Skip to content Skip to footer
0 items - $0.00 0
Get Ticket

Privacy Policy

HomePrivacy Policy
0 items - $0.00 0
MY ACCOUNT

Privacy Policy

Close

Effective Date: 15/07/2025
Version: 1.0

Applicability

This Privacy Policy governs the manner in which the Institute of Inclusion and Diversity (“IID”, “we”, “our”, “us”) collects, uses, processes, discloses, and secures personal data in relation to its online services and digital platforms.

This Policy applies to all users, visitors, contributors, learners, organizational administrators, and associated personnel who access or use any part of IID’s digital ecosystem, including but not limited to:

All references to the “Platform” in this Privacy Policy shall collectively refer to the websites and services listed above.

1. Introduction

The Institute of Inclusion and Diversity (“IID”) is committed to safeguarding your personal data and upholding your right to privacy. We recognize the importance of transparency, accountability, and legal compliance in the handling of personal information across all our digital platforms.

This Privacy Policy sets out the principles and procedures governing the collection, processing, use, storage, and disclosure of personal data by IID through its websites and services.

IID processes personal data in accordance with applicable Indian law, including:

  • The Digital Personal Data Protection Act, 2023
  • The Information Technology Act, 2000, along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

IID acts as the Data Fiduciary for all personal data collected through its main site and affiliated microsites.

This Privacy Policy applies to all categories of users, including but not limited to:

  • Individual learners and contributors
  • Organizational representatives and sub-users
  • Academic or publishing partners
  • Visitors to the public-facing content of the Platform

By accessing or using any IID-operated platform, you consent to the terms of this Privacy Policy.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data, whether directly or indirectly.
  • Data Principal: The individual to whom the Personal Data relates, as defined under the Digital Personal Data Protection Act, 2023.
  • Data Fiduciary: The entity that determines the purpose and means of processing Personal Data. In this context, the Institute of Inclusion and Diversity (IID) is the Data Fiduciary.
  • Data Processor: Any third-party entity that processes Personal Data on behalf of IID, including infrastructure providers, payment gateways, certification partners, or hosting services.
  • Consent: A freely given, specific, informed, and unambiguous indication of the Data Principal’s agreement to the processing of their Personal Data, provided through a clear affirmative action.
  • Processing: Any operation or set of operations performed on Personal Data, whether automated or manual, including but not limited to collection, storage, access, use, transmission, sharing, archiving, and deletion.
  • Sub-Users: Individuals who are granted access to the Platform under an organizational or enterprise account, typically managed by an administrator.

Academic Partner: A recognized educational or institutional entity that collaborates with IID for co-delivery, endorsement, or issuance of certificates and training programs (e.g., Government Law College, Mumbai).

3. Types of Data Collected

IID collects and processes different categories of personal and usage-related data, depending on the nature of your interaction with the Platform. The categories include, but are not limited to:

a. Personal Identifiers
  • Full name
  • Email address
  • Mobile number
  • IP address
  • Profile photo (if voluntarily uploaded)
b. Professional and Organizational Identifiers
  • Name of the organization or institution
  • Professional title or designation
  • Certification details (course name, date, and completion status)
  • Uploaded documents (e.g., PoSH policies, research manuscripts, articles)
c. Usage Data
  • Course enrollment, progress tracking, and completion records
  • Assessment scores (e.g., quizzes, MCQs, assignments)
  • Submitted content (e.g., articles, feedback, training evaluations)
  • Interaction data (e.g., page views, login timestamps, time-on-page metrics)
d. Payment and Transaction Data
  • Transaction ID
  • Amount paid
  • Timestamp of transaction
  • Mode of payment (e.g., UPI, card, net banking)
  • Applicable GST details

Note: IID does not collect, store, or process full card numbers, UPI IDs, CVVs, or bank account credentials. All payments are handled through secure, PCI-DSS compliant third-party gateways (e.g., Razorpay).

4. Legal Basis for Processing 

IID processes personal data in accordance with the principles set out under the Digital Personal Data Protection Act, 2023. The lawful bases for processing include the following:

  • Consent

        Consent is the primary legal basis for collecting and processing your personal data. IID obtains consent through clear and affirmative actions, such as:

    • Checkbox confirmations at the time of registration or account creation
    • Opt-in consent during content submissions (e.g., articles, feedback)
    • Agreement to Terms and Privacy Policy prior to course enrolment or payment

       

  • Purpose Limitation

        Personal data is collected and processed only for specific, explicit, and lawful purposes that are clearly communicated at the point of data entry. Data is not repurposed in a manner inconsistent with the original intent unless additional consent is obtained.

  • Data Minimization

        IID limits its data collection to the minimum amount necessary to fulfill the intended service or legal obligation. Non-essential data is not requested unless functionally or contractually justified.

  • Notice at Collection

        A privacy notice or reference to this Privacy Policy is provided alongside each form or interface where personal data is collected. These notices inform users of:

    • The type of data being collected
    • The purpose of collection
    • Any third-party sharing involved
    • The user’s rights and grievance mechanism
5. Purpose of Data Collection

IID collects and processes personal data only for legitimate, specific, and clearly defined purposes that align with the services offered through its digital platforms. The primary purposes include:

  • Account Creation and Identity Verification – To enable user registration, authenticate individual or organizational accounts, and maintain secure login credentials.
  • Service Delivery – To provide access to IID’s integrated offerings, including:

     

    • Compliance toolkits and audit modules via Solutions
    • Training and certification via Academy
    • Content submission, publishing, and editorial review via Press

       

  • Academic Recordkeeping and Credential Issuance – To track learner progress, maintain assessment records, and issue digital or physical certificates in collaboration with authorized academic partners.
  • Communication and User Support – To send essential updates, reminders, feedback requests, platform notifications, and respond to support tickets or inquiries.
  • Platform Analytics and Service Improvement – To evaluate user engagement, improve course quality, assess navigation patterns, and enhance user experience based on anonymized usage metrics.
  • Legal and Regulatory Compliance – To maintain documentation necessary for compliance under Indian laws such as the PoSH Act, 2013, the DPDPA, 2023, and for audit trails, dispute resolution, or regulatory reporting, where applicable.
6. Data Retention Policy

IID retains personal data for no longer than is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by applicable law or regulatory obligations.

  • Active Accounts

       Personal data is retained and actively processed while a user’s account remains active and in use.

  • Post-Deactivation Retention

       When a user voluntarily deactivates their account or requests closure, IID will:

    • Retain the user’s data for a period of twelve (12) months for purposes including:
      • Regulatory or legal compliance
      • Certification verification
      • Internal audit trails and dispute resolution
    • After this period, the data will either be securely deleted or anonymized, unless an extended retention period is legally mandated.
  • Archived Content

        Content submitted for publication on the Press microsite (e.g., articles, research papers, blogs) may be archived indefinitely in the public or institutional interest. Users may request removal or anonymization of personally attributable content by contacting privacy@theiid.com.

  • Inactive Accounts

Accounts that remain inactive (i.e., no login or activity) for a continuous period of twelve (12) months may be marked as dormant. IID may, at its discretion:

    • Send notice to the registered email before deletion
    • Retain records in a dormant state unless otherwise instructed by the user
7. User Rights (Data Principal Rights under DPDPA)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to exercise control over your personal data held by IID. You may submit a request regarding any of the rights listed below by contacting us at privacy@theiid.com.

Your rights include:
  • Right to Access – Request a summary or copy of the personal data IID holds about you.
  • Right to Correction – Request correction of any inaccurate, incomplete, or outdated personal or professional details stored in your account or profile.
  • Right to Erasure – Request deletion of non-essential personal data, particularly where it is no longer necessary for the purpose for which it was collected or where consent has been withdrawn (subject to legal retention obligations).
  • Right to Withdraw Consent – Withdraw your consent for any specific purpose of processing, provided such withdrawal does not affect:

    • The lawfulness of processing conducted prior to withdrawal
    • Processing necessary for performance of a contract or legal obligation (e.g., certification records)

  • Right to Identity Verification – To safeguard against unauthorized disclosures, IID may require you to verify your identity (e.g., via a registered email, OTP, or government-issued ID) before processing any data rights request.

Note: Exercise of these rights may be subject to certain limitations or exemptions as permitted under applicable laws and regulations.

8. Grievance Redressal Mechanism

IID is committed to protecting your privacy and addressing concerns in a timely and transparent manner. If you have any complaint, question, or grievance relating to the handling of your personal data, you may contact us through the following channels:

  • Contact Information
  • Grievance Handling Timelines
    • Initial Acknowledgment: Within 72 hours of receipt of the grievance
    • Final Resolution: Within 15 business days, unless extended for complex cases with prior notice to the complainant
  • Data Protection Officer (DPO)

        All privacy-related grievances will be handled under the supervision of IID’s designated Data Protection Officer, in accordance with the provisions of the Digital Personal Data Protection Act, 2023.

9. Data Security Measures

IID implements appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data across all its digital platforms. Security measures include, but are not limited to:

  • Encrypted Access (HTTPS) – All data transmitted between users and IID’s platforms is protected using HTTPS encryption to prevent interception or tampering.
  • Role-Based Access Control (RBAC) – Access to internal systems is restricted based on user roles, ensuring that only authorized personnel can view or manage specific categories of data.
  • Secure Authentication and Password Management – Passwords are stored using industry-standard hashing algorithms. Where applicable, two-factor authentication (2FA) may be enabled.
  • PCI-DSS-Compliant Payment Gateways – All financial transactions are processed via secure third-party payment gateways (e.g., Razorpay) that comply with the Payment Card Industry Data Security Standard (PCI-DSS). IID does not store full card or UPI credentials.
  • Regular Security Assessments – IID conducts periodic vulnerability assessments, penetration testing, and infrastructure audits to identify and mitigate potential risks.
  • Internal Access Logs – All critical administrative actions, including training access, content publishing, user support, and grievance resolution workflows, are logged and monitored to detect unauthorized access or misuse.
10. Third-Party Sharing and Disclosures

IID limits the sharing of personal data to only those third parties that are essential for delivering our services, and only under lawful, secure, and contractually bound conditions.

IID may share personal data with the following categories of third parties:
  • Academic Partners – Such as the Government Law College, Mumbai and other educational institutions, solely for:

    • Issuing joint certifications
    • Verifying learner credentials
    • Academic reporting and quality assurance

  • Publishing and Editorial Partners – IID may share submitted content (e.g., articles, books, research) with editorial collaborators or external platforms for publication, co-branding, or archiving purposes.
  • Service Providers and Infrastructure Vendors – IID engages carefully vetted vendors who provide critical services such as:

    • Cloud hosting and storage
    • Email communications and analytics
    • Payment processing (e.g., Razorpay)

      These service providers act as Data Processors under strict data protection agreements and are bound by confidentiality and security obligations.
IID does not:
  • Sell, lease, or license personal data to advertising networks, lead generators, or marketing brokers
  • Allow unauthorized reuse, resale, or aggregation of your data by any third party

All data sharing is conducted in accordance with the principles of necessity, purpose limitation, and lawful consent under the Digital Personal Data Protection Act, 2023.

11. Cross-Border Data Transfers
  • Domestic Storage and Processing

        All personal data collected through IID’s digital platforms is currently stored and processed exclusively within the territory of India, in accordance with applicable data protection laws and infrastructure security requirements.

  • Future Cross-Border Transfers

        In the event that IID needs to transfer or process personal data outside India—for example, to a cloud infrastructure provider or academic collaborator located abroad—the following safeguards will apply:

    • User Notification – You will be informed in advance if your data is subject to cross-border transfer, along with the purpose and destination jurisdiction.
    • Compliance with DPDPA – All cross-border data transfers will comply with the provisions of the Digital Personal Data Protection Act, 2023, and any rules, guidelines, or government notifications issued under it.
    • Contractual and Technical Safeguards – IID will implement appropriate safeguards, such as:
      • Data Processing Agreements (DPAs) with foreign vendors
      • Jurisdictional due diligence and risk assessment
      • Enforcement of data protection obligations equivalent to those under Indian law

No cross-border transfer shall occur without adequate protection of your rights as a Data Principal under Indian law.

12. Children’s Data

IID is committed to the protection of children’s personal data and complies with the legal standards under the Digital Personal Data Protection Act, 2023 and related frameworks.

  • Age Restrictions

          Our services are not intended for use by individuals under the age of 18 years, except as expressly permitted under supervised and consent-based registration.

  • Parental Consent Requirement

          Learners aged 16 to 17 years may only use IID platforms, including IID Academy, if:

    • They have documented and verifiable parental or legal guardian consent
    • Such consent is retained and validated in accordance with applicable data protection standards

  • Policy Violation and Remediation

        If IID becomes aware that a user below the permissible age has registered without appropriate consent:

    • The account will be deactivated immediately
    • All associated personal data will be securely deleted
    • The parent/guardian may be contacted for clarification, if identifiable

IID does not knowingly collect personal data from children under the age of 16 without consent, and such collection is considered a violation of this Policy.

13. Cookies and Tracking Technologies

IID uses cookies and similar tracking technologies to enhance platform functionality, ensure security, and improve the user experience. This section explains how cookies are used, your choices regarding them, and the safeguards in place.

    • What Are Cookies?

Cookies are small text files stored on your device (computer or mobile) when you access IID’s websites. They serve various purposes including recognizing repeat visitors, storing user preferences, and tracking site usage metrics.

    • Types of Cookies Used

IID uses the following categories of cookies across its platforms:

        1. Strictly Necessary Cookies

            o Enable core functions such as user login, session management, and secure access.

            o These cookies are essential for site functionality and cannot be disabled via the cookie banner.

        2. Performance and Analytics Cookies

            o Collect anonymous usage data to help us understand how users interact with the site.

            o Metrics include page views, time spent on modules, quiz attempts, and navigation flows.

            o Aggregated through tools that do not identify users personally.

        3. Security Cookies

            o Support fraud prevention, identity validation, and platform integrity.

            o Help detect unusual or unauthorized access patterns.

    • No Behavioral or Advertising Cookies

        IID does not:

            • Use cookies for behavioral targeting or personalized advertising

            • Participate in third-party advertising networks

            • Allow tracking by external marketers across unrelated sites

    • User Choice and Cookie Management

        • On your first visit, a cookie notice or banner will appear, informing you of our cookie use and linking to this Policy.

        • You may manage or block cookies at any time through your browser settings. Most browsers allow you to:

            o View all stored cookies

            o Clear cookies manually

            o Block third-party cookies or all cookies

        • Note: Disabling essential cookies may impact platform functionality (e.g., login, video playback, or quiz progression).

    • Cookie Lifespan

Cookies used by IID are time-bound. Some expire at the end of your session, while others may persist for a fixed duration (e.g., 30 days), depending on their purpose.

14. Changes to this Privacy Policy

IID may revise or update this Privacy Policy from time to time to reflect changes in legal obligations, data processing practices, or service enhancements.

• Periodic Updates

We reserve the right to modify the contents of this Privacy Policy at our sole discretion. Revisions may occur due to:

  • Changes in applicable laws (e.g., the Digital Personal Data Protection Act, 2023)
  • Introduction of new services or data collection mechanisms
  • Updates to data sharing practices or partnerships
• How We Notify You

In the event of material changes to the way we collect or use your personal data, IID will take reasonable steps to notify you through:

  • Prominent banner notifications on affected microsites (e.g., www.theiid.com, academy.theiid.com)
  • Email communication sent to registered users (if applicable)
• Effective Date and Acceptance
  • The “Effective Date” at the top of this Policy reflects the most recent revision.
  • Continued access or use of any IID platform after the updated policy is published constitutes your acceptance of those changes.

We encourage users to periodically review this Privacy Policy to stay informed about how their data is protected.

15. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, you may contact us using the following details:

Related Documents

 

loader