to your Personal Data that the Company collects (where the Company is the Data Collector) and maintains. You can access your Personal Data and confirm that it remains correct and up-to-date.
    2. If you would like further information in relation to your rights or would like to exercise any of them, you may contact us via [email protected]. You have the right to:
      1. - access any Personal Data we hold about you;
      2. - prevent the processing of your Personal Data for any purpose;
      3. - update any Personal Data which is out of date or incorrect;
      4. - delete any Personal Data which we are holding about you;
      5. - restrict the way that we process your Personal Data; and
      6. - provide you with a copy of any Personal Data which we hold about you.
    3. We try to answer every request promptly where possible, and provide our response, also note that certain Personal Data may be exempt from such requests in certain circumstances, where we need to retain your Personal Data to comply with a legal obligation. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity.
    4. In cases where we are the Data Processor and we get a request from the Data Controller to execute PII principal’s rights, we are responsible to execute such requests.

    Handling and Responding to Legitimate Requests:

    • All requests from PII principals/Data Controller (customers) regarding their personal data shall be directed to the designated privacy officer.
    • Requests can be submitted by contacting us via [email protected]. The Company will share the Data Subject Right Request Form to collect more details from you.
    • Upon receipt of a request, the designated officer shall acknowledge receipt and initiate the review process.
    • Requests shall be processed within 5 working days and will be executed based on the requests.
    • The Company will provide access to the requested information, correct inaccurate data, or delete data as requested.
    • Further, the Company will communicate any changes made (update/delete) to your personal data with the associated third parties/service providers

    3.8 Legal Basis for Data Collection

    1. The legal basis for data collection refers to the lawful justification or reason that an organization relies on to collect and process personal data.
      • Consent: The individual has given clear and explicit consent for their personal data to be processed for a specific purpose. Consent must be freely given, specific, informed, and unambiguous. Individuals have the right to withdraw their consent at any time.
      • Contractual Necessity: The processing of personal data is necessary for the performance of a contract to which the individual is a party or for taking pre-contractual steps at the individual's request. For example, collecting a customer's address and payment information to fulfill an online order.

    3.9 Deletion of Data

    1. Upon termination or expiration of your subscription/usage of the Platform, your data will be deleted from the Platform within 6 months from the date of such termination or expiration. It is further clarified that any data, once deleted, can not be recovered. Accordingly, upon lapse of 6 months from the date of termination or expiration of your subscription/usage of the Platform, the Company will be unable to provide any back-up that you may require of your data previously stored on the Platform.
  5. Disclosure of Data
    1. We do not retain your Personal Information for longer than required for the purposes for which the information may be lawfully used. Towards ensuring that we do not hold any Personal Information not necessary for enabling/providing our Services, we shall delete all KYC documents such as PAN, AADHAR and other documents submitted by you for availing our credit facilitating services within 48 (forty-eight) hours from the date of disbursement or rejection of your application for such facilities.
    2. It is clarified that (i) above is limited to the documents submitted for availing credit facilitating Services. Any other requests for destruction of your Personal Information and/or Data may be made by way of the consent withdrawal mechanism laid down in 3.5 and 3.6 above.
    3. We may disclose Personal Data that we collect, or you provided on our Platform as follows:

    4.1 Disclosure for Law Enforcement and other legal necessity:

    1. We reserve the right to use or disclose your Personal Data in response to any statutory or legal requirements. We will use and disclose your Personal Data if we believe you will harm the property or our rights or the rights of the other Users of our Platform. Finally, we will use or disclose your Personal Data if we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or property, violations of the Platform’s other policies, or as otherwise required by law when responding to subpoenas, court orders and other legal processes.
    2. We reserve the right to use or disclose your Personal Data and other information if we believe that disclosure is necessary or appropriate to protect rights, property and safety of the Company, its users, customers, Service Providers, officers and shareholders. We may also in good faith share information with other organizations and entities for the purposes of fraud protection and credit risk reduction.

    4.2 Business Transaction

    1. If we or our Affiliates are involved in a merger, acquisition or asset sale, and/or in the event the ownership or control of our Platform changes, we may transfer your information to the new owner

    4.3 Disclosure by the User

    1. When you use certain features on the Platform like the discussion forums and you post or share your Personal Information as comments, messages, files, photos on such discussion forums on the Platform, which is freely accessible to group of other users and/or the public, the same will be available to all such users and/or public. All such sharing of information will be done at your own risk. Please keep in mind that if you disclose Personal Information in posting as comments, messages, files, photos on the discussion forums on the Platform, such information may become publicly available.

    4.4 Other Disclosures

    1. If we or our Affiliates are involved in a merger, acquisition or asset sale, and/or in the event the ownership or control of our Platform changes, we may transfer your information to the new owner.

    4.5 Data Processing by the Service Providers

    1. We may engage and employ third party companies and individuals to perform certain processing activities and to perform Service (“Service Providers”), to provide Service on our behalf, perform Service-related activities or assist us in analyzing how our Service is used. Towards that objective, we may share your Personal Information with such Service Providers.
    2. As the PII Controller, you can contact [email protected] to get the below details around the service providers who may be processing your data on behalf of us, we will provide you with the details of these service providers within 7 working days.
      1. - List of service providers with whom we share your data.
    3. We will not process your data for marketing and advertising without prior consent from the PII controllers.
    4. The Service Providers may be engaged and employed for various purposes documented within this Privacy Policy.
  6. Data Security Practice and Procedure
    1. The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

    5.1 Security of Data

    1. We maintain strong security safeguards to ensure the security and confidentiality of the User’s data, protect against any anticipated threats to the security of your Personal Information, protect against unauthorized access to your information, and ensure the proper disposal of your Personal Information. We have adopted a comprehensive security policy that complies with laws and regulations and reflects industry standards. We have in place appropriate safeguards and security measures to protect the personal data you provide on this Platform against accidental or any other unlawful forms of processing. We use third party Service Providers for the purposes of payment collections and information shared by you in relation to payments, shall be governed by privacy policy adopted by such Service Providers.
    2. Our security policy requires us to consistently monitor the risk of any threats to the administrative, technical, and physical safeguards we have put in place to protect your information. The safeguards include, at a minimum, firewalls and data encryption and restricting access to your Personal Information only to those employees who have a need to know such information to carry on our operations. These safeguards are reviewed and adjusted periodically based on ongoing risk assessments.
    3. In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:
    4. Name: Krithika Muthuraman (Grievance Officer), Teachmint Technologies Private Limited
      5th Floor, North Wing, SJR The HUB, Sy. Number 8/2 & 9, Sarjapur Road, Bengaluru Karnataka - 560 103
      Email: [email protected]

    5.2 Transfer of Data

    1. The information, including Personal Data we obtain from or about you may be maintained, processed and stored by us on the systems situated in the territory of Republic of India.
    2. However, subject to applicable laws, your information, including Personal Data, may be transferred to – and maintained on – computers located in countries other than India where the data protection laws may differ from those of the Data Protection Rules applicable in India.
    3. If you are located outside India and choose to provide information to us, please note that we transfer the data, including Personal Data, to India and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
    4. The Company will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Information.
    5. We comply with generally accepted industry standard regulations regarding the collection, use, and retention of data under the Information Technology Act, 2000 and Data Protection Rules. By using the Platform and/or Services, you consent to the collection, transfer, use, storage and disclosure of your information as described in this Privacy Policy, including to the transfer of your information outside of your country of residence.
  7. Links to Other Sites
    1. Our Platform may contain links to third party websites and mobile applications that are not operated by us. If you click such a link, you may be directed to such third party’s websites and mobile applications. We strongly advise you to review the Privacy Policy of every site you visit.
    1. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party websites and mobile applications or any services offered by such third parties. You agree that we shall not be liable for any breach of your privacy of Personal Information or loss incurred by your use of such websites or services.
  8. YouTube Video Upload
    1. We use YouTube Data APIs to help users manage their YouTube account, which primarily includes adding videos to their YouTube channels and getting the list of channels available for a YouTube account. And we follow YouTube and Google policy when using these APIs.
    2. Users can revoke the access of our application to your account via the Google security settings page at https://security.google.com/settings/security/permissions
    3. Google Privacy Policy: http://www.google.com/policies/privacy
    4. By using the application, users agree to be bound by the YouTube Terms of Service:https://www.youtube.com/t/terms
    5. Some YouTube Data API Scopes :
      1. https://www.googleapis.com/auth/youtube: show user channel information and video information
      2. https://www.googleapis.com/auth/youtube.upload : help people upload video into channel.
  9. Changes to This Privacy Policy
    1. This Privacy Policy will remain in effect except with respect to any changes in its provisions in the future. We may update our Privacy Policy from time to time.
    2. Subject to the above, your continued use of the Platform following the posting of Revised Terms shall imply your acknowledgement of and agreement with the Revised Terms, which shall be binding on you.
  10. Copyright, Trademark and Other Intellectual Property Protection
    1. Teachmint is an intellectual property of the Company, all materials on the Platform are protected by copyright laws, trademark laws, and other intellectual property laws. Any unauthorized use of any such information or materials may violate copyright laws, trademarks laws, intellectual property laws, and other laws and regulations
  11. COPPA Disclosure
    1. This clause is intended for use by residents of the United States
    2. 10.1 Purpose

    3. This COPPA Compliance Policy is designed to afford children under the age of 13 the protections mandated by the Child Online Privacy Protection Act (“COPPA”). This Policy applies only to users under the age of 13, and in addition to our regular Privacy Policy.
    4. 10.2 Information Collected

    5. We respect the privacy of children, and do not collect any more personal information than reasonably necessary to enable them to participate in the activities we offer at our Website and Application.
    6. With respect to our online information collection practices from children under 13 years of age: We collect the following types of personal information directly from children online:
      • E-mail address
      • First and last name
      • Identifiers such as information held in a cookie

      10.3 Cookies

    7. A Cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive. Cookies are required to use the Service. We use Cookies to record current session information, but do not use permanent cookies. You are required to log-in to your Teachmint account again after a certain period of inactivity time has elapsed to protect you against others accidentally accessing your account contents.
    8. Please note that parents may consent to the collection and use, discussed below, of the information listed above without necessarily consenting to the disclosure of personal information to third parties.
    9. With respect to the collection by other organizations of personal information from children at our site, we do not have any agreements with outside organizations to collect PII at our site.
    10. 10.4 Use and Sharing of Information

    11. The information we collect from children is used:
      • For record keeping
      • To enable them to participate in certain functions of our site, such as use of chat and messaging functions between students and between teachers and students.
    12. We do not have any agreements with outside organizations to collect personal information at our site, and we do not share children’s personal information with anyone other than those who provide support for the internal operations of the Website, Application and our agents (e.g., contractors who provide fulfillment services or technical support to the Web site).
    13. 10.5 Parental Consent:

    14. Any need for parental consent is obtained by the School. In order for a child under the age of 13 to use the Web site, we must obtain verifiable parental consent to the information collection practices disclosed in clause No 11 of the privacy policy. The School or the Customer is responsible for having and communicating a data privacy policy for parents and staff. We may not condition a child’s participation in a service or activity on more disclosure than is reasonably necessary.
    15. Parents can (1) review the information that we have collected from their children online, (2) prevent the further use or maintenance of such information, and (3) direct the deletion of their children’s personal information by contacting the School.
    16. 10.6. Prohibition on Tracking and Targeted Advertising:

    17. COPPA prohibits covered operators from engaging in certain tracking activities or targeted advertising directed at children under 13 without verifiable parental consent.
  12. FERPA Privacy & Data Protection Addendum:
    1. This clause is intended for use by residents of the United States.
    2. US Federal Family Educational Rights and Privacy Act (FERPA) Data Security Terms for inclusion in agreements with US schools only.
    3. 11.1 Protection of Confidential Data

    4. The Company agrees to abide by the limitations on re-disclosure of personally identifiable information from education records set forth in The Family Educational Rights and Privacy Act (34 CFR § 99.33 (a)(2)) and with the terms set forth below. 34 CFR 99.33 (a)(2) states that the officers, employees, and agents of a party that receive education record information from the Institution may use the information, but only for the purposes for which the disclosure was made.
    5. 11.2 Definition

    6. Covered data and information (CDI) includes electronic student education record information supplied by You, as well as any data provided by Your students to the Company.
    7. 11.3 Acknowledgment of Access to CDI

    8. The Company acknowledges that the agreement for the use of Services allows the Company access to CDI.
    9. 11.4 Prohibition on Unauthorized Use or Disclosure of CDI

    10. The Company agrees to hold CDI in strict confidence. The Company shall not use or disclose CDI received from or on behalf of you (or your students) except as permitted or required under the agreement for the use of Services, as required by law, or as otherwise authorized in writing by You. The Company agrees not to use CDI for any purpose other than the purpose for which the disclosure was made.
    11. 11.5 Return or Destruction of CDI

    12. Upon termination, cancellation, expiration or other conclusion of the arrangement between the Company and You, The Company shall return all CDI to You or, if return is not feasible, destroy any and all CDI. If the Company destroys the information, the Company shall provide You with a certificate confirming the date of destruction of the data.
    13. 11.6 Remedies

    14. If You reasonably determine in good faith that the Company has materially breached any of its obligations under this contract, You, in your sole discretion, shall have the right to require the Company to submit to a plan of monitoring and reporting; provide the Company with a fifteen (15) day period to cure the breach; or terminate the agreement for the use of Services immediately if cure is not possible. Before exercising any of these options, You shall provide written notice to the Company describing the violation and the action it intends to take. If the Family Policy Compliance Office of the U.S. Department of Education determines that the Company improperly disclosed personally identifiable information obtained from Your education records, You may not allow the Company access to education records for at least five years
    15. 11.7 Maintenance of the Security of Electronic Information

    16. The Company shall develop, implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of all electronically maintained or transmitted CDI received from, or on Your behalf or Your students. These measures will be extended by contract to all subcontractors used by the Company.
    17. 11.8 Reporting of Unauthorized Disclosures or Misuse of Covered Data and Information

    18. The Company shall, within one day of discovery, report to You any use or disclosure of CDI not authorized by this agreement or in writing by You. The Company’s report shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the CDI used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure, (iv) what the Company has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action the Company has taken or shall take to prevent future similar unauthorized use or disclosure. The Company shall provide such other information, including a written report, as reasonably requested by You
    19. 11.9 Indemnity

    20. The Company shall defend and hold You harmless from all claims, liabilities, damages, or judgments involving a third party, including Your costs and attorney fees, which arise as a result of the Company’s failure to meet any of its obligations under this agreement.
  13. Jurisdiction Specific Rules
    1. The Company’s privacy framework aligns with the below privacy laws and regulations (and their respective Key Principles) globally for managing personal information responsibly.
      • General Data Protection Regulation (GDPR)/Data Protection Act 2018 (United Kingdom)
    2. The GDPR is a comprehensive data protection regulation that applies to the processing of personal data of individuals within the European Union (EU) and the European Economic Area (EEA).
    3. Key Principles:

      • Lawfulness, fairness, and transparency in data processing.
      • Purpose limitation: Personal data must be collected for specified, explicit, and legitimate purposes.
      • Data minimization: Only necessary personal data should be collected and processed.
      • Accuracy: Personal data must be accurate and kept up to date.
      • Storage limitation: Personal data should be kept only for as long as necessary.
      • Integrity and confidentiality: Organizations must ensure the security and confidentiality of personal data.
        • California Consumer Privacy Act (CCPA)
      • Users who are California residents have certain rights under the CCPA. If you are an eligible California user, these rights are:
      • Key Principles:

        • “Right to Know” - You have the right to request to know more about the personal information that we have collected about you and access a copy of your personal information.
        • “Right to Correction” - You have the right to correct inaccurate personal information about you.
        • “Right to Deletion” - You have the right to request deletion of personal information that we have collected about you.
        • “Right to Non-Discrimination” - If you choose to exercise any of your rights under CCPA, the Company will treat you like all other users. In other words, there is no penalty for exercising your rights under CCPA.
        • “Right to Opt-Out” - You have the right to opt out of the sale or sharing of your personal information.
      • To exercise any of these rights under CCPA, please contact us [email protected].
        • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
      • PIPEDA is a Canadian federal privacy law that governs the collection, use, and disclosure of personal information in the private sector.
      • Key Principles:

        • Consent is a fundamental principle of PIPEDA.
        • Purpose limitation: Collect only necessary personal information for identified purposes
        • Accuracy: Organizations must maintain accurate and up-to-date personal information for intended purposes.
        • Organizations must implement safeguards to protect personal information from unauthorized access, loss, or misuse.
        • Right to know
        • PIPEDA restricts the transfer of personal information to third parties outside Canada, requiring organizations to obtain consent or ensure that the recipient provides a comparable level of protection. all the Canadian principles would be providing their consent on the same by reading this privacy policy before registering with us.
        • Personal Data Protection Act (PDPA) (Singapore)

        Key Principles:

        • Consent: Obtain consent before collecting, using, or disclosing personal data, except in specific exempt situations
        • Purpose: Use personal data only for appropriate purposes communicated at collection. Inform individuals of data purposes, organization identity, and contact details.
        • Accuracy: Ensure accuracy of collected personal data; correct inaccuracies as needed.
        • Retention: Do not retain personal data longer than necessary; securely dispose when no longer needed.
        • Data Transfer: Ensure adequate protection for personal data transferred outside Singapore.
        • Right to know: Individuals have the right to request access to their personal data held by organizations and to request corrections if the data is inaccurate or incomplete.
        • Implement reasonable security measures to protect personal data.
        • Organizations are accountable for complying with the PDPA and must appoint a Data Protection Officer (DPO) to oversee data protection policies and practices, as well as establish internal mechanisms for handling data protection complaints and inquiries.
        • General Data Protection Law (LGPD) (Brazil)

        Key Principles:

        • Process personal data lawfully, fairly, and transparently; provide clear information to data subjects
        • Purpose: Collect data for specified, legitimate purposes; avoid incompatible processing.
        • Limit data processing to necessary purposes; maintain accuracy and updates.
        • Personal data must be accurate, complete, and, where necessary, updated, taking into account the purpose of the processing.
        • Implement measures to secure personal data against unauthorized access or alteration.
        • The LGPD grants data subjects rights to access, correct, anonymize, delete, and transfer their personal data
        • Consent:Personal data processing requires freely given, informed consent; withdrawal is possible at any time. Sensitive data processing requires explicit consent or legal exceptions.
        • Controllers must demonstrate LGPD compliance, implementing measures and providing evidence when requested.
        • Controllers must promptly notify "National Data Protection Authority" (ANPD) and affected subjects of data breaches
        • Controllers must conduct DPIAs for high-risk processing, assessing necessity and mitigating risks.
        • Cross-border data transfer requires consent or safeguards like contractual clauses.
        • Privacy Act 1988 (Australia)

        Key Principles:

        • Purpose limitation:Collect personal information only as necessary, informing individuals of the purpose. Use or disclose personal information solely for the collected purpose, unless exceptions apply.
        • Accuracy:Ensure collected personal information is accurate, up-to-date, and relevant.
        • Data protection:Protect personal information from misuse, loss, unauthorized access, modification, or disclosure.
        • Right to know: Provide individuals with access to and correction of their personal information within a reasonable time.
        • Avoid assigning unique identifiers unless necessary and comply with usage conditions.
        • Offer individuals the option to interact anonymously or pseudonymously where lawful and practicable.
        • Consent:Obtain consent or meet exceptions before collecting sensitive information.
        • Right to lodge complaintswith the Australian Information Commissioner (OAIC) for Privacy Act breaches; OAIC investigates and enforces.
        • Organizations must take reasonable steps to ensure that personal information disclosed to overseas recipients is protected by laws or practices that are substantially similar to Australia's privacy laws, or obtain the individual's consent for the disclosure.
        • Data Privacy Act (DPA) (Philippines)
      • The Data Privacy Act (DPA) of the Philippines shares some similarities with the GDPR (General Data Protection Regulation) in the European Union.
      • Key Principles:

        • Data Subject Rights:The DPA grants rights to individuals (data subjects) regarding their personal information, including the right to access, correct, erase, object to processing, and lodge complaints.
        • Data Privacy Principles: The law outlines principles for the processing of personal data, including transparency, legitimate purpose, proportionality, and data security.
        • Data Protection Officer (DPO): Appoint a Data Protection Officer responsible for ensuring compliance with the DPA.
        • Consent Requirements:Organizations must obtain the consent of data subjects before processing their personal information, except in certain specified circumstances.
        • Data Breach Notification: Organizations are required to notify the National Privacy Commission and affected individuals in the event of a data breach that is likely to result in serious harm to data subjects.
        • Cross-Border Data Transfers: The DPA regulates the transfer of personal data outside the Philippines to ensure adequate protection of data privacy rights.
        • Penalties for Non-Compliance: Violations of the DPA can result in administrative fines, imprisonment, or both, depending on the severity of the offense.
  14. Contact Us
    1. If you have any questions about this Privacy Policy, please contact us by email: [email protected] and Reach out to [email protected] (Data Protection Officer) for any questions related to privacy.
  15. Revision History
  16. Date Version Number Brief Description of change Change Request Number
    20-Mar-2021 1 Initial Release NA
    05-March-2024 2 Addition of below sections:
    1. - Section 11, COPPA Disclosure
    2. - Section 12, Parental Consent (US)
    3. - Section 13, FERPA Privacy & Data Protection Addendum
    NA
    26-April-2024 3 Reviewed and updated as per ISO 27701: 2019, below changes have been made in this policy.
    1. - Added section 3.6 Your Rights (Accessing, Updating, and Deleting Your Personal Data)
    2. - Added Section 3.7 Legal Basis for Data Collection
    3. - Added Section 3.8 Consent Management
    4. - Added Section 4.5 Data Processing by the Service Providers
    5. - Added Section 12 Jurisdiction Specific Rules
    6. - Deleted duplicates statements throughout the policy
    7. - Added DPO details
    NA, PIMS implementation
    18-June-2024 4 Addition of clause 3.9 to address Data Deletion and time period of recovery post deletion NA
    23-August-2024 5 Addition of Dedicated DPO Email i'd NA
©Copyright Teachmint
Technologies Pvt. Ltd.