Data Protection and Compliance Policy

Effective Date: 17 September 2024

At Eovix Technologies Private Limited, we prioritize the security and privacy of the personal information of our users. This policy outlines our commitment to data protection and compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations. By using our website [www.eovix.com] and services, you agree to the collection, use, and protection of your personal information as described in this policy.

1. Data Collection

We collect personal data from our users when they register for courses, subscribe to services, or interact with our platform. The personal data we collect may include:

• Full name, email address, and contact information.
• Payment details for processing transactions.
• User-generated content (such as comments, reviews, and course submissions).
• Data about user interactions with our platform (including IP addresses, browser information, and device data).

2. Purpose of Data Collection

The personal data we collect is used for the following purposes:

• Service Provision: To deliver and manage our educational services, including course registration, content access, and customer support.
• Payment Processing: To process payments and manage financial transactions securely.
• Improvement of Services: To understand user preferences, improve user experience, and enhance our platform’s performance.
• Marketing and Communication: To send users information about course updates, special offers, and relevant content (with user consent).
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our policies.

3. Legal Basis for Data Processing (For GDPR Compliance)

For users located in the European Economic Area (EEA), we process your personal data under the following lawful bases:

• Consent: We process your data based on your explicit consent, such as for receiving marketing communications.
• Contractual Necessity: We process your data to fulfill the services you request, such as course registration and payments.
• Legal Obligation: We process your data to comply with applicable legal obligations.
• Legitimate Interests: We process your data to pursue our legitimate interests, such as improving our services, provided that your fundamental rights and interests are not overridden.

4. Data Security

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, misuse, or disclosure. These include:

• Encryption: All sensitive data (such as payment information) is encrypted both in transit and at rest.
• Access Control: Only authorized personnel have access to personal data, and they are bound by strict confidentiality agreements.
• Regular Audits: We conduct regular security audits to assess and improve our data protection practices.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once your personal data is no longer needed, we will securely delete or anonymize it. Specific retention periods include:

• Transaction and financial data: Retained for up to 7 years to comply with tax and accounting regulations.
• User account data: Retained for as long as your account remains active or as needed for service delivery.

6. User Rights (For GDPR and CCPA Compliance)

You have the following rights regarding your personal data:

For GDPR (EU/EEA Users):

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request corrections to inaccurate or incomplete personal data.
• Right to Erasure: You can request the deletion of your personal data, subject to legal obligations.
• Right to Restrict Processing: You can request the restriction of processing under certain circumstances.
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
• Right to Object: You can object to the processing of your personal data for direct marketing or other legitimate purposes.

For CCPA (California Users):

• Right to Know: You can request details about the personal data we collect and how it is used.
• Right to Delete: You can request the deletion of your personal data.
• Right to Opt-Out: You can opt-out of the sale of your personal data.
• Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the applicable legal timeframe.

7. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties for their marketing purposes. However, we may share your data with:

• Service Providers: Third-party providers (such as payment processors and cloud service providers) that assist us in operating our website and delivering services.
• Legal Obligations: Authorities or regulators when required to comply with legal obligations, such as court orders or regulatory investigations.
• Business Transfers: In the event of a merger, acquisition, or sale of our business, your data may be transferred to the acquiring company.

8. International Data Transfers

If you are located outside of India, your data may be transferred to, and processed in, India or other countries where our service providers operate. We ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place.

9. Data Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevant authorities as required by applicable laws. We will provide details of the breach, the potential risks, and the measures we have taken to mitigate any harm.

10. Legal Jurisdiction and Governing Law

This Data Protection and Compliance Policy is governed by the laws of India, with legal jurisdiction in Bangalore, Karnataka. Any disputes related to the protection or processing of personal data shall be subject to the exclusive jurisdiction of the courts in Bangalore, Karnataka, India.

11. Contact Us

If you have any questions, concerns, or requests regarding your personal data or this policy, please contact us:

Eovix Technologies Private Limited
Email: [email protected]

12. Changes to This Policy

We reserve the right to update or modify this policy at any time. Any changes will be posted on this page, and the effective date will be updated. We encourage you to review this policy regularly to stay informed.