Privacy Policy

Effective from: December 4, 2024 · Last Updated: April 9, 2025 · Version: 1.1

We respect your privacy and care about how your Personal Information is used. This Privacy Policy (the “Policy”) outlines how Ascorb Technologies Private Limited (“Company” or "us" or "we" or "our") and its affiliates collect, use, store, process, transfer, and disclose your information through our website https://www.edmingle.com/ (“Website”), our Services, and any of our other websites, software, mobile or digital applications, or any other services we offer from time to time by or in connection therewith (together referred to as the “Platform” or “Edmingle”). This Policy applies to your interactions and usage of our Platform, which is an all-in-one training management system built to help Clients (defined in Terms of Service) easily create, manage, and sell online courses. Our Platform provides intuitive tools for organising course content, enabling both live and self-paced learning, engaging students and learners with interactive features, and tracking progress through powerful analytics. With seamless integration of CRM systems, secure payment gateways, and built-in marketing tools, Edmingle simplifies the process of running an online learning business. We also ensure top-level security with DRM encryption and exam proctoring to safeguard your content and maintain the integrity of assessments (the “Services”). By reviewing this Policy, you will gain a comprehensive understanding of your privacy rights and choices.

Your access to or utilisation of our Platform and/or Services operated by the Company linked to this Policy implies your agreement to be governed by this Policy. By providing us with your Personal Information, you expressly consent to the use and disclosure of your Personal Information as outlined in this Policy. This Policy, along with the Terms of Service and Data Processing Agreement, is applicable to your use of the Services and you explicitly agree and acknowledge to read the Privacy Policy in conjunction with the referenced documents.

Please note that the capitalised terms not defined in this Policy are defined in the Terms of Service and Data Processing Agreement.

The term “Personal Information” shall mean any information that relates to an identified or identifiable individual and can include information that you provide to us and that we collect and process about you, such as when you engage with our Services (e.g. device information, IP address). “Personal Information” shall include equivalent terms in other Data Protection Laws, such as the GDPR-defined term “Personal Data,” as the context requires.

By utilising the Services, engaging with the Company's Platform, or furnishing your Personal Information, you explicitly agree and acknowledge that you accept the terms delineated in this Policy. The terms ‘User’, ‘you', or 'your' in the context of this Policy collectively pertain to the Clients, their Authorised Users, Clients' End-Users or any individual accessing our Platform or utilising our Services, whether for personal use or otherwise.

By visiting the Platform or providing your information, you expressly agree to be bound by this Privacy Policy and agree to be governed by applicable Data Protection Laws (defined in Data Processing Agreement), including but not limited to the Digital Personal Data Protection Act 2023 (DPDPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other relevant regulations governing data protection and privacy.

PLEASE NOTE THAT IF YOU ARE A CLIENTS’ END-USER AND YOUR PERSONAL INFORMATION HAS BEEN SHARED WITH US BY A CLIENT, THE PRIVACY POLICY OF SUCH CLIENT, ALONG WITH THIS POLICY, GOVERNS THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION. ANY INQUIRIES, REQUESTS, OBJECTIONS, OR COMPLAINTS REGARDING THE COLLECTION AND/OR PROCESSING OF PERSONAL INFORMATION SHOULD BE DIRECTED TO AND RESOLVED BY THE CLIENT EXCLUSIVELY.

IF YOU DO NOT CONSENT TO THE COLLECTION, USE, PROCESSING AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS SET FORTH IN THIS PRIVACY POLICY, PLEASE REFRAIN FROM ACCESSING AND/OR USING OUR PLATFORM.

TO WHOM DOES THIS POLICY APPLY?

This Policy is inclusive and applies to all Users of our Platform, irrespective of their browsing intent or their extent of utilising the Services offered on our Platform.

The applicability of this Policy extends to Users regardless of the device type used for accessing our Platform, whether it be a laptop/desktop or a mobile/tablet device.

You acknowledge that you are an Eligible User as defined in Clause 2.1 of Terms of Service.If you are below or between the ages of 13-18, or 16-18 (as applicable), and below the contractual age determined by the applicable laws of your country, you confirm that you are using the Platform with the consent of a parent or legal guardian. If you do not meet these criteria, please refrain from using our Platform and Services or providing Personal Information to us.

WHO IS THE DATA CONTROLLER AND DATA PROCESSOR OF YOUR PERSONAL INFORMATION?

The Company will act as the “Data Controller” (as defined in clause 2.1 Data Processing Agreement), where we make decisions on how your Personal Information is used in connection with the Platform or our Services. We will act as the “Data Processor” (as defined in clause 2.1 Data Processing Agreement) where we only use your Personal Information as authorised and instructed by a third party in connection with the website or our applications or services.

Where we are acting as the Data Controller, we are responsible for the obligations of a Data Controller under Data Protection Laws (as defined in clause 2.1 Data Processing Agreement) in connection with the processing of your Personal Information, and we use this Privacy Policy to provide you with information about our use of your Personal Information.

Where we act as a Data Processor, the relevant third party, such as Clients or external parties using the Platform, will act as the Data Controller. These third parties are responsible for fulfilling the obligations of a Data Controller under applicable Data Protection Laws in relation to the processing of your Personal Information. In instances where you access the Platform or our Services through a third party or where Clients upload content or manage Clients’ End-Users Personal Information, they serve as the Data Controllers. The Company processes this data strictly on their behalf, following their Documented Instructions (as defined in clause 2.1 Data Processing Agreement) and acting solely as a Data Processor. If you have any queries regarding the processing of your Personal Information by such third parties, you should contact the respective Data Controller directly for further information or clarification on their compliance with Data Protection Laws.

You understand and acknowledge that the Company is the controller for the processing of your Personal Information. Our contact information is:

Address: Second Floor, SRIT House 113, Block B, 1B, ITPL Main Rd, Kundalahalli, Brookefield, Bengaluru, Karnataka 560037

Email: support@edmingle.com

Organisation no.: +914448135437

WHAT IS THE INFORMATION THAT WE COLLECT AND PROCESS?

As the Data Controller as well as Data Processor, we require certain Personal Information to provide you with access to and use of our Platform and Services. This information may include, but is not limited to, the following:

Basic Information:

Booking a Demo: To book a Service demonstration on the Platform, you are required to provide us with your basic information, including your full name, organisation name, business category of the organisation and your role within the organisation, to ensure accurate service and support. Please note that to facilitate this booking, we utilise Zoho Bookings, a third party service provider integrated into our Platform. By booking a demo, you understand and agree that you are also bound by their policies, including terms of service and privacy policy, which can be found here. You understand and agree that we reserve the right to use other booking platforms in the future, in which case you will be subject to the terms of service and privacy policy of the applicable service provider;

Registration: Alternatively, you may directly register on the Platform by setting up a user account (the “Account”). To create an Account, you must provide accurate and current information, including your full name, institution name, password and the state in which the institution operates (if within India).

Contact information: such as personal or business email address and mobile number (preferably one that operates on WhatsApp);

Verification Data: We may collect information relevant to your use of our Platform and Services, such as a One-Time Password (OTP) sent during account creation, login, or payments. Please note that for Clients in India, verification is done via a mobile OTP, while for international Clients, verification is done through an email OTP.

Transaction data: At the time of payment for our Services, we may collect certain information, such as your name, email address, contact number, and your username as registered on the platform of our payment partners, in order to process your payment request. Payment information, including bank account details, credit/debit card details and other relevant information, must be provided directly to our third-party payment partners, Razorpay, Stripe, Paypal and/or Easebuzz. You understand and agree that any payment transactions made using our payment partners are subject to their privacy policies and terms of service. Alternatively, you have the option to pay for our Services directly to our bank account through bank transfers. It is important to note that we do not access, store, or collect your bank account or credit/debit card information.

Course-related Information: This includes content generated by the Clients as well as their End-Users, including but not limited to course content (written as well as audio-visual), course prices, assignments, generated tests, test scores, certificates, feedback and other information related to the online courses.

Social Media Platform: If you subscribe to our blog and newsletters or contact us through social media platforms, including but not limited to LinkedIn, WhatsApp, Facebook, Twitter, YouTube, Instagram, etc., we may collect and process your Personal Information available on these platforms through various third party data analytics and social media management service providers. This may include your name, email address, and phone number as provided on your social media profiles;

Recruitment Information: If you apply for a job at our Company through the careers page on our Platform, we may collect specific Personal Information, including your full name, email address, phone number, LinkedIn profile, and any other information provided in your resume;

Additional Information: It includes, without limitation, when you participate in promotions, communicate with the Edmingle support team and other Users, import or manually enter address book contacts, provide your address and/or geolocation, or share your experience with us;

Communication with us: This can include any communication that you send to us, including but not limited to communications for any inquiries, payments, technical support, feedback and testimonials, either through our Platform’s functionalities or third parties such as MSG91, Fyno, Lemlist etc.;

Device Identification Data: This includes information that may assist us in identifying your device, including login information, browser type, and version, your operating system, etc; and

Other Data: This can include the following, based on your interaction with the Platform

The length of time you spent on the Platform;

The period of time from which you became and have continued to be active on the Platform;

Other similar statistics we may collect and process with the intention to improve the User experience of the Platform.

You agree to provide us with your Personal Information whenever you use our Services by performing any of the following functions:

Accessing our Platform by means of any web browser or any device;

Registering for our Services on the Platform;

Inquiring about our Services through our Platform;

Initiating and maintaining correspondence with us.

You understand and agree that we do not directly collect Personal Information from Users, and all sensitive Personal Information collected through our Platform is introduced solely by the User. We do not collect any personal or sensitive information without the User’s explicit input and consent. Users are responsible for the accuracy and completeness of the information they provide.

You acknowledge and agree that we shall not be liable for any loss or damage sustained by you as a result of any disclosure (inadvertent or otherwise) of any Personal Information concerning your credit cards, or debit cards in the course of any online transactions or payments made for any Services. Furthermore, we are not responsible for any loss or damage related to any Personal Information that is provided by the Client while utilising our Services, nor for any Personal Information provided by Clients’ End-Users while using the Client’s website and/or application. You are solely responsible for reviewing the privacy policies and terms of service of any third-party service providers involved in your transactions. We recommend that you go through their policies, including terms of service and privacy policies outlined in Clause 6 of this Policy.

Access to your Personal Information is limited to our employees, agents, partners, and third parties, who we reasonably believe will need that information to enable us to provide Services to you. However, we are not responsible for the confidentiality, security, or distribution of your own Personal Information by our partners and third parties (who have their own privacy policies) outside the scope of our agreement with such partners and third parties.

When you use our Platform, we collect and process your information, which is provided by you from time to time. In general, you can browse the Platform without telling us who you are or revealing any Personal Information about yourself. Once you give us your Personal Information, you are not anonymous to us. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide information by choosing not to use a particular service, product, or feature on the Platform.

We take extra precautions to ensure that such Personal Information is kept secure and confidential, and we will only retain this data for as long as necessary for the purposes for which we collect or process it as per the permissible Data Protection Laws.

This Policy will not apply to any unsolicited information you provide through the Platform or any other means. This includes but is not limited to, information posted on any public areas of the Platform. All such unsolicited information shall be deemed to be non-confidential, and we will be free to use and disclose such unsolicited information without limitation.

Users may subscribe to our blog and newsletter either during Account registration or through our Platform at any time to receive updates on our latest offerings and services. To enhance our marketing outreach, we may also use databases such as Apollo.io to manage and run targeted email campaigns. All recipients of these marketing emails are provided with clear options to unsubscribe or request deletion of their data, in compliance with applicable Data Protection Laws.

HOW DO WE COLLECT THE INFORMATION?

We employ various methods to gather information, ensuring a comprehensive understanding of User interactions and preferences. The collection of Personal Information is facilitated through the following processes:

Information you give us: When you provide us with the information referred to in Clause 3.1 through the methods outlined in Clause 3.2.

Social Media Management: We collect and analyse Personal Information through various tools, including AISensy, Sprout Social, and Lemlist, to understand how Users engage with our social media channels and interactions. This information helps us identify trends in User behaviour, optimise our content strategy, and improve our social media presence. The data collected may include metrics such as interaction frequency, engagement patterns, and demographic details of our audience. We ensure that the data is used only for the purposes outlined in this Policy, maintaining strict confidentiality and compliance with applicable Data Protection Laws. The insights gained enable us to enhance our social media efforts to better cater to User preferences and deliver a more engaging experience.

Session Management: We study session metrics to understand how Users interact with the Platform as well as the Clients’ Portal. This helps us learn the average time Users spend across the Platform and when they prefer to engage. We use tools like Zoho Analytics, Jira, and Webengage to collect anonymous data, including the number of views, how long Users stay, and where they're visiting from. This data allows us to optimise the User experience, making informed enhancements to cater to User preferences and behaviours.

User analytics: We analyse User behaviour and preferences by collecting, processing and analysing Personal Information across our Platform, as well as the Clients’ websites, applications, and software we provide to our Clients. This helps us maintain accuracy, promptly identify any unusual behaviour, and detect fraudulent activities across all managed platforms. By tracking interactions, we ensure that corrective actions are taken immediately to protect both our own systems and those of our clients, while optimising the overall User experience.

In addition to direct User interactions, we leverage cookies and similar technologies to enhance the functionality and User experience on the Website. These allow us to collect and process additional information for various purposes:

Cookies: We utilise cookies, which are small text files stored on your device’s hard drive by web browsers. These cookies help us and third parties identify Users, track preferences, analyse usage patterns, and optimise the Platform’s functionality to provide a customised experience. Cookies enable us to store preferential information and understand browsing activities. You may manage cookie preferences through your browser settings. Below is the limited list of the categories of cookies we use, along with their purposes:

Strictly Necessary Cookies: These cookies are needed to run our Platform, to keep it secure when you are accessing the Platform, and to obey regulations that apply to us. They also help us keep your details safe and private;

Functional Cookies: These cookies are used for remembering things such as your region or country, your preferred language, accessibility options like large font or high-contrast pages;

Performance Cookies: These cookies tell us how you and our other Users use our Platform. We combine all this data together and study it. This helps us to improve the performance of our Services and/or the Platform.

Session Cookies: We use session cookies, which are stored temporarily during your browsing session and deleted when you close your browser or application. These cookies support Platform functionality and help us analyse usage, including pages visited, links clicked, content viewed, and time spent on each page.

Analytics Cookies: Analytics cookies collect data about your use of the Platform, allowing us to improve its performance. These cookies provide aggregated information to monitor site functionality, track page visits, identify technical issues, analyse user traffic, and measure the effectiveness of our advertising, including emails sent to you.

Targeting/Advertising Cookies: These cookies are used to deliver content more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. These cookies allow us and third-party advertisers to display relevant products, offers, and ads on our Platform, third-party sites, and through email or messaging platforms. They help tailor content to your interests and may overlap with Analytics and Social Plug-In Cookies to support targeted advertising.

Social Plug-In Cookies: Social plug-in cookies enable content sharing from the Platform to social media networks like Facebook, Twitter, YouTube, and Instagram. These cookies are typically set by the social media providers to facilitate seamless content sharing between our Platform and those networks.

Purpose of Cookies We Use: We utilise Personal Information obtained through cookies to enhance the speed, security of your interaction with us, and overall user experience. These cookies serve various purposes:

Preferences: Cookies enable the Website to remember information that alters the site’s behaviour or appearance, such as your preferred language or geographic region. By retaining your preferences, we can customise and present advertisements and other content tailored to you.

Security/Optimisation: Cookies play a crucial role in maintaining security by verifying Users, preventing fraudulent use of Services, and safeguarding User data from unauthorised access. Specific types of cookies assist in blocking various types of attacks, such as attempts to pilfer content from Website forms.

Processing: Cookies contribute to the efficient functioning of the Website, allowing us to deliver the Services expected by visitors and/or Users. These cookies facilitate tasks like navigating web pages and accessing secure sections of the Website.

Advertising: We employ cookies to enhance the appeal of advertising to our Users. Common uses include selecting advertisements based on relevance, improving campaign performance reporting, and avoiding the repetition of ads you may have already seen. Cookies capture information about your interactions with the Website, including your most visited pages.

Communication: Information collected through cookies may be utilised to communicate with you, including sending newsletters, seeking your opinions and feedback, and providing Services and promotional materials.

Analytics and Research: Cookies aid in comprehending how individuals utilise our Services, enabling us to enhance them for a better User experience. This data-driven insight helps us refine and improve our offerings.

Web Beacons, Pixel Tags, and Trackers: We may employ web Web Beacons, Pixel tags, and tracking URLs, which are tiny graphic images and/or small blocks of code placed on Platform pages, ads, or in our emails that allow us to determine whether you performed a specific action. When you access these pages or when you open an email, you let us know that you have accessed the web page or opened the email. These tools help us measure responses to our communications and improve our web pages and promotions.

Log Files: Our servers automatically collect information sent by Users' devices, known as log files. This data may include IP addresses, device information, browser type, and timestamps. Log files are instrumental in analysing trends, administering the Website, and diagnosing technical issues.

Third-Party Analytics: We may integrate third-party analytics services to further understand User behaviour. These services utilise their own tracking technologies to compile reports on Platform activity, aiding us in improving our Services.

Location Data: As part of our Services, we may also collect precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device.

Information from other sources: We may collect Personal Information from other sources, including but not limited to:

If a User or any third party submits a complaint about you, we may receive information relating to the specific complaint made in order to understand and, where relevant, address the complaint; and

To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data, and information to help detect fraud and safety issues from (i) third-party service providers, Sub-Processors, other third parties, and/or partners, or (ii) Users and any other individuals, entities, and authorities, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from identity verification Sub-Processors for use in our fraud prevention, security investigation, and risk assessment efforts. We may receive information about you and your activities on and off the Platform, including from Users, members of the public, or governmental, public, or tax authorities, or about your experiences and interactions with and/or from our partners.

WHY DO WE COLLECT AND/OR PROCESS YOUR INFORMATION?

As the Data Controller as well as Data Processor, we collect and/or process your Personal Information from you in order to provide our Platform and Services, as per the legal bases established under applicable Data Protection Laws, including but not limited to:

User Authentication: We collect your information to help us identify you as and when you access the Platform, when you register an Account with us or log in, or when you utilise our Services. This includes but is not limited to resetting Account passwords or approving special consideration applications;

Contractual Necessity: We process your Personal Information to fulfil our contractual obligations with you, which include without limitation tasks such as developing and deploying Customised LMS, providing features and functionalities accompanying the LMS and providing support, etc;

Processing of Personal Information on Behalf of the Clients: This section applies to the Personal Information of Clients’ End-Users collected by Clients, where we facilitate the collection, processing, and secure storage of such data. Clients, as Data Controllers, determine the purpose and methods of processing this Personal Information. We process the data strictly on behalf of the Clients, in accordance with their Documented Instructions, to deliver Services. Additionally, we provide analytics and reporting tools, ensure data integrity, and maintain compliance with applicable Data Protection Laws while safeguarding the data from unauthorised access.

Transactions and Payments: To facilitate secure and efficient payment processing, as well as handle transactions related to Services on the Platform. Also, Personal information is utilised to enable or authorise payment services, including detecting and preventing money laundering, fraud, abuse, and security incidents, complying with legal obligations, enforcing payment policies, and improving payment services;

Research and development: We will utilise Personal information to deliver the Services and to develop, test, and enhance the quality and usability of both the Platform and Services. Our primary approach will involve de-identifying this information before utilisation, and subsequently integrating it with de-identified browser and device data for these purposes;

Communicate with you: We use your Personal Information to communicate with you concerning Services via different channels (e.g., by phone, e-mail, chat), including to provide you with notices about your subscription, including expiration and renewal notices, email instructions, etc;

Fraud Prevention and Credit Risks: We use Personal Information to prevent and detect fraud and abuse to protect the security of our Users;

Troubleshoot Problems: We use your Personal Information to provide functionality, analyse performance, health check servers, fix errors, and improve the usability and effectiveness of the Platform and/or Services;

Compliance with law: To be able to perform any contractual and legal obligation;

Enhancing User Experience: To analyse User behaviour and preferences for improving our Services and User experience and to be able to provide location-specific services;

Recommendations and Personalisations: We use your Personal Information to recommend features, products, and Services that might be of interest to you, identify your preferences, and personalise your experience with the Platform and/or Services;

Enhanced Advertising and Marketing Efforts: In our efforts to provide, personalise, measure, and enhance our advertising and marketing endeavours, we engage in several key activities. Firstly, we utilise User information to create email campaigns, send promotional and marketing messages, tailoring them to suit individual preferences and interests. Additionally, we strive to customise and optimise advertising on various platforms to ensure relevance and effectiveness. To support our campaigns, we may use databases, such as Apollo.io, for outreach, always providing recipients with options to unsubscribe or request data deletion. Furthermore, we administer referral programs, rewards, surveys, sweepstakes, contests, and other promotional activities to engage Users and foster community participation. Through the analysis of User characteristics and preferences, we aim to send targeted promotional messages that resonate with each User segment. Finally, we extend invitations to Users for events and relevant opportunities, enriching their overall experience with our Platform;

Providing alerts/notifications: To effectively communicate with you through emails/SMS/notifications through the Platform to inform you about any other new Services that we may from time to time develop with the help of third party service providers such as MSG91, Lemlist, Saleshandy etc. As you are also bound by the policies of such third parties, please ensure that you read and understand the policies of these third party service providers, as outlined in Clause 6 of this Policy.

In the course of operating the Platform and/or Services, we collect and process the Personal Information in accordance with our Privacy Policy and Data Processing Agreement.

We do not share Personal Information with advertisers or third-party sites displaying our interest-based ads. However, advertisers may infer user interests from interactions with ads and might provide us demographic information to enhance ad relevance. Advertisers can serve ads directly to your browser, receiving your IP address, and may use cookies to evaluate ad effectiveness. We do not control these cookies or the practices of third-party advertisers, so please refer to their privacy policies for more information.

You consent to process your Personal Information in specific situations by us, particularly where it is required to deliver our Services. Wherever Data Protection Laws require us to collect and process certain Personal Information based on your consent, we will obtain this consent at the time of data collection. Your Personal Information may also be disclosed on our Platform if authorised by you for the purpose of utilising our Services. Additionally, we may communicate with you through various means, including messaging, calls, or emails, through third party service providers to facilitate the performance of our Services where necessary. Furthermore, your Personal Information may be processed to the extent required to comply with legal obligations.

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH AND WHY?

With your consent, we may share your Personal Information with the following entities to facilitate our Services and enhance your experience:

Transactions: We may share payment gateway links with you for making payments for our Services, and to facilitate secure and efficient transaction processing, we may share your Personal Information necessary for transaction processing with such payment partners such as Razorpay, Easebuzz, Apple Pay, Stripe, Paypal and NMI;

Third-party Service Providers and Sub-Processors: We may collaborate with third-party service providers and Sub-Processors (as defined in clause 2.1 Data Processing Agreement) to perform various functions on your behalf, such as payment processing, data analysis, postal and email communications, hosting services, data storage, customer service, and marketing assistance. These Sub-Processors may access the necessary Personal Information to fulfil their functions. However, they are strictly prohibited from using it for any other purposes. They are also bound to process Personal Information in compliance with applicable laws. It's important to note that we do not own or control these third parties. We utilise various third party Sub-Processors. Depending on the services they provide, these third parties may be our service providers or Sub-Processors. Regardless of their role, all are governed by this policy and our Data Processing Agreement (DPA). While we do not own or control these third parties, when you interact with them and choose to use their services, you are providing your information to them.

Your use of these services is subject to the policies of these Sub-Processors as well as service providers, including but not limited to the following:

Employees and Independent Contractors: Employees and independent contractors of the Company have access to Personal Information strictly on a need-to-know basis for their job functions or contractual obligations. They comply with this Policy and are trained to protect Personal Information. Confidentiality obligations prohibit unauthorised disclosure or misuse of Personal Information. We monitor compliance and may enforce disciplinary action for breaches, ensuring appropriate security measures are in place to safeguard all accessed Personal Information.

Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates may include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us;

Business Transfers: If we reorganise or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline to honour commitments we made in this Privacy Policy.

Legal Compliance:

We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, authorised third parties, or other Users, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with our legal obligations, (ii) comply with a valid legal request, such as a subpoena or court order, or to respond to claims asserted against the Company, (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our Users to legal or regulatory liability, (iv) enforce and administer our agreements with Users, including our User Agreement, additional legal terms, and policies, (v) respond to requests for or in connection with current or prospective legal claims or legal proceedings concerning the Company and/or third parties, in accordance with applicable law, or (vi) protect the rights, property or personal safety of the Company, its employees, its User, or users of the public;

Where legally required or permissible according to applicable law, we may disclose user information to relevant tax authorities or other governmental agencies, depending on where you are based, for the purpose of the tax authorities’ determination of proper compliance with relevant tax obligations;

Where appropriate and/or legally required, we may notify the User about legal requests, unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon or harm to Edmingle, our Users, or expose Edmingle to a claim of obstruction of justice.

Service Improvement: We may share certain aggregated, anonymised information with third parties (for example, for Google Analytics) in order to assess the Platform usage and information pertaining to the ease of navigation;

Advertisements: We use third-party advertising companies to serve ads when you visit our Platform. These companies may use information (not including your name, address, email address, or telephone number) about your visits to the Platform and other websites in order to provide personalised advertisements about goods and services of interest to you;

Collaborations: We may share your Personal Information with reputable partners to facilitate joint initiatives, promotions, or integrated services; and

Growth and Expansion: As our Platform evolves and expands, there may be instances where sharing Personal Information with new entities or parties becomes necessary for the enhancement of our Services. Any such sharing will be carried out with the utmost consideration for user privacy and in accordance with relevant legal frameworks.

We do not ever sell or rent your Personal Information without your express approval.

We may also de-identify or aggregate information and convert it into non-personal information so that it can no longer reasonably be used to identify you (“De-Identified Information”). We use and retain De-Identified Information for any of the purposes described in Clause 5 and Clause 6 of this Policy. We will maintain and use De-Identified Information in de-identified form and will not attempt to re-identify the information, except to confirm our de-identification processes or unless required by law.

We may share aggregated Non-Identifying Information, and we may otherwise disclose Non-Identifying Information or De-Identified Information to third parties.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

In compliance with applicable Data Protection Laws, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), we retain your Personal Information for a duration no longer than necessary for the purpose for which it was collected or as mandated by relevant Data Protection Laws. Your Personal Information is stored and retained by us until you cease payment for the Services provided.

Should you choose to delete your Account voluntarily, we will initiate the deletion of the associated data, within 120 days, upon your request. In some cases, where immediate deletion is not feasible due to technical or legal constraints, we may instead anonymise your data to ensure it can no longer be linked to you, effectively removing all personal identifiers. The anonymised data may be retained solely for analytical and research purposes.

In accordance with Article 5 of GDPR, certain data related to you may be retained beyond its primary retention period if it is deemed reasonably necessary to prevent fraud, mitigate abuse, exercise our legal rights, defend against claims, or fulfil legitimate purposes as required by law. We may also retain your Personal Information for analytical and research purposes, or for purposes in the public interest, such as scientific or historical research, provided that appropriate safeguards are in place to protect your rights and freedoms, in accordance with Article 89(1) of the GDPR. Additionally, we may retain your Personal Information for the following purposes:

Legitimate Business Interest: We may retain your Personal Information as necessary for our legitimate business interests, such as the prevention of money laundering, fraud detection and prevention, and enhancing safety. For example, if we suspend your access to our Services for fraud or safety reasons, we may retain information to prevent that User from accessing our Services again in the future;

Legal, Tax, Reporting, and Auditing Obligations: We may retain and use your Personal Information to the extent necessary to comply with our legal, tax, reporting, and auditing obligations;

Shared Information: Information you have shared with others, such as reviews and forum postings, may continue to be publicly visible on the Platform, even after your Account is cancelled; and

Residual Copies: Residual copies of your Personal Information (either in the form of De-Identified Information, Non-Identifying Information, or identified information) may remain in our backup systems, primarily to ensure compliance with legal obligations and to protect against accidental loss or destruction. However, non-identifiable usage patterns, data, and analytics may be retained for performance improvement of our Platform and/or Services. We strive to anonymise your data to prevent any personal identifiers from being linked to you. However, in rare cases where legal or operational requirements necessitate, identifiable information may be retained temporarily. Such retention is strictly limited and governed by applicable laws.

HOW DO WE PROVIDE FOR THE SECURITY OF YOUR PERSONAL INFORMATION WITH US?

Storage Information: User data is securely stored on our servers and databases, utilising third party storage partners including Zoho, Amazon Web Services (AWS), and MongoDB. These servers are strategically located based on the User's location to minimise latency for each User.

We prioritise the security of your Personal Information by utilising secure cloud servers where your data is encrypted at rest, providing an additional layer of protection against unauthorised access. All data transfers are safeguarded through Secure Sockets Layer (SSL) technology, ensuring your Personal Information remains secure during transmission. Data gathered is also encrypted at rest within the database. Additionally, we implement reasonable physical, electronic, and procedural safeguards to maintain the confidentiality and integrity of your data. Access to your Account information is facilitated through a secure server, and once your data is in our possession, it is governed by strict security protocols to prevent unauthorised access.

To further ensure the protection of your Personal Information, we have established comprehensive safeguards and are certified as ISO 27001:2022, which demonstrates our commitment to managing sensitive information through a robust Information Security Management System (ISMS). We are dedicated to compliance with applicable Data Protection Laws, as outlined in Clause 8 of the Data Processing Agreement (DPA). Our adherence to industry best practices ensures that access to your information is strictly limited to authorised internal team members, thereby reinforcing our commitment to maintaining confidentiality and security at all levels.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Platform like message boards, as the information you share may be viewed by any user of the Platform.

While we take comprehensive measures to safeguard your information, Users acknowledge and accept the inherent security implications of data transmission over the Internet and the World Wide Web. Despite our efforts, complete security cannot be guaranteed, and inherent risks persist. Users bear the responsibility of safeguarding login and password records for their Accounts. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Platform. While acknowledging these risks, we remain committed to continually enhancing our security protocols to address emerging threats and maintain the trust of our Users.

HOW DO WE HANDLE DATA BREACHES AND SECURITY INCIDENTS?

Pursuant to Clause 8 of this Policy, we strive to prevent data breaches and security incidents to the best of our ability. However, should a data security breach occur, we have an incident response plan (“Incident Response Plan”) in place as outlined in this clause. In the event of a data breach or security incident, the Company maintains a proactive approach to ensure swift resolution and mitigate potential risks. Additionally, we take appropriate measures to contain the impact of any breach while ensuring compliance with applicable Data Protection Laws, including but not limited to the General Data Protection Regulation (GDPR), as detailed in Clause 11 of the Data Processing Agreement.

We have established a comprehensive Incident Response Plan designed to address such occurrences promptly and effectively:

Identification: We promptly identify and acknowledge any signs of a data breach or security incident within our systems or infrastructure;

Containment: Immediate action is taken to contain the impact of the breach, preventing further unauthorised access or damage to data;

Notification: We prioritise transparency by promptly notifying affected parties, including Users and relevant stakeholders, within 72 hours of discovering the breach. The notifications will be communicated via email and will detail the nature of the breach and its potential impact on their data, along with support resources;

Collaboration: We collaborate with relevant authorities, such as regulatory bodies and law enforcement agencies, to report the incident and comply with any legal obligations or regulatory requirements; and

Post-Incident Assessment: Following the resolution of the incident, we conduct thorough assessments to evaluate the effectiveness of our response measures and identify areas for improvement. Our employees are trained on the Incident Response Plan to ensure preparedness and effective response.

DO WE TRANSFER YOUR PERSONAL INFORMATION ACROSS THE BORDER?

While our primary practice is to store all data on servers located within the United States and India, we recognise that certain circumstances may require the transfer of your Personal Information to countries outside your residential country, including India and other regions. Such transfers may be necessary for various purposes outlined in this Policy, including enhancing performance and reducing latency for our Users in Europe and India. This may involve collaborating with our storage partners, who will manage the transferred data.

In situations where Personal Information is transferred from the European Economic Area (EEA), Switzerland, or the United Kingdom to jurisdictions not recognised as providing an adequate level of data protection, we commit to processing that Personal Information in compliance with the provisions outlined in Annexure 1 of the Data Processing Agreement. We have implemented appropriate safeguards to ensure secure international data transfers, as detailed in Clauses 7 and 8 of the DPA. We will use our best efforts to establish controls that ensure your Personal Information is kept accurate, adequately protected, and processed only for specified, legitimate purposes, in a manner that is fair, transparent, and lawful. Furthermore, your data will be stored and processed only for as long as necessary to fulfil those purposes.

You acknowledge and accept that the laws governing data protection in these other countries may differ and may be less stringent than those in your residential jurisdiction. Consequently, your Personal Information may be subject to the laws of these jurisdictions, which could include disclosure requirements to governmental bodies or other entities under applicable laws. In addition, a number of countries have agreements with other countries providing for the exchange of information for law enforcement, tax, and other purposes.

If we transfer your Personal Information to third parties for purposes stated in this Policy, we will use our best endeavours to put in place appropriate controls and safeguards to ensure that your Personal Information is kept accurate, adequately protected, and processed only for specified and reasonable purposes in a manner that is fair, transparent and has a lawful basis, and is stored for no longer than is absolutely necessary.

HOW DO WE MAINTAIN RECORDS OF PROCESSING ACTIVITIES?

In compliance with Article 30 of the General Data Protection Regulation (GDPR), the Company, in its dual role as both a Data Controller and Processor, maintains comprehensive records of our processing activities, ensuring transparency and adherence to data protection obligations. These records encompass the following key elements, which are detailed throughout this Privacy Policy:

the name and contact information of the Company and our Data Protection Officer (DPO) for data protection inquiries (as stated at the beginning of this Policy and in Clauses 11 and 17);

a description of the categories of data subjects and Personal Information processed (as stated in Clause 3 of this Policy and Clause 3 of the DPA);

the specific purposes for each processing activity, including service delivery and compliance with legal obligations (as stated in Clause 5);

the categories of recipients with whom Personal Data may be shared, including international recipients (as stated in Clause 6);

where applicable, the envisaged retention periods for data (as stated in Clause 7);

a general description of the technical and organisational security measures implemented (as stated in Clauses 8 and 9, and Clause 8 of DPA); and

By providing this information, we aim to fulfil our commitment to responsible data management and compliance with relevant laws and regulations. For further information regarding our data processing activities, please contact our Data Protection Officer (DPO) at legal@edmingle.com.

DATA PROCESSING AGREEMENT

Please take a moment to review our Data Processing Agreement (DPA), which outlines the roles and responsibilities concerning the handling of your Personal Information. The DPA is designed to ensure compliance with applicable Data Protection Laws and to clarify our obligations regarding data security, data subject rights, and incident reporting. It details the technical and organisational measures we implement to protect your data and explains how we assist you in exercising your rights under these laws. Understanding the terms of the DPA is crucial for ensuring your data is processed safely and responsibly. If you have any questions or concerns regarding the DPA, we encourage you to reach out for clarification.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

You, as a data subject, may have certain rights to your Personal Information with us, as under:

Request access to your Personal Information: This allows you to receive a copy of the Personal Information we hold about you, and to check that we are lawfully processing it;

Request the correction of your Personal Information: This allows you to ask for any incomplete or inaccurate information we hold about you to be corrected;

Request the erasure of your Personal Information: This allows you to ask us to delete or remove your Personal Information from our systems where there is no good reason for us to continue processing it;

Object to the processing of your Personal Information: This allows you to object to our processing of your Personal Information for a specific purpose (for example, for marketing purposes);

Request the transfer (data portability) of your Personal Information: This allows you to request the transfer of your Personal Information in a structured, commonly used, machine-readable format, either to you or to a third party designated by you and, if technically feasible, have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract of which you are part of, or on pre-contractual obligations thereof;

Request the restriction: You have the right to request the restriction of processing of your Personal Information. This means we will store your Personal Information but not further process it, except in limited circumstances (e.g., with your consent or for legal claims);

Request further information on the processing of your Personal Information: You have the right to obtain further information on how we process your Personal Information. This includes details about the purposes of the processing, the categories of Personal Information involved, the recipients or categories of recipients with whom the Personal Information has been or will be shared, and the envisaged retention period of the Personal Information.

Withdraw your Consent: This right only exists where we are relying on your consent to process your Personal Information. If you withdraw your consent, we may not be able to provide you with access to certain features of our Platform. We will advise you if this is the case at the time you withdraw your Consent.

User’s State-Specific Rights:

If you are a citizen of India, you may have additional rights listed in Schedule I. Please refer to Schedule I below for more detailed information on your rights.

If you are a citizen of the European Union, you may have additional rights listed in Schedule II. Please refer to Schedule II below for more detailed information on your rights.

If you are residing in the United Kingdom, you may have rights listed in Schedule III. Please refer to Schedule III below for more detailed information on your rights.

If you are residing in Switzerland, you may have rights listed in Schedule IV. Please refer to Schedule IV below for more detailed information on your rights.

Please note that these Schedules are supplemental to our Privacy Policy.

In relation to the above, you can exercise such right by sending us an email with your request to legal@edmingle.com along with the necessary proof of identity requirements that we may require prior to processing such a request from you. Alternatively, if you are located in the United Kingdom (UK) or European Union (EU), you may exercise your rights through our appointed privacy representative, Prighter, by visiting https://prighter.com/q/16666719082.

We are committed to respecting and protecting your privacy and will make every effort to accommodate your requests and address your concerns in accordance with applicable laws, including the provisions set forth in Clause 10 of the Data Processing Agreement regarding Data Subject Requests. It's important to note that we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. This ensures that your rights are upheld and that we respond to your inquiries promptly and effectively.

While we strive to cover the privacy rights of Users in various jurisdictions through this Privacy Policy and the accompanying Schedules, we understand that some Users may be in regions with specific Data Protection Laws that are not explicitly addressed here. If you are a User whose data subject rights are not clearly covered in this Privacy Policy or the Schedules, please reach out to us for assistance at legal@edmingle.com. You can contact us to: (a) inquire about the processing of your Personal Information; (b) request access, rectification, or erasure of your Personal Information; (c) restrict or object to the processing of your Personal Information; and (d) exercise any other rights granted under applicable Data Protection Laws in your jurisdiction.

Please be aware that these rights are subject to legal restrictions. We will respond to your request as soon as possible, typically within one month at the latest. If you believe that our processing of your Personal Information is unlawful, you have a right to complain to the legal@edmingle.com. We hope that you will first contact us so that we can assess your objections and clarify any misunderstandings.

ARE CHILDREN ALLOWED TO USE OUR PLATFORM AND/OR SERVICES?

This Platform and/or Services are prohibited for use by individuals under the age of eighteen (18) years or the age of majority as defined by the applicable laws of their country of residence, unless explicit consent is provided by a parent or legal guardian ("Guardian"). Specifically, individuals under the age of sixteen (16) residing in European Union (EU) countries and those under thirteen (13) years old in the United States or United Kingdom are also restricted from accessing our Platform and Services without the consent of their Guardians (collectively referred to as “Minors”). Any access or use of the Platform and/or Services by Minors without such consent constitutes a violation of our Terms of Service and Privacy Policy.

We do not knowingly collect, solicit, or process any Personal Information from Minors. We implement commercially reasonable age verification measures and data protection practices to prevent such unauthorised collection and usage.

If you are a Guardian and believe your child has provided us with Personal Information, we urge you to promptly contact us at legal@edmingle.com. Upon verification of your Guardian status, we will promptly take all necessary steps to remove and delete such information from our records.

HOW CAN YOU EXPRESS YOUR COMPLAINTS AND CONCERNS?

User satisfaction is one of the key focus areas and an integral part of our Platform’s founding principles and business policies. We strongly believe that User satisfaction is the most important factor in the growth and development of our business and hence, we have adopted User centricity as a priority in developing our business processes. The terms below shall constitute our “User Grievance Redressal Policy” which outlines the framework for addressing User grievances:

Objective: The objective of this Grievance Policy is to provide a framework:

to ensure the provision of timely and effective resolution of issues raised by the User; and

to keep the User informed about the manner in which they can reach out to us to resolve their queries and grievances.

Governing Principles: The policy on grievance redressal is governed by the following principles:

User shall be treated fairly at all times;

issues raised by Users are always attended to with courtesy and on time;

Users are provided with effective and satisfactory resolution within a reasonable time period; and

Users are fully informed of avenues to escalate their issues/ grievances if they are not fully satisfied with the response to their complaints.

User Support: Any User can reach out to our User support team/ representative through electronic mode by way of an email communication at support@edmingle.com; and

Must Know: You must know and understand that-

We DO NOT solicit confidential details like your OTP/CVV/PIN/Card Number/ Bank account details through any means.

Scamsters/fraudsters attempt various techniques such as ‘phishing’, to contact, influence, and defraud consumers. We regularly caution our Users against sharing any personal or payment-sensitive information with unknown persons as such sharing leads to unauthorised use and/or fraud and consequent financial loss.

We shall not be liable for any loss, damage, or expense incurred by a User where the User has shared personal and/or payment-sensitive information with scamsters/fraudsters.

We also request and encourage our Users to report such attempts or incidents to us at support@edmingle.com to enable us to investigate and explore legal recourse.

HOW ARE CHANGES MADE TO THIS POLICY?

This Policy may be updated at our sole discretion or due to changes in the law. Such changes, unless otherwise stated, will be effective from the day and date of posting on the Platform. We reserve the right to update the Policy without obligation to notify Users. It is recommended to regularly review this Policy for any changes, as your continued access and use of the Platform will be considered your approval and acceptance of all modifications to this Policy. In cases where applicable law mandates, we may notify you of updates through email. If you do not agree with this Policy governing our Platform, please refrain from using the Platform or the Services provided by us.

HOW CAN YOU CONTACT US?

Should you need additional information or have any questions or complaints regarding the handling of your Personal Information, please reach out to us in writing at:

Email: legal@edmingle.com

Schedule I- India Residents

We are committed to safeguarding the privacy rights of our Users in India. This schedule outlines our compliance with Indian privacy laws, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (IT Rules), and the Digital Personal Data Protection Act (DPDPA), 2023. These regulations ensure that Personal Data is processed fairly, lawfully, and transparently.

YOUR DATA SUBJECT RIGHTS:

Right to Consent: Your explicit consent is required for the collection and processing of your Sensitive Personal Data or Information (SPDI).

Right to Access: You have the right to access your Personal Data and obtain a copy of it.

Right to Correction: You can request corrections to any inaccurate or incomplete Personal Data.

Right to Withdrawal of Consent: You can withdraw your consent to the processing of your Personal Data at any time.

Right to Review Information: You can review the information you have provided and ensure it is accurate and up-to-date.

Right to Grievance Redressal: You have the right to lodge a complaint regarding the processing of your Personal Data with our Grievance Officer.

DATA RETENTION AND DE-IDENTIFICATION:

We are committed to retaining Personal Information only for as long as necessary to fulfil the purposes for which it was collected, as outlined in our main Privacy Policy (see Clause 7). We may also take measures to de-identify Personal Information in accordance with applicable laws and regulations.

APPEAL PROCESS

If you disagree with the Company's response to your privacy rights request or believe your rights have not been adequately addressed, you have the right to appeal. You can submit your appeal in writing to our Data Protection Officer at legal@edmingle.com with the subject line "Appeal of Privacy Rights Request."

LODGING A COMPLAINT

If you believe your rights have been violated or are dissatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of India (PIC). The PIC is responsible for handling complaints related to data protection and ensuring compliance with the DPDPA.

ADDITIONAL INFORMATION:

For more detailed information on how we handle your Personal Information, including our data collection practices, security measures, and third-party disclosures, please refer to our main Privacy Policy available.

Schedule II- European Union Residents

We are committed to ensuring compliance with the European Union General Data Protection Regulation (‘GDPR’).

Although our Privacy Policy explains how we meet all of our obligations for United Kingdom Users, we also have some Users who are habitually located in the European Union (‘EU Residents’) that have additional rights with respect to their Personal Data.

Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. The term “Personal Data” should be considered fundamentally interchangeable with the expression “Personal Information” for the purposes of this Privacy Policy.

Under the GDPR, we are the “Data Controller” and “Data Processor” of Personal Data. As part of our GDPR compliance, we provide and operate the App in a way that ensures: Personal Data (i.e. Personal Information) is processed fairly, lawfully, and in a transparent manner; and collected and processed only for specified and lawful purposes.

We ensure that the Personal Data we collect about you is accurate, complete, and used for its intended purpose. You may access, review, correct, and update your Information by contacting us by email at the contact details below.

EUROPEAN UNION RESIDENTS

We value your privacy and your rights as a Data Subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for European Union (EU) region. In certain circumstances, you have certain rights regarding your Personal Information. A summary of each right and how you can exercise it is detailed below. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). To exercise any of these rights, please reach out to our privacy representative, Prighter, by visiting https://prighter.com/q/16666719082. Such requests should include information to allow us to verify your identity (e.g. your name, address, email address, or other information reasonably required).

When we and/or our privacy representative receive your request to exercise one of these rights, we will respond without undue delay and within the time required by applicable law. This may be extended in certain circumstances, e.g. where requests are complex or numerous.

We and/or our privacy representative will provide the information free of charge, except where requests are manifestly unfounded or excessive, e.g. because of their repetitive character. In these circumstances, we and/or our privacy representative may charge a reasonable fee or may refuse to act on the request. You will be advised of any fees prior to proceeding with a request. We may ask for additional information to verify your identity before carrying out a request.

WHAT ARE YOUR RIGHTS?

Right to access and/or correct your Personal Data

You have the right to access the Personal Data we hold about you, and to be provided with a copy of the information (in most circumstances). You also have the right to correct any information we may hold about you that is inaccurate.

Right to restrict the use of your Personal Data

You have the right to ask us to restrict the processing of your Personal Data where one of the following applies:

The processing is unlawful, but you want us to restrict the use of the data instead of deleting it;

Where you contest the accuracy of your Personal Data, the restriction will apply until we have verified the accuracy or corrected your Personal Data;

We no longer require the Personal Data for the purposes of the processing, but are required to keep it in connection with a legal claim;

You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.

Right to withdraw consent and request deletion of your Personal Data

You have the right to ask us to delete your Personal Data in most circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the Personal Data is required to comply with a legal obligation or for the establishment, exercise, or defence of legal claims.

You may object to our use of your Personal Data for marketing purposes and you can let us know via the provided email address.

Further, you may also object to the processing of your Personal Data in cases where we have used legitimate interests as the basis for processing. In such cases, we will stop processing your Personal Data until we verify that we have compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms in asking us to stop processing the data, or in limited cases where we need to continue processing the data for the establishment, exercise, or defence of legal claims.

Data retention and anonymisation

Right to data portability

In most cases, you have the right to receive all Personal Data you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, where technically feasible.

Right to lodge a complaint with a supervisory authority

If you are a resident of the EU, you have the right to make a complaint at any time to the regulator in your jurisdiction. To find out how to contact your local regulator, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en.

We will allow and assist Users who are EU Residents to exercise these rights unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under United Kingdom legislation, or if the Personal Data has been fully anonymised).

Schedule III: United Kingdom (UK) Residents

We are dedicated to upholding the principles of the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

While our Privacy Policy outlines our commitments to European Union Users, we recognise that Users located in the United Kingdom (‘UK Residents’) have additional rights concerning their Personal Data.

YOUR DATA SUBJECT RIGHTS:

We value your privacy and your rights as a Data Subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the United Kingdom (UK) region. In certain circumstances, you have certain rights regarding your Personal Information. A summary of each right and how you can exercise it is detailed below. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). To exercise any of these rights, please reach out to our privacy representative, Prighter, by visiting https://prighter.com/q/16666719082. Such requests should include information to allow us to verify your identity (e.g. your name, address, email address, or other information reasonably required).

You have a number of rights under applicable Data Protection Laws in relation to your Personal Information. Under certain circumstances, you have the right to:

Have access to your Personal Information by submitting a request to us;

Have your Personal Information deleted;

Have your Personal Information corrected if it is wrong;

Have the processing of your Personal Information restricted;

Object to further processing of your Personal Information, including to object to marketing from us;

Make a data portability request;

Withdraw any consent you have provided to us;

Restrict any automatic processing of your Personal Information; and

Complaint to the appropriate supervisory authority.

BASIS FOR PROCESSING:

We will only process your Personal Information when we have a lawful basis to do so, such as consent, contractual necessity, or legitimate interests. Also, please refer to Clause 5 to understand how we process your Personal Information.

Schedule IV: Switzerland Residents

We are dedicated to upholding the principles of the Federal Act on Data Protection (FADP) and other relevant laws. While our Privacy Policy outlines our commitments to European Union Users, we recognise that Users located in Switzerland have additional rights concerning their Personal Information.

YOUR DATA SUBJECT RIGHTS:

Right to Information: Data subjects have the right to be informed about the processing of their personal data, including the purpose of processing and the categories of data involved.

Right to Access: Data subjects can request access to their personal data held by organisations.

Right to Rectification: Individuals have the right to request corrections to inaccurate or incomplete personal data.

Right to Deletion: Data subjects can request the deletion of their personal data under certain circumstances.

Right to Object: Individuals can object to the processing of their personal data for specific purposes.

Right to Data Portability: The FADP provides for the right to data portability, allowing individuals to obtain and reuse their personal data across different services.

Right to Grievance Redressal: You have the right to lodge a complaint regarding the processing of your Personal Data with our Grievance Officer.

DATA RETENTION AND DE-IDENTIFICATION:

We are committed to retaining Personal Information only for as long as necessary to fulfil the purposes for which it was collected, as outlined in our main Privacy Policy (see Clause 7). We may also take measures to de-identify Personal Information in accordance with applicable laws and regulations.

APPEAL PROCESS

LODGING A COMPLAINT

If you believe your rights have been violated or are dissatisfied with our response, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). The FDPIC is responsible for handling complaints related to data protection and ensuring compliance with the FADP.

Schedule V: United States Residents

We are dedicated to adhering to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA) and other relevant state privacy regulations. If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Iowa, Montana, Nevada, Oregon, Texas, Utah, Vermont, Virginia, or Washington, or if you fall under the protections offered by privacy laws in those states, this section serves as an addition to our primary Privacy Policy, detailing your specific rights and protections.

According to the CCPA, "Personal Information" encompasses any data that can identify, relate to, describe, or be reasonably associated with a specific consumer or household. This includes a variety of information types such as names, addresses, and online identifiers, among others.

We make every effort to ensure that the Personal Information we gather is precise, relevant, and utilised correctly. You have the right to access, delete, and request disclosures regarding your Personal Information. For any questions or to exercise these rights, please reach out to us using the contact details provided below.

YOUR PRIVACY RIGHTS:

Right to access: You can access the information that has been provided by you by reaching out to us at support@edmingle.com.

Right to withdraw consent: The consent that you provide for the collection, use, and disclosure of your Personal Information will remain valid until such time it is withdrawn by you in writing. If you withdraw your consent, we will stop processing the relevant Personal Information except to the extent that we have other grounds for processing such Personal Information under applicable laws. We will respond to your request within a reasonable timeframe. You may withdraw your consent at any time by contacting us; and

Right to Opt-Out: You have the right to opt out of certain processing activities, such as the sale of Personal Information or the use of Personal Information for targeted advertising purposes. Firmli will respect your preferences and refrain from such activities upon your request.

Right to correction: You are responsible for maintaining the accuracy of the information you submit to us, including but not limited to your Contact Information. For any necessary updates or corrections to your Personal Information, Users can easily modify details using the provided App functionalities or by reaching out to us at support@edmingle.com.

Right of Access and Portability: In some jurisdictions, applicable law may entitle you to request certain copies of your Personal Information or information about how we handle your Personal Information, request copies of Personal Information that you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit this information to another service provider, where technically feasible.

Right of Erasure: In some jurisdictions, you can request that your Personal Information be deleted.

DATA CONTROLLER AND PROCESSOR:

Under various U.S. privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) and other state-specific regulations, we act as the “Data Controller” as well as “Data Processor” of Personal Data. To ensure compliance, we operate our services in a manner that guarantees: Personal Data is processed fairly, lawfully, and transparently; and it is collected and used only for legitimate and specified purposes.

APPEAL PROCESS:

Address: Second Floor, SRIT House 113, Block B, 1B, ITPL Main Rd, Kundalahalli, Brookefield, Bengaluru, Karnataka 560037

Email: legal@edmingle.com

DATA RETENTION AND DE-IDENTIFICATION:

LODGING A COMPLAINT:

If you believe your rights have been violated or are dissatisfied with our response, you have the right to lodge a complaint with the federal agencies such as the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB). You may also contact the State Attorney General’s Office of your residential state. These organisations are responsible for handling complaints related to data protection and ensuring compliance with the privacy laws.