Students and applicants privacy notice
Who are we (Introduction)?
University of Bristol Mumbai Campus Private Limited, a company incorporated under the laws of India and having its registered office at 303, INIZIO, Cardinal Gracious Road, Andheri (East), Mumbai – 400099, Maharashtra (hereinafter referred to as “UBMC”, “us”, or “we”) is committed to protecting and securing the confidentiality of, and to lawfully handling and effectively managing the personal data we collect from our students and program applicants.
What is the purpose of this notice?
This Students’ and Program Applicants’ Privacy Notice (“Notice”) outlines and describes how personal data or information of students and program applicants is collected, managed, and processed by UBMC. UBMC is committed to handling the personal data of its students and program applicants with fairness and transparency, and in a lawful manner. This Notice covers the minimum controls and obligations that UBMC is committed to for ensuring that the personal data of our students and program applicants is collected, used, retained, and disclosed in a secure, lawful, transparent, and compliant manner.
Whom is this notice directed to (Scope)?
This Notice applies to enrolled students or program applicants of the educational course(s) offered by UBMC (collectively “you”, “your”) and is designed to inform you of the personal data that we collect, our purposes of processing that data, and your rights in connection with it.
This Notice applies to all our courses and educational services, including whenever we collect and process your personal data in that context for the purposes identified below. Please note, however, that there may be cases from time to time where we need to update this Notice, for example, to reflect changing legal requirements or processing activities, and in the event that we make any material changes to this Notice, then we will let you know.
This Notice does not apply to personal data belonging to other categories of individuals, like our marketing leads, vendors, employees, contractors, consultants, job applicants, faculty members, or clients engaged with or by UBMC. See our other privacy notices for more information. However, as more than one of the above notices may apply to you depending upon the context in which your personal data is collected and processed (e.g., an employee may also be a student), be sure to carefully read each applicable notice that we provide to you so that you are fully informed.
What other rules or notices apply?
In some cases, local laws and regulations that apply to the processing of your personal data may be more restrictive than this Notice. Those more restrictive requirements will apply in that case. UBMC will provide you with additional privacy notices or information where applicable law(s) so require. In addition, this Notice may be supplemented from time to time with more specific privacy information or notices, for example, when you use a particular UBMC app or portal.
What are the categories/types of personal data we collect about you?
The personal data that we collect and process may vary depending on the course/program you select and the obligations arising under applicable laws. The personal data that we collect from you is stored within the electronic records/database stored on servers (including cloud servers) located in Singapore and/or India, or in another country (including third countries that are not covered by an adequacy decision of the European Commission), as well as within physical records/databases.
UBMC collects the personal data only to the extent it requires it for a particular purpose(s), and it may collect the following types of personal data from you:
| Categories of Personal Data | Examples of Personal Data Attributes Within Each Category |
|---|---|
| Identification / Identity Data | Full name, alias, gender, title, country of residence, nationality, citizenship, location, online identifier, IP address, date of birth, age, photograph, biometric data (as part of any government-issued ID), parents’ or legal guardians’ full names, race |
| Contact Details | Home address, work address, personal and/or official phone number(s), personal and/or official email address(es), parents’ or legal guardians’ contact details (such as email ID, phone number, WhatsApp number), emergency contact details |
| Financial Data | Tokenized data received from the payment gateways, bank account information, tax identification number (including PAN) |
| Educational and Employment Data | Educational qualification, number of years of work experience, job function, industry, job title, recent compensation, name of the employer |
| Electronic Identification Data | Login ID, password, IP data, website visit logs, browser details |
| User-Generated Data | Attendance and absence records, projects and assignments submitted, evaluation remarks, peer and faculty feedback, grades, performance data, audio and video recordings during online/offline sessions and webinars, photographs/digital images/drawings in connection with the course(s) enrolled for, posts on public forums, course platforms and mobile learning apps, communication content, survey responses, quizzes, credentials generated (certificate/diploma/degree), feedback, suggestions, comments, testimonials |
| Government-Issued ID (Including Copy Thereof) | National ID (including Aadhaar/UID and NRIC), passport (including visas), any other acceptable government document |
| Health Information | Disabilities and special accommodations required |
| Other Personal Details | Personal references, language proficiency, introduction videos, general or random information not necessary for program delivery or management (such as mother’s maiden name or pet’s name) used for identity verification while resetting login credentials, including username and password |
UBMC does not handle your credit or debit card number for the processing of payment. Such data is collected and processed by third-party payment gateway service providers on our behalf as per our agreements with them and any other rules and regulations applicable to them.
Sensitive personal data:
Sensitive personal data or special categories of personal data (“SPD”) are personal data that are particularly sensitive in nature and merit specific protection, as the context of their processing could create greater risks to the fundamental rights and freedoms of individuals. SPD, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. The examples of SPD may vary depending upon the context and the laws of the respective countries from where the SPD originates, and may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation, or data concerning health.
UBMC does not require collecting or processing any sensitive personal data or special categories of personal data for delivering the course(s). If any SPD forms part of any national or government-issued ID that you have submitted with UBMC, you are advised to inform UBMC of that fact to allow us to take steps towards lawful processing of such SPD.
Should we require SPD for delivering the courses or for any other related purpose(s), we will obtain your explicit consent for such collection and processing in terms of this Notice at the point where the SPD is disclosed by you. Where the applicable law(s) provide other legal bases for processing SPD (as an exception to obtaining explicit consent), we may rely upon such legal basis as may be available to us in a particular situation. In the event you voluntarily disclose/share/upload/post/make public your SPD on our website, or any other public forum owned or controlled by us, you understand that the said SPD may be processed by us in accordance with the applicable law(s) and this Notice.
Personal data of others provided by you:
In certain situations, you may provide us with the personal data of others (for example, friends, colleagues, family members, etc.), such as in the context of providing emergency contact details, personal references for your application, or referrals to our programs and courses.
Whom is this notice directed to (Scope)?
This Notice applies to enrolled students or program applicants of the educational course(s) offered by UBMC (collectively “you”, “your”) and is designed to inform you of the personal data that we collect, our purposes of processing that data, and your rights in connection with it.
This Notice applies to all our courses and educational services, including whenever we collect and process your personal data in that context for the purposes identified below. Please note, however, that there may be cases from time to time where we need to update this Notice, for example, to reflect changing legal requirements or processing activities, and in the event that we make any material changes to this Notice, then we will let you know.
This Notice does not apply to personal data belonging to other categories of individuals, like our marketing leads, vendors, employees, contractors, consultants, job applicants, faculty members, or clients engaged with or by UBMC. See our other privacy notices for more information. However, as more than one of the above notices may apply to you depending upon the context in which your personal data is collected and processed (e.g., an employee may also be a student), be sure to carefully read each applicable notice that we provide to you so that you are fully informed.
Why do we collect your personal data?
Purpose(s) of processing
UBMC uses students’ and program applicants’ personal data for the purposes related to screening, enrollment, onboarding, delivery, assessment, administration, management, and completion of courses.
Lawful (legal) basis for processing
Privacy laws of certain jurisdictions require that one of the available lawful bases of processing, as prescribed by such privacy law, must be relied upon (satisfied) by UBMC before processing your personal data for each of the purposes listed earlier. The lawful basis that UBMC relies upon for a particular processing activity may differ from the lawful basis relied upon for another processing activity, i.e., different lawful bases may be relied upon to conduct different processing activities lawfully.
All or some of the following lawful bases of processing may be available under the privacy law of a particular jurisdiction (country):
- Consent: You have given consent (explicit/express or deemed/implied, depending upon the applicable privacy law) to the processing of your personal data for one or more specific purposes.
- Performance of a contract: Processing of your personal data is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
- Compliance with legal obligation: Processing is necessary for compliance with a legal obligation to which UBMC is subject.
- Protection of vital interests: Processing is necessary to protect your vital interests or those of another natural person.
- Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Legitimate interest: Processing is necessary for the purposes of the legitimate interests pursued by UBMC or a third party, except where such interests are overridden by your rights and freedoms under applicable data protection laws.
Processing of sensitive personal data or special categories of personal data (‘SPD’) has been covered earlier under the section ‘What are the categories/types of personal data we collect about you?’.
The most common processing activities under each purpose that we use (process) your personal data for, along with the respective legal basis for our processing activities, are listed below:
| Purpose of Processing (Processing Activities) | Lawful (Legal) Basis for Processing |
|---|---|
| Screening | |
| Assessing/evaluating your eligibility for admission to a course based on the defined parameters and requirements. | Performance of a contract |
| Verifying documentation related to your identity, educational qualification, and work experience. | Performance of a contract |
| Sanction checks/screening in compliance with applicable sanction laws across geographies, and similar programs of the university partners (for example, the sanctions list of the Office of Foreign Assets Control). | Compliance with legal obligation |
| Enrollment | |
| Verifying your identity. | Performance of a contract |
| Onboarding | |
| Creating your account and generating login details, including username and password. | Performance of a contract |
| Delivery | |
| Conducting online and/or face-to-face classes. | Performance of a contract |
| Sending course material. | Performance of a contract |
| Sending assignments and quizzes. | Performance of a contract |
| Responding to your doubts, queries, and requests | Performance of a contract |
| Sending updates about the course(s) you have enrolled in. | Performance of a contract |
| Facilitating your participation /attendance in seminars, webinars, events, and other programs related to the course(s) you have enrolled for. | Performance of a contract |
| Providing chatrooms and discussion forums for facilitating collaboration with other students. | Performance of a contract |
| Providing access to the learning management system (LMS) for delivering the course(s) you have enrolled for. | Performance of a contract |
| Enabling your access to a video streaming platform that hosts the library of videos related to the course(s) you have enrolled for. | Performance of a contract |
| Facilitating the formation of study groups and connecting you with coaches and faculty. | Performance of a contract |
| Creating and inviting you to join WhatsApp (or similar mediums) groups as discussion forums and study groups. | Consent |
| Facilitating your enrolment in ancillary/supplementary programs, courses, trainings, and certifications related to the course/program you have enrolled for, as an optional part of the curriculum. | Consent |
| Facilitating your enrolment in ancillary/supplementary programs, courses, trainings, and certifications related to the course/program you have enrolled for, as a mandatory part of the curriculum. | Performance of a contract |
| Assessment | |
| Assigning projects, presentations, and assignments. | Performance of a contract |
| Conduct a periodic review of your performance during the course. | Performance of a contract |
| Conducting tests and examinations. | Performance of a contract |
| Administration and Management | |
| Assigning you to a study/project group within your cohort. | Performance of a contract |
| Tracking your attendance. | Performance of a contract |
| Monitoring your progress. | Performance of a contract |
| Sending information on other courses related to the course(s) you have enrolled for/completed (you will have an option to unsubscribe from such communication anytime). | Consent |
| Sending surveys for receiving feedback and suggestions for enhancing the overall quality of the program. | Legitimate interest |
| Verifying your contact information, such as phone number and email ID, using OTP or another verification mechanism. | Legitimate interest |
| Verifying your identity for resetting your login credentials in case of lost/forgotten particulars, including your username and password | Legitimate interest |
| Recording and tracking of financials, including processing of fees and refunds. | Performance of a contract |
| Responding to your general questions and queries. | Performance of a contract |
| Investigating and addressing your complaints and issues. | Performance of a contract |
| Submit records and reports required by the concerned university partner. | Performance of a contract |
| Submitting records and reports required by the regulatory authorities. | Compliance with legal obligation |
| Complying with applicable laws, rules, regulations, codes of practice, or guidelines and associated administrative activities: | |
| Responding to requests by government or law enforcement authorities conducting any investigation. | Compliance with legal obligation |
| Using personal data in connection with legal claims or litigation. | Legitimate interest |
| Complying with directions, orders, including subpoenas or other legal processes of competent courts, legal or regulatory bodies (including but not limited to disclosures to such regulatory bodies). | Compliance with legal obligation |
| Investigating, preventing, or taking suitable action regarding illegal activities, suspected fraud, security issues, enforcing our terms and conditions, or this Notice, or to protect our rights, property, or safety, and those of others. | Legitimate interest |
| Processing personal data for audit checks and other regulatory purposes, including but not limited to, re-certification and accreditation purposes. | Legitimate interest |
| Implementing a whistleblower program (or other complaint mechanism) and setting up a hotline and web-portal for collecting whistleblower reports (anonymous or identified). | Compliance with legal obligation |
| Monitoring and ensuring network and information security, including preventing unauthorized access to our systems and protecting against attacks through viruses, malicious software, etc., and ensuring business continuity. | Legitimate interest |
| Validating your credential(s) as part of any background verification (BGV) process authorized by you. | Legitimate interest |
| Processing of payment/fee, applicable taxes, and refund towards the course(s) that you have enrolled for. | Performance of a contract |
| Ensuring compliance with applicable terms and conditions and/or applicable policies and procedures. | Legitimate interest |
| Internal reporting and/or accounting purposes. | Legitimate interest |
| Successors in the event of a merger, acquisition, or reorganization. | Legitimate interest |
| Other Purposes | |
| Issuing and maintaining credentials upon successful completion. | Performance of a contract |
| Assisting you with your career development and job search initiatives. | Performance of a contract |
| Creating and hosting your profile, which is viewable by other students within and outside your cohort, and assisting you in networking and establishing connections with them. Please note that the objective here is to facilitate networking and collaboration among students, and your participation is entirely voluntary. However, once your profile becomes public (at your option and by your consent), UBMC has practically no control over the usage of your personal data and information contained in your profile by those who have access to your profile. |
Consent |
| Including your profile (including contact details) in the students’ directory that is viewable by and available to other students within and outside your cohort to assist you in networking and establishing connections with them. Please note that the objective here is to facilitate networking and collaboration among students, and your participation is entirely voluntary. However, once your profile becomes public as part of the directory (at your option and by your consent), UBMC has practically no control over the usage of your personal data and information contained in your profile by those who have access to the directory. |
Consent |
| Reaching out to you for corporate and individual referrals. | Legitimate interest |
| Training our workforce/employees on different processes that may involve the processing of your personal data. | Legitimate interest |
| Social media marketing (for example, Facebook lookalike): We may use your name, email address, or other contact information to identify groups of individuals with similar interests or characteristics on social media, which we would target for advertising. Your data would not be used for any other purpose by the social media platform. This processing would be based on our legitimate interest to increase the audience of persons likely to be interested in our services. You have a right to object to this use of your information that can be exercised as explained in ‘What are your rights with respect to your personal data?’ section of this Notice. Legitimate interest | Legitimate interest |
| Digital advertising and marketing. | Legitimate interest |
| Conducting business analytics, marketing research, and data analysis. | Legitimate interest |
| For business planning purposes, marketing, advertising, and sales efforts. | Legitimate interest |
| For inviting, registering, and, onboarding you for general seminars, webinars, and events (that may not be related to the course or program you have enrolled for). | Legitimate interest |
| Alumni engagement communications. | Legitimate interest |
| For any other purpose as disclosed to you at the point of collection or pursuant to your consent. | Consent |
| Making appropriate arrangements in the event of an emergency | Protection of vital interests |
Where UBMC wishes to use your personal data for a new purpose not previously identified, UBMC will do so in accordance with applicable privacy laws. Where required, UBMC will notify you and obtain your consent or rely on another lawful basis before such processing.
Legitimate interest as the lawful (legal) basis for processing – additional information:
You have the right to object at any time, on grounds relating to your situation, to the processing of your personal data carried out for our legitimate interests or of a third party.
Please refer to the section ‘What are your rights with respect to your personal data?’ for more details.
Performance of a contract as the lawful (legal) basis for processing – additional information:
Please note that if you fail to provide certain information when requested, we may be unable to take steps towards entering into a contract with you, or to perform our contractual obligations under an existing agreement with you.
Consent as the lawful (legal) basis for processing – additional information:
Where the collection and use of your personal data is based on your consent, you are entitled to withdraw that consent at any time by contacting us (please refer to the ‘Contact Us’ section of this Notice), or by clicking the ‘unsubscribe’ link in our marketing emails. Please note that withdrawing your consent may have an adverse impact on our ability to engage with you, but it will not affect the lawfulness of processing that has already occurred based on your consent.
With whom do we share your personal data (Disclosure)?
Disclosure to third-party service providers
UBMC may share your personal data with the following third-party service providers. These third-party service providers will require access to your personal data to perform certain limited functions for UBMC; however, they may not generally use, for their own purposes, your personal data that they process:
- Technology service providers, such as network and IT security, internet services, video communications, customer support and communication, and telecom services, are essential for running business operations and protecting them from external and internal threats.
- Service providers for business continuity management and contingency planning in the event of business disruptions.
- Platforms (service providers) for hosting the videos and course material for the course(s) that you have enrolled in.
- Platforms (service providers) offering the learning management system (LMS).
- Platforms (service providers) that are designed for public communications where you submit/post your comments, coursework, or other information or content for viewing by other members of the class, of which you are a member. These postings may be available to the students who later enroll in the same classes as yours, within the context of the forums, the courseware, or otherwise.
- Platforms (service providers) for creating and hosting discussion forums and study groups.
- Platforms (service providers) for hosting interactive webinars that can be attended live or later (on-demand).
- Platforms (service providers) for creating and hosting your profile that is viewable by other students within and outside your cohort, and assisting you in networking and establishing connections with them.
- Third-party assessors hosting and conducting admission/entrance tests.
- Educational training tools and simulators.
- Service providers for supplementary/additional course content, specific modules, and other related materials.
- Service providers and platforms supporting our outreach initiatives and assisting us in establishing communication (with you) through various channels like email, text (SMS), WhatsApp, voice call, etc.
- Service providers providing the following services:
- Test proctoring
- Mentoring
- Business analytics
- Marketing research
- Data collection forms (e.g., Google Forms)
- Focus groups, surveys, and data analysis
- Cloud services and data storage
- Credit facilities and payment processing
- Couriers
- Security services
- Vendors providing verification services for your contact information, such as email ID and phone number
- Social media platforms (for example, Facebook, LinkedIn) to assist us with our social media marketing initiatives.
- Recruitment consultants/service providers to assist you with your career development and job search initiatives.
- Service providers conducting sanction checks and screening.
- Third-party service providers for establishing and implementing a whistleblower program by setting up and independently managing a hotline and web portal for collecting whistleblower reports (anonymous or identified).
We take reasonable steps, such as obtaining contractual commitments from our third-party service providers, to limit and protect the use of your personal data by our service providers.
Disclosure to other third parties:
UBMC may share your personal data with the following (non-agent) third parties (list not exhaustive):
- Professional advisors and consultants, including law firms, tax consultants, business/management consultants, and auditors, for running operations efficiently and in a compliant manner.
- Regulators, government bodies, supervisory authorities, and law enforcement agencies, in order to comply with applicable laws, rules, and regulations, including those related to audit and assessment of educational programs, licensing and approvals, and revenue and taxation.
- Prospective (and actual) sellers or buyers and their advisers in connection with any financing, merger, acquisition, or sale of any of our business or assets.
- Third-party business partners (including our university partner) that offer courses, programs, or services similar to those you have enrolled for or that may otherwise be of interest to you. We shall rely upon your consent (separately obtained as and when required), or any other lawful basis available at the time, before sharing your personal data for the stated purpose.
- Providers of ancillary/supplementary programs, courses, trainings, and certifications related to the course/program you have enrolled in.
- Data collection forms (e.g., Google Forms) where UBMC shall provide only your contact details (generally only the email address) to trigger the notification and the link to the form. Personal data provided via the said form may also be available to the third-party providing the service, and you are advised to read the privacy notice (policy) and terms & conditions of the third-party before entering any personal data into the form.
In addition to the above, UBMC also shares your personal data, more specifically as stated, with the following third parties:
| University Partner or the FHEI | |
| Recipients | University that offers the course(s) that you have enrolled for, including the assessors, mentors, graders, etc., that represent the FHEI. Please note that the FHEI’s privacy policy shall apply in their processing of your personal data. |
| Categories of Personal Data |
|
| Why We Share (Purpose) |
|
| Employers and Course Sponsors | |
| Recipients | Organizations or individuals that have fully or partially sponsored or paid for the course that you have enrolled in. |
| Categories of Personal Data |
|
| Why We Share (Purpose) |
|
We share your personal data with the (non-agent) third parties based on one of the lawful bases listed under the section ‘Lawful (legal) basis for processing’, which may be legally available to us. Where required by the applicable privacy law(s), we will seek your consent before sharing your personal data with third parties. Third parties with whom your personal data has been shared may, in some cases, independently determine the purposes and uses of your personal data; in such cases, that third party recipient’s own privacy policy (notice) will govern their use of your personal data.
Disclosure without notification:
In some cases or circumstances, we may disclose your personal information to third parties without notifying you. These circumstances could include:
- Where UBMC is required to do so as per applicable laws, rules, or regulations, or by order of a court, tribunal, or any other regulatory authority, or other legal process or compulsion.
- Where UBMC, in good faith, believes that such disclosure is reasonably necessary to comply with a legal obligation, process, order, or request.
- Where UBMC is legally required to or believes in good faith that such disclosure is reasonably necessary to safeguard the rights, property, or other interests of UBMC, its employees, vendors, clients, customers of clients, third parties, or the public, as required and permitted by applicable law(s).
- Where the provision of the information would be disproportionate or would result in the impossibility or serious impairment of achieving the objectives of processing.
International (cross-border) transfer of personal data
Due to the global nature of our business which comprises of partnership with various universities across the globe and presence of vendors/service providers (processors) that are present in and operating out of different countries and facilitate and support our services, and other third parties (esp. those listed in the earlier section) established in an overseas location, your personal data may be shared, disclosed, or transferred to these parties in other countries where the privacy and data protection law(s) may differ from those in your country.
The cross-border transfer of your personal data shall be done in compliance with the concerned provisions and requirements of the privacy law(s) applicable to your personal data.
How long do we retain your personal data?
UBMC will retain your personal data for as long as necessary for the purpose(s) for which it has been collected, in accordance with the applicable law(s), and as set out in our retention policy and/or schedule. The duration for which we retain your personal data may differ depending upon the purpose(s) it’s being processed for.
We will retain and use your personal data to the extent necessary to comply with our legal obligations, for example, to comply with statutory audits, resolve disputes, comply with orders or requests issued by competent court(s), and enforce our legal agreements and policies.
In certain circumstances, we may anonymize your personal data so that it can no longer be associated with you. In such cases, we may use this information without further notice to you.
How do we protect your personal data (Data Security)?
UBMC implements appropriate technical and organizational measures to ensure the security of your personal data and to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. These measures are designed to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed by us.
We make every reasonable effort to ensure the safety and security of your personal data in accordance with the applicable law(s) and industry standards while considering the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Despite all our efforts, the risk of a personal data breach persists, as no method of internet transmission or storage guarantees complete security. In the unlikely event of a personal data breach, we will assess and investigate the event and take necessary actions, including those related to notification to the relevant supervisory authority and to the individuals impacted, in compliance with the applicable law(s) within the timelines prescribed.
What are your rights with respect to your personal data?
You may check and update certain personal data within our systems either by logging in to your password-protected account (in some cases) or by contacting us at [email protected] It is your responsibility to ensure that your personal data, which you have shared with us, is accurate, correct, complete, and up to date in our records.
Privacy laws in some jurisdictions provide individuals with certain rights in relation to the processing of their personal data (subject to conditions and exceptions provided in such laws). These rights are jurisdiction-specific and may not be available to all. Some or all these rights (and even some additional rights) may be available to you under the privacy law(s) of other jurisdictions as well, but that depends upon the scope of privacy law(s) applicable to your personal data.
- Right of access: to obtain from us a confirmation as to whether or not personal data concerning you is being processed.
- Right to rectification: to get your inaccurate personal data corrected or rectified, and incomplete personal data completed.
- Right to erasure: to have your data deleted (this is not an absolute right and is subject to exemptions available under the applicable privacy law).
- Right to restriction of processing: to obtain restriction of processing.
- Right to data portability: to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have it transmitted to another controller.
- Right to object: to object on grounds relating to your particular situation, especially where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
We will process your request to exercise the above rights in accordance with the law(s) applicable in relation to the rights exercised by you. As permitted by applicable law, we may refuse unreasonably repetitive requests, require disproportionate technical effort, compromise the privacy of others, interfere with an ongoing investigation, or are impractical. We do not discriminate against you for exercising any of your rights in a manner that would violate applicable law.
As a policy, UBMC allows you to access your personal data, verify and challenge the accuracy and completeness of your personal data, and have it corrected, amended, or deleted if inaccurate and, in limited circumstances, object to processing of your personal data even if the law in your jurisdiction does not accord you those rights, but we will apply our discretion in how we process such requests except as otherwise required by applicable law. We may require you to establish your identity and provide evidence to justify the amendment of your personal data held by us. You can exercise these rights by contacting us per the Contact Us section below.
In addition, we enable you to exercise certain choices regarding cookies and certain other tracking technologies, as explained in our Cookie Notice.
To exercise a data subject right or make an inquiry about your personal data, please write to us at [email protected]. We may need to verify and confirm your identity before processing and fulfilling your request. This is another appropriate security measure to protect your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless, and subject to applicable law, your request for access is clearly unfounded, excessive, or repetitive. Alternatively, we may refuse to comply with the request in such circumstances in accordance with the applicable laws.
Right to complain:You may have the right to lodge a complaint with your local data protection authority about our processing of your personal data. For more information, please get in touch with your local data protection authority. We would, however, welcome the opportunity to discuss, address, and resolve your concerns before you reach out to your local data protection authority. So, please contact us in the first instance at [email protected].
Contact us.
Any questions, concerns, or complaints about the operation of this Notice can be addressed to the Data Protection Officer at [email protected]. In addition, you may submit your concerns or complaints about our privacy practices to our Data Protection Officer at [email protected] or at the following address:
Cignus,
Powai,
Mumbai - 400087,
Maharashtra,
India
Whenever we receive a formal complaint, we attempt to contact the complainant individually and resolve their grievances and/or concerns truthfully and with utmost transparency.
In addition to contacting us, in certain countries you have the right to complain to your local data protection authority if you so choose.
Definitions.
In this Notice, the following terms (whether or not capitalized) shall have the meanings set out below, and cognate terms shall be construed accordingly. If an applicable law or data protection law has a different definition or incorporates a different term for the definition/meaning given hereunder, such definition or term shall be applied to the extent applicable:
Personal Data means any data about an individual who is identifiable by or in relation to such data.
Sensitive Personal Data (SPD) means Personal Data which is more significantly related to the notion of a reasonable expectation of privacy. However, data may be considered more or less sensitive depending on context or jurisdiction.
Data Principal means the individual to whom the personal data relates and where such individual is:
- child, includes the parents or lawful guardian of such a child;
- a person with disability, includes her lawful guardian, acting on her behalf.
Process and Processing means (1) a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction; and (2) any other action that may be taken with respect to Personal Data.
(Data) Fiduciary or (Data) Controller means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
(Data) Processor means any person who processes personal data on behalf of a Data Fiduciary.
Onward Transfer means the subsequent transfer of personal data by a recipient in one country to another recipient in a different country or international organization, after the data has already been initially transferred from its original location (country of origin) to the first recipient making the transfer.
Personal Data Breach means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data.
University Partner or Foreign Higher Educational Institution or FHEI means the university on whose behalf we deliver and manage the educational courses you have applied for.