Privacy Policy

Effective Date: October 3, 2024

This privacy notice discloses the privacy practices for “LearningMate Solutions Pvt Limited (referred as LearningMate)”. This privacy notice applies solely to Personally Identifiable Information (PII) that we collect, use, process, store, and destruct, except where stated otherwise.

Download the PDF version

1. Introduction

LearningMate respects your privacy and is committed to protecting your personal data. This Policy defines the requirements to ensure compliance with the applicable data privacy laws and regulations applicable to LearningMate's collection, use, and transmission of personal data for information collected by us on our website/application/platform/ product. This Privacy Policy describes how your personal data is protected when you use and/or access our website, platform, products, and services, and the rights you have as a User when you provide us with any personal information, as well as how you can get in touch with us should you need to do so.

This Privacy Policy applies to all personally identifiable information we collect, use, process, store, share, and dispose of from:

a.      LearningMate.com

b.      FROST (Kadal CMS)

c.      Kadal AI

d.      Related Managed Services

We reserve the right to update and modify this Privacy Policy at any time and for any reason. This is the most current version of the policy; archived versions of previous privacy policies can be requested.

Any feedbacks, suggestions, complaints, or concerns are welcome and can be shared with:

Name - Att. Francis Javier Victoria
Title - Global Data Protection Officer (DPO)
Email - moc.etamgninrael@opd

While we may come across PII to render our products, services or even while meeting employment-related requirements, we classify ourselves as under:

Data Controller

Where LearningMate is a Data Controller:

  • Employer-employee relationship
  • Joint contract with third-party vendors

Our Responsibilities as Data Controller:

  • Determine and document the purpose and how PII will be processed
  • Obtain prior consent and retain relevant records
  • Ensure processes are followed lawfully
  • Store for a defined period and dispose of upon expiry of the data retention period
  • Transfer only in cases where it is legally mandated or upon the data subject’s consent using adequate and appropriate data security methods
  • Maintain a record of any data breaches and a record of data processing activities
  • Allow data subject to access their data, move their data, change their data and delete their data

Data Processor

Where LearningMate is a Data Processor:

  • Use/subscription of [organisation] products and services
  • Customer contractual requirements
  • Joint contract with third-party vendors

Our Responsibilities as Data Processor:

  • Determine and document the purpose and how PII will be processed
  • Obtain prior consent and retain relevant records
  • Ensure processes are followed lawfully
  • Store for a defined period and dispose of upon expiry of the data retention period
  • Transfer only in cases where it is legally mandated or upon the data subject’s consent using adequate and appropriate data security methods
  • Maintain a record of any data breaches

2. Terms, Definitions and Abbreviations

Term/Abbreviation Definition
PIIPersonal Identifiable Information
DPOData Protection Officer
Data ControllerThe entity that determines the purposes, conditions and means of the processing of personal data
Data ProcessorThe entity that processes data on behalf of the Data Controller
Data SubjectA natural person whose personal data is processed by a controller or processor
ConsentFreely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data
CookiesUsage Cookies are small files stored on your device
Data Protection OfficerAn expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the General Data Protection Regulation (GDPR)
Data BreachA data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion, leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, such sensitive, confidential, personal or otherwise protected data transmitted, stored or otherwise processed. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property
Supervisory AuthorityA public authority which is established by a member state in accordance with article 51
Data Protection AuthorityNational authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the union

3. Purpose Of PII Collection, Use, Processing, Storing and Sharing

We collect Personal data if you create an account to use our Services or communicate with us, such as:

  • Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction historyy, (collectively, “Account Information”).
  • User Content: When you use our Services, we collect Personal Information that is included in the input, file uploads, or feedback that you provide to our Services (“Content”).
  • Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (“Communication Information”).
  • Social Media Information: We have pages on social media sites like Instagram, Facebook, Twitter, YouTube, and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, “Social Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.
  • Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity (collectively, “Other Information You Provide”).

Personal information we receive automatically from your use of the Services:

When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

  • Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use, and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Cookies: We use cookies to operate and administer our Services and improve your experience. A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may, in some cases, preclude you from using, or negatively affect the display or function off, a website or certain areas or features of a website.
  • Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.

We are the sole owners of the information collected and we act as a Data Controller. We only have access to/collect information that you voluntarily give us via a registration form/email or other forms of direct contact. We do not sell or rent this information to anyone.

We will use your information to respond to you or provide and improve service to you, when you contact us for any purpose. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order or related tasks.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

4. Privacy Protection Statement and Commitment

This statement informs you of the types of personal data we collect when you visit our websites, platforms, or applications/products, and how we process them. With this privacy statement, we also fulfill our duty to inform you pursuant to the specific privacy protection law.

LearningMate is committed to your privacy. The information we have about our customers and users is protected and secure and we work diligently to ensure that preferences regarding the use of your information are honored.

This Privacy Policy explains the types of personal information we collect and how we use, store, protect and disclose that information.

We build privacy that works for everyone. Protecting our users’ privacy and security is a responsibility that comes with creating products and services that are made available for all. We look to these principles to guide our products, our processes, and our people in keeping our users’ data private, safe and secure. We are committed to continually improving the level of protection it requires.

5. Privacy Principles and How We Practice It

These are the set of shared values governing the privacy protection of Personally Identifiable Information (PII) when processed in information and communication technology systems. Privacy principles for PII processing as controllers and/or processors, when it is not otherwise provided by applicable law, they give consent and determine their privacy preferences on how their PII should be processed. The following explains how we practice the Privacy Principles:

5.1  Privacy Principles

Consent
LearningMate manages the consent process through forms displayed on the website and login screens in products, through employee and supplier agreements.

5.2  Limited Collection / Legitimate Purpose / Purpose Specification

We collect only information that is required on a legal, contractual basis or for the smooth functioning of our products and services.

We may process your Personal Data because:

a) We need to perform a contract with you

b) You have given us permission to do so

c) The processing is in our legitimate interest and it is not overridden by your rights

d) To comply with the law

5.3  Disclosure Limitation / Transfer to Third Parties / Trans-Border Concerns

Information may be disclosed only under the following circumstances: LearningMate may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities.

LearningMate may disclose your personal data in the good faith belief that such action is necessary to:

a) To comply with a legal obligation

b) To protect and defend the rights or property of LearningMate

c) To prevent or investigate possible wrongdoing in connection with the Service

d) To protect the personal safety of users of the Service or the public

e) To protect against legal liability

We may engage third-party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services or assist us. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Information that is transferred to third parties is protected by legal agreements, and periodic privacy assessments are conducted.

5.4  Cross-Border Transfer

We store data collected from you across different countries and jurisdictions with different data protection laws.If you are located outside the United States and choose to provide information to us, please note that we may transfer the data, including Personal Data, to the United States and process it there.

Your consent to this privacy policy followed by your submission of information represents your agreement to this transfer.

LearningMate might not take consent from the data subjects if it feels that such transfers are essential to protect the vital interests of the data subject or if such transfer is required to make the data available to a legal or regulatory body that has jurisdiction over it.

5.5  Access Limitations

Measures that ensure that persons entitled to use a data processing system gain access to such data as they are entitled to access in accordance with their access rights.

Access control to all environments is handled by the IT Security Operations team with role-based, named access permissions, including multi-factor authentication and VPN where applicable.

5.6  Security

We take precautions, which include security processes, technical and physical measures to help safeguard your information against any accidental or unlawful destruction, alteration, and unauthorized disclosure of the personal data we process.

While we follow generally accepted security standards to protect your data, we also expect you to keep all access details confidential, protect your password, limit access to your device, and sign out of websites after your sessions. No Internet or email transmission is ever fully secure or error-free. In particular, emails sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumventing any privacy settings or security measures contained on the Service, or third-party websites.

5.7  Accuracy, Completeness and Quality

LearningMate collects PII through digitized forms and hence the accuracy and completeness are checked through programming techniques and also validated by data processors.

5.8  Management, Designation of Privacy Officer, Supervisor Re-Authority, Processing Authorization, Accountability

LearningMate has appointed a Data Protection Officer (DPO) to ensure compliance. Data subjects can reach out to him in case of queries. His contact details are given in all our internal and external policies.

5.9  Transparency and Openness

Data subjects are informed about the personal data collected and its usage through the Privacy Policy. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to the collection, usage and transfer of data.

5.10  Proportionality, Use and Retention, Use Limitation

LearningMate will only hold your personal information for as long as reasonably necessary to fulfill the purpose(s) of collection, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for [six] years after they cease being customers for tax purposes.

In some circumstances, you can ask us to delete your data;: see [section 8] above for further information. Whenever made possible, you can access, update, or request deletion of your personal data directly within your account setting section. If you are unable to perform these actions yourself, please contact us to assist you.

In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

5.11  Access and Individual Participation

The data subject can ask for modification or access to their data at any time before the retention period is over by writing to moc.etamgninrael@opd

5.12  Notice, Purpose, and Specification

The organization on a regular interval informs employees and external stakeholders about the updates to any organization policy through email.

6. Additional Measures for Breach Notification

We have procedures and policies to report and handle breaches within a time span of 72 hours. Each incident is investigated and tracked to closure. If the investigation leads to the conclusion that an illegal, improper or unethical act has been committed, appropriate disciplinary or corrective action will  be initiated against the offender as per the policy and legal provisions. We have implemented the best available commercial tools and physical, technical, and managerial techniques to protect your data; however, no method is 100% secure and cannot totally avoid data breaches.

Notes:

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:

a. At least one of the conditions consent, Data subject rights is met, and

b. In the case of children under the age of 13, at least one of the conditions (permission from parents), are required to be met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects.

7. Appropriate administrative, technical, operational and physical safeguards and measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the jurisdiction application to this policy, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

7. Our Privacy Jurisdictions

The defined privacy policy covers and reflects the privacy requirements and compliance in the following territories:

India United States United Kindom Canada South Africa
Entity NameLearningMate Solutions Private LimitedLearningMate Solutions, IncLearningMate Solutions (UK) LimitedLearning Mate Solutions Canada LimitedLearningMate Solutions (Pty) Ltd.
RegulationsThe Information Technology Act, 2000, - AND - Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011FERPA, COPPA, CCPAGDPRPIPEDAPOPIA
PII CollectedEmployee details like address, certifications, experience, supplier details and name, address, bank accountName, email of prospective leads, product user names/email IDsUK employee details - AND/OR - UK client details as required for projectsCanadian employee detailsSouth African employee details
Purpose of collectionEmployment requisites, Doing business with suppliersTo acquire new clientsEmployment requisitesEmployment requisitesEmployment requisites
How long we hold the informationLearningMate will only hold your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

National data protection and privacy laws may impose additional requirements on LearningMate for the Processing of Personal Data. Where required, LearningMate will establish procedures and guidelines in order to supplement the principles of this Policy and engage with relevant regulatory/ supervisory authority, as required.

8. Your Rights and Obligations

We respect privacy and do the same to your exclusive rights under privacy protection law. You can exercise any one or all of the following privacy rights as applicable and when required:

  • Right of access - Access your data
  • Right to withdraw consent - Withdraw your consent
  • Right to object - Object to the processing of your data
  • Right to rectification - Correct your data
  • Right to erasure - Have your data deleted
  • Right to data portability - Transfer your data
  • Right to restriction of processing - Restrict processing
  • Automated individual decision-making - Be protected from Automated Decision-Making
  • Right to lodge a complaint - complain to DPO

If you wish to exercise any of the rights set out above, please email moc.etamgninrael@opd.

9. With Whom PII is Shared / Transferred

We do not sell or rent any of your personal information. However, we may be required to store personal information with appointed third parties in concurrence with this privacy policy. We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.

We require our third parties and their subcontractors, if any, to adhere to the security policy of your personal data. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with established standards, processes, and instructions.

10. What Security and Privacy Protection Methods We Apply

10.1  Security and Prevention Controls (SPC)

Definition: It covers administrative, technical, procedural, and physical safeguards to protect the information in order to control, detect, prevent and correct intended or accidental breaches, losses, or damage.

10.2  Privacy Protection Controls (PPC)

Definition: These are controls implemented additionally above the SPCs stated, which comprise legal contractual and any mandatory requirements

As technology evolves, our privacy controls evolve as well, ensuring that privacy is always an individual choice that belongs to the user.

Security & Prevention Controls (SPC)

  • Management control covering policies, procedures, standards, benchmarks and guidelines
  • Authentication and authorization control
  • Information classification and identification
  • Protection from malware
  • Software updates and patching
  • System hardening
  • Network protection and access control
  • Periodic user awareness, education and training
  • Cryptography
  • Activity monitoring
  • Secure deletion process
  • Data protection arrangement
  • Information security incident handling and reporting procedure

Privacy Protection Controls (PPC)

  • PII inventory maintenance
  • User notice and consent
  • Documenting the need and purpose
  • Articulating privacy principles and practicing within every process’s privacy by-design and by- default
  • Allowing exercise of privacy rights
  • Declaration of notices and consent
  • Accountability, audit and risk management
  • Governance and Privacy Program
  • Personally identifiable data classification
  • Data privacy impact assessment
  • Privacy requirements for our service providers, consultants and contractors
  • Privacy monitoring and auditing
  • Periodic privacy awareness, education and training
  • Data privacy breach handling and reporting procedure
  • Privacy-enhanced system design and development
  • Privacy information retention and periodic destruction
  • Communication related to privacy requirements

Controls expected by the customer in the case of Frost Enterprise:

Security & Prevention Controls (SPC)

  • Customer information security controls aligned to the product
  • Ownership of administrative accounts
  • Establishing accountability for the hosted tenant accounts
  • Domain name and TLS certificates
  • DPO and necessary security contacts
  • Customer-provided encryption keys
  • Security patch management
  • Monitoring controls
  • Incident and data breach handling procedures
  • Physical, environmental, and logical security controls

Privacy Protection Controls (PPC)

  • Frost privacy policy, Customer privacy policy
  • Data protection policy
  • User notice and consent
  • PII and data classification policy
  • Privacy information retention and periodic destruction
  • Communication related to privacy requirements

* Infra related security controls will be as per customer security policy

11. Special Category PII and How We Secure Them

Special Category PII (SCP): we define the special category of information as:

Special category data is data that the GDPR defines as sensitive personal information, needing a greater level of protection.

Based on the above definition, the PII that we collect, use, store, process, share and dispose may cover include the below-mentioned special category PII:

Currently it is not applicable as it is not being collected, stored, and processed.

Special category PII needs more protection considering its sensitivity and confidentiality nature. We determine conditions for processing special category data before we begin any processing that may be required under any applicable legal requirements, and ensure that:

a.      We document such special category PII processing

b.      We obtain explicit written consent

c.      We state the purpose of collection, use, processing and storing

d.      We ensure processing is in accordance with the lawful basis

e.      We make all related parties educated and aware of the conditions to process such special category PII

f.       We assess relevant impacts and required safeguards implemented

g.      We check the processing of the special category data is necessary for the purpose we have identified and are satisfied there is no other reasonable and less intrusive way to achieve that purpose

h.      Where required, we have an appropriate policy document in place

i.       We include specific information about our processing of special category data in our privacy information

12. PII Pertaining to Children Under the Age of 13

When a product/platform/application collects age, and there is an age in your jurisdiction under which parental, guardian, or similar person’s consent or authorization is required to use the product or services, we will either block users under that age or will ask them to provide consent or authorization from a parent or guardian before they can use it.

We will not knowingly ask infants under that age to provide more data than is required to provide for the product or service.

13. Communication and Marketing

Where permitted by applicable law and, if required, with your consent, we may send periodic promotional or informational emails to you. You may opt out of such communications by following the opt-out instructions contained in the e-mail or other communication you have received or through our dedicated privacy portal accessible here. Please note that it may take up to three (3) business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you non-marketing communications about your account or any services you have requested or received from us.

14. Cookies and Other Tracking Mechanisms

Refer to the Cookie Consent tool on the website (CookieBot Plugin).

Cookie Policy

We use cookies to enhance your experience while using our website. These cookies are essential for the website's functionality and are only used to facilitate login and provide the necessary services. The data collected is limited to your first name, last name, and email address, which are used strictly to enable core features of the website.

We do not use cookies to track users outside the website or for advertising purposes.

By continuing to use our website or logging in, you consent to using these cookies. If you wish to learn more about how we handle your data, please refer to our [Privacy Policy].

15. Special Rights Permitted Under Applicable Jurisdiction

Jurisdiction Particulars' rights to exercise
CaliforniaIf you are a California resident, then, subject to certain limits under California law, you may ask us to provide you with a list of certain categories of personally identifiable information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year as well as the identity of those third parties. To make such a request, residents of the State of California may contact us through our dedicated representative using the details mentioned herein.
UKIf you are a European resident, then you have a right to ask for modification or deletion of your data.

16. Changes To This Policy

We regularly review and may make changes to this Policy from time to time. To ensure that you are always aware of how we use your personal data, we will periodically update the online version of this policy as required to reflect any changes to our use of your personally identifiable information.

We may also make changes to comply with developments in applicable law or regulatory and business requirements. Where practicable, we will notify you by other means prior to changes materially affecting you, such as by posting a notice on our website or sending you a notification via email. However, we encourage you to review this policy periodically (or at least annually) to be informed of any changes to how we use your personal data.

In case LearningMate is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

This Policy was last amended on October 3, 2024.

17. How To Contact Us

For any questions about this policy or our data protection practices or to exercise any rights you may have in relation to your personal data under applicable law, you can contact us at:

Name: Att. Francis Victoria

Title: Global Data Protection Officer

Email: moc.etamgninrael@opd

Privacy Policy Sections
    Download the PDF version