Tsaaro

This Statement explains our Privacy Policies around:

This Statement applies to personal information collected by the Tsaaro Academy in its capacity as a controller. This Privacy Statement aims to inform you how we collect, use, disclose, and store information or data that may identify you as an individual (“Personal Information”) when you:

• interact or use our Website or request us to contact you, and provide information while buying a training course from the website. It is important to note that this website is not intended for children under the age of 16 years, and we do not knowingly collect data relating to
children.

Tsaaro Academy Pvt Ltd (“Tsaaro Academy”, “we” or “us”) is a unique privacy certification training platform that strives to provide operational leadership, training, network and support in data privacy (Services). Tsaaro Academy collects and processes personal data for providing efficient services to its users. We at Tsaaro Academy understand the importance of your (“visitors” or “You” or “learners”) privacy and are dedicated to securing your personal data.

Effective Date: 15th July 2022.

Link to previous Privacy Statements: Privacy Statement

1. Collection Information you provide to us: We may collect identifiers that you choose to send to us or provide to us through the website, for example, you ask us to contact you concerning services we provide or register for the courses at Tsaaro Academy. We will maintain a record of our correspondence. Categories of personal data we may process about you are as follows: • Name • Email address • Contact number • Address • Payment details • Any other information shared by you at your willingness Information we automatically collect: When you visit the website, we collect internet activity information, such as your device’s IP address, what pages your device visited, and at what time that your device visited our website. We may also rely on analytics, as further specified in our “Cookie Policy”

2. Use

Website:

We will use the information we collect through our website:
• To administer our website, our events, and for internal operation, including troubleshooting, data analysis, and testing purposes.
• To improve our website to ensure that content is presented most effectively for you and your computing device.
• For trend monitoring, marketing, and advertising, and
• As part of our effort to keep the website secure.

Training courses:

We will use this information provided by you while purchasing training courses:
• To communicate with you.
• To provide invoices.
• To provide you with all promised training benefits, for example, sending you the study materials. Our use of your personal information may be based on our legitimate interest to ensure network, information security, and business performance improvement. Our direct marketing purposes are based on user consent (for instance, when you share your information in the contact us section, agree to receive communications after an event, and so on). We may also rely on a legitimate interest to improve business and marketing practices, or contact you to offer similar services that you might have bought from us or negotiated for with us.

3. Third Party Disclosure

We share and disclose information (including personal information) about our customers in the following limited circumstances:

Vendors, consultants, and other service providers:

We may share your information with third-party vendors, consultants, and other service providers who we entrust to perform tasks on behalf of the Tsaaro Academy including website analytics companies. Third-party data may also be shared, insofar as reasonably necessary, with any other service used by our marketing and sales teams. We are free to use your name across our social media platforms for the purpose of celebrating your success, and sharing testimonials, etc. No specific consent will be obtained again once it is given to us during the sign-up process, unless otherwise revoked. Transaction data is shared with our payment service providers, only to the extent necessary for the purposes of facilitating your payments, processing your refunds, and dealing with complaints/queries regarding such payments and/or refunds. Also, we share personal information of our students with our training partners: IAPP, PECB and DSCI to provide invoices, study material, scheduling exams, and certification. If Tsaaro Academy receives your personal information in the European Union and subsequently transfers that information to a third party agent or service provider, it ensures that the third party processes your personal information to the standard required by the applicable privacy laws, including the GDPR. These transfers will be typically based on our legitimate interest or agreed upon in the contract.

Disclosures for national security and law enforcement:

Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, based on our legitimate interest or legal obligation.

Transfer of business:

If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party. We will ensure through the contract that a third party ensures the security of the data involved.

4. Safeguarding Information

For how long do we store your personal information?

Tsaaro Academy will process and store your personal data only as long as necessary to fulfil the purposes that the data was collected for.

How do we secure your data?
We use appropriate technical, organizational, and administrative security measures to protect any information we hold in our records from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

5. International Data Transfer

Personal information shared by you with us on the website may be sent to India and processed by us there or in other countries, on our service provider’s cloud servers or it can be sent to our training partners: IAPP, PECB or DSCI under the legitimacy of Standard Contractual Clauses and/or other data safety methods as prescribed under law. We will always take appropriate safeguards and protect your information under this Privacy Statement wherever it is processed. The organization will inform third parties with whom personal data has been shared of any modification, withdrawal or objections pertaining to the personal data, and implement appropriate policies, procedures and/or mechanisms to do so.

6. Information for Visitor based on Jurisdiction

i) For EEA (“European Economic Area”) Users:

Your Rights under General Data Protection Regulation (GDPR) are:

1. Right to obtain information
2. Right to request personal data transfer
3. Right to correction and erasure

4. Right to restriction of processing
5. Right to stop processing
6. The right not to be subject to automated decision-making, including
profiling

ii) For Qatar Users:

Your Rights under Data Protection Law (DPL) – Law no. 13 of 2016 are:

1. Right to Withdraw Prior Consent
2. Right to Object to Processing
3. Right to Request Omission or Erasure
4. Right to Request Correction
5. Right to be notified of processing and/or disclosure

iii) For Saudi Arabia Users:

Your Rights under Personal Data Protection Law (PDPL) and Personal Data Protection Interim Regulations (“PDPIR”) are:

1. Right to Know/Information
2. Right to Access or Copy
3. Right to Request Correction
4. Right to Request Destruction
5. Right to Limit/Restriction of Processing

iv) For U.A.E (“United Arab Emirates”) Users:

Your Rights under Protection of Personal Data Protection (PDPL) are:

1. Right to access to information
2. Right to request personal data portability
3. Right to rectification or erasure
4. Right to restriction of processing
5. Right to stop processing
6. The right not to be subject to automated decision-making, including
profiling

v) For Kenya Users:

Your Rights under Data Protection (General) Regulations, 2021 are:

1. Right to Restriction to processing
2. Right to Object to processing

3. Right to Data Access request
4. Right to Data portability request.
5. Right of erasure

vi) For Nigeria Users:

Your Rights under Nigeria Data Protection Regulation (NDPR) are:

1. Right to provide any information relating to the processing
2. Right to be informed of the appropriate safeguards for data protection
in case of international data transfer
3. Right to request to delete
4. Right to request restriction of processing
5. Right to request rectification
6. Right to Data Portability

vii) For South Africa Users:

Your Rights under The Protection of Personal Information Act (POPIA) are:

1. Right to be notified about the collection and processing of personal information
2. Right to access personal information
3. Right to request correction of personal information
4. Right to request deletion of personal information
5. Right to object to the processing of personal information
6. Right not to have personal information processed for the purpose of direct marketing by means of unsolicited electronic communications
7. Right to not be subject to a decision which results in legal
circumstances based solely on the basis of the automated processing
8. Right to complain to the Information Regulator
9. Right to an effective judicial remedy

viii) For Uganda Users:

Your Rights under Data Protection and Privacy Act, 2019 (DPPA) are:

1. Right to access personal information
2. Right to prevent processing of personal data
3. Right to prevent processing of personal data for direct marketing
4. Rights in relation to automated decision-making
5. Right to Rectification, blocking, erasure and destruction of personal data

7. Use of Services by Minors

As mentioned above, we do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Information, please contact us at dpo@tsaaro.com.

8. Updates to Privacy Statement

We’re constantly trying to improve our Websites and Services, so we may need to change this Privacy Statement from time to time as well. We will inform you regarding material changes, for example, placing a notice on our Websites when we are required to do so by applicable law. You can see when this Privacy Statement was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Statement.

9. Redressal & Contact Information

If you wish to make a complaint about how your personal data is processed by Tsaaro Academy, email us at dpo@tsaaro.com. We at Tsaaro Academy respect the personal data and privacy of every user equally, irrespective of their jurisdiction. We promise to abide by this Privacy Statement and secure your privacy. For us, you all are equally valuable and your trust is our asset. If you are unhappy about how a complaint has been handled by Tsaaro Academy, you have a right to complain directly about your local supervisory authority.