Privacy Policy
-
The following privacy policy is being published in accordance with the provisions of the Information Technology Act, 2000 and other applicable Rules thereunder, including but not limited to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules").
-
This Privacy Policy explains the policy of Directors' Institute (DI)’s website - https://www.independentdirectorsinstitute.com, (hereinafter referred to as "the Website"), with respect to the disclosure, collection, storage, usage and protection of your information during the course of your interaction with the Website.
-
Please read this Privacy Policy carefully and in conjunction with the Terms of Use. If you do not understand this policy, or do not accept any part of it, then you should not use the Platform, as the case may be. Your use and/or continued use of the Platform, as the case may be amounts to express consent to the terms of this Privacy Policy as well as the Terms of Use.
-
For the purposes of this Policy, accessing of the Website together with any study material made available or uploaded therein or downloaded, embedded therefrom shall collectively be referred to as the "Services". The Website shall be referred to as "the Platform".
-
This Privacy Policy forms part and parcel of the Terms of Use for the Directors' Institute (DI) Services and shall be read as a whole. Capitalized terms used here, but undefined, shall have the same meaning as attributed to them in the Terms of Use.
INFORMATION COLLECTED AUTOMATICALLY
-
When you visit or interact with the Platform, apart from Directors' Institute (DI) certain third party advertisers and/or service providers may use technologies that automatically collect information about you for both transactional (e.g., confirmation of registration, notification of purchase made, etc.) and promotional (e.g., promotions, newsletters, etc.) purposes. Your information may be collected by Directors' Institute (DI) or such third party advertisers and/or service providers in the following ways:-
-
Log Files: Every time you visit the Platform, Directors' Institute (DI) servers automatically receive and log information from your browser and device used to access the Platform (such as IP address, device ID, details of your network operator and type, your operating system, browser type and version, CPU speed, and connection speed). This enables us to validate you as a User, to understand your usage of the Platform and helps us to make changes and updates most suited to your needs and interests.
-
Mobile Device: When you register your mobile device or use the mobile device, in addition to the aforesaid, Directors' Institute (DI) will also collect device information such as mobile device ID, model and manufacturer details, operating system etc. for improving the overall functionality and displaying the content according to your preferences.
-
Cookies: Cookies are data files placed on your device, used to keep track of information such as your interaction with social media websites, the content you click on, download, upload or share and other activity on the Platform etc. in order to improve your experience of the Platform by personalizing it to your preferences and usage trends.
-
Web Beacons: Web beacons are transparent graphic images used in our email communication to you, in order to understand customer behaviour and improve the overall quality, functionality and interactivity of the Platform.
-
Payment /Purchase Information: In order to access certain paid features and services on the Platform, you may be required to create or log into a separate account on a payment gateway or website such as “Razorpay” or “PayU” or “PayTM”. Once such an account is created, in order to process your payments/ purchases on the Platform, such payment gateway provider may require and collect your details such as name, address, phone number, email address and credit or debit card information, net banking information or details of any web wallets maintained by you. Any/all payment(s) made/processed or details provided to or shared with such authorized payment gateway providers shall be stored directly by such payment gateway providers without any information passing through or relayed to Directors' Institute (DI). Directors' Institute (DI) assumes no liability in respect of such payments and/or information shared with or provided to such authorized payment gateway providers. It is further clarified that the aforementioned information is only used in accordance with the provisions of the applicable law and in strict adherence to this Privacy Policy.
-
Public Forums: Any information that is disclosed by you in the comments section or by way of the “create a post” feature, becomes published information and Directors' Institute (DI) shall not be held liable for the security of the same or any personal information that you disclose herein. You agree to exercise caution when disclosing any personal information or personally identifiable information in this regard.
-
Please note that we only use the aforesaid information to communicate with and/or improve the Service and to better understand our users' operating systems, for system administration and to audit the use of the Service. We do not use any of the aforesaid data to identify the name, address or other personal details of any individual.
-
For the purpose of this Privacy Policy, any passwords, financial information such as credit or debit card details or other payment instrument details and any additional information prescribed by law to be sensitive that may be collected by Directors' Institute (DI) during your use of the Platform and the Services provided thereon, shall be referred to as "Sensitive Personal Data or Information".
LINK TO THIRD PARTIES
-
The Platform may include links that redirect you to other websites. This Privacy Policy does not cover these third-party websites. You agree that once you leave our servers, any third-party websites that you go to or interact with are at your own risk. Directors' Institute (DI) shall not be held liable for any default, loss of function or any risk that your sensitive personal information may be exposed to as a result of the same.
-
By submitting our webform, you agree to receive calls on the number shared and such calls and sms would be coming from a third-party platform.
SHARING OR DISCLOSURE OF INFORMATION COLLECTED
-
As a strict policy, we will not disclose, share or exploit your information with anyone without your express permission.
-
However, we may be mandated under law or under contracts to make certain limited disclosures under the following circumstances:
-
Legal Necessity: Directors' Institute (DI) may share any of the aforesaid information, including your personally identifiable information or Sensitive Personal Data or Information, without obtaining a separate consent from you, if and when such information is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, or for the prevention, detection, investigation of any criminal activity, or for prosecution and punishment of offences.
-
Limited Disclosure to Service Providers: We may disclose your information (but not Sensitive Personal Data or Information) to our service providers and business partners ("Service Providers") for the purposes of betterment and improvement of our services including but not limited to hosting the Platform, payment processing, analyzing data, providing customer service, etc, for the purpose of making various features, services and products ofDirectors' Institute (DI) available to you and investigating or redressing grievances. This will be in the form of aggregated anonymized data and will be under strict contractual arrangements that preserve the confidentiality and security of your personal information in accordance with this Privacy Policy;
-
Limited Disclosures for improvement of services: Directors' Institute (DI) may share the aforesaid information including your personally identifiable information (but not Sensitive Personal Data or Information) when it is required to be shared with sponsors, partners, advertisers, analytics companies or third parties for the purpose of marketing, advertising promotional offers, offering product information and market research, in connection with the Service. This will be in the form of aggregated anonymized data and will be under strict contractual arrangements that preserve the confidentiality and security of your personal information in accordance with this Privacy Policy;
SECURITY OF INFORMATION COLLECTED
-
We take the security of your personal information seriously and use appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction or damage. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to or from the Service. Any transmission is at your own risk.
-
We keep your personal information for no longer than is necessary for our business purposes or for legal requirements.
-
HOW TO DELETE YOUR ACCOUNT?
-
All you need to do is send an email to support@directors-institute.com asking them to delete your Directors' Institute (DI) account and the associated data with it.
-
-
Once you receive a reply from them, you’ll have seven days to reply to their email with a valid ID proof and confirmation to delete the account. If you don’t send the confirmation, your account won’t be deleted, and the request will be abandoned.
-
-
CONTACT US
-
If you have any questions or concerns regarding the Privacy Policy, kindly contact us at support@directors-institute.com.
1. Introduction
-
Directors' Institute (DI) (hereinafter "Directors' Institute (DI)," "us," "we," or "our" or “the Company”) is committed to security and management of personal data, to function effectively and successfully for the benefit of our stakeholders, customers and for the community. In doing so, it is essential that people’s privacy is protected through the lawful and appropriate means for handling the personal data. Therefore, we have implemented this privacy policy (hereinafter referred to as ‘‘policy’’).
2. Aim
-
This policy aims to protect personal data of the various stakeholders connected to our organization. This policy is aimed at providing individuals notice of the basic principles by which the company processes the personal data of individuals (“Personal Data”) who visits, uses, deals with and/or transacts through the website and includes a guest user and browser (hereinafter ‘you’, ‘user’).
3. Purpose and Scope
-
The purpose of this policy is to describe how Directors' Institute (DI) collects, uses, and shares information about you through our online interfaces owned and controlled by us, including but not limited to https://www.independentdirectorsinstitute.com/ (hereinafter the "website"). This policy is also designed to provide information on how Directors' Institute (DI) ensures data security, conducts data transfers and process requests from data subjects.
-
This policy control applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees and other third parties who have access to Personal Data available within Directors' Institute (DI).
-
The company is also committed to ensure that its employees conduct themselves in line with this, and other related, policies. Where third parties process data on behalf of Directors' Institute (DI), the Company endeavours to obtain assurances from such third parties that your Personal Data will be safeguarded consistently.
-
Directors' Institute (DI) offers specially designed industry-relevant certification programs online (“hereinafter individually or collectively referred to as Program”). This Privacy Policy applies to all our services unless specified otherwise.
4. Types of Personal Data collected
-
The Personal Data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and the applicable laws.
-
Personal Data is stored in personnel files or within the electronic records (on servers in India or other countries) of the Directors' Institute (DI). The following types of Personal Data may be held by the Company, as appropriate, on relevant individuals:
A. Personal Identification Data
-
First Name, Last name
-
Job title & Company
-
Signature
-
Photographs
B. Identification Data
-
Social security or tax identification numbers
-
Aadhar number and PAN
C. Financial Data
-
Bank Account information
-
Salary Information
-
Payment gateway account details
-
E-wallet account details
D. Personal Characteristics
-
Age
-
Gender
-
Date of Birth
-
Marital Status
-
Nationality
E. Contact Data
-
Postal address
-
Email address
-
Phone number
F. Education and Recruitment Data
-
Educational qualification(s)
-
Working goals
-
Post-qualification experience
G. Electronic Identification Data
-
Login credentials (If you are a registered user)
-
Visitors IP Data
-
Date and time of website visit
-
Pages visited and navigation on the website
-
Browser being used
-
County of accessing website
-
Language of the browser being used
-
Words searched for
-
Pixel tags
H. Inquiries
-
Personal Data stated in the form – for example: Name, address, phone number, country
-
Subject of Inquiry
-
Personal details (Name on the card, billing address)
-
Payment details (card numbers, card type)
-
Recordings of calls with students and users showing interest in our Program.
-
Information about your interactions with customer service and maintenance interactions with us.
I. User Generated Data
-
Quizes submitted
-
Peer feedback and grading
-
Program performance data
-
Response to quizzes, standalone quizzes, exams, and surveys
-
Web Cam Recordings (during assessments related to online courses)
-
Posts made to public forums through our platform
-
Any other information necessary to ensure conformity with test/ assessment rules, area of interests
J. Marketing Data
-
Your preferences in receiving marketing information from us
-
Your communication preferences
K. Behavioural Data
-
Data inferred or assumed information relating to your behaviour and interests based on your online activity on our sites
-
We do not collect any payments information processed by third-party payment gateway providers.
5. Special Categories of Personal Data
-
Special Category of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade unions memberships, information about your health and genetic and biometric data.
-
We do not collect or process any special or sensitive Personal Data.
-
Should we specifically require “special” or “sensitive” Personal Data in connection with one or more of the uses described below, we will request your explicit consent to use the data in accordance with this policy and/or in the ways described at the point where you were asked to disclose the data.
-
Other legal basis for our processing of special category data may include, as permitted by applicable law, for scientific research, for employment, social security or social protection law, for reasons of substantial public interest, or as necessary for the establishment, exercise or defence of legal claims. If you voluntarily share with us or post/upload any “special” or “sensitive” Personal Data to this website for any other reason, you consent that we may use such data in accordance with applicable law and this policy. You can contact support@directors-institute.com for more information about our processing of your Personal Data.
6. Sources of data collection
-
The data collected by the company is derived directly from the data provided by the user or by use of our sites.
-
Data Collected is when you:
-
Register for various seminars, webinars or any other outreach initiatives made available by us
-
Request a quote for the various products and services offered by us
-
Place a feedback, complete any customer surveys circulated or interact with our customer services online
-
View our services or visit our website pages on the internet
-
Browse our website
-
When you appear for assignments, exams or any other assessments in relation to online course
-
When you avail refunds and referrals
-
Data Collected from third parties
-
We receive Personal Data such as access or login details, profile picture or any other text / image in relation to your Personal Data which may be available with such third parties.
-
We also receive information about your visits to this platform and to other websites using pixel tags.
-
Third parties from whom we receive your Personal Data include, our service providers, other networks connected to our service, our advertising partners, our marketing and advertising affiliates, our educational partners, scholarship providers, analytics providers, recruiters and such other third-party sources.
7. Cookies
-
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
-
Furthermore, we may allow third-party advertising companies (such as Facebook, Google, Twitter, Quora and Bing) to place cookies on our website. These cookies enable such companies to track your activity across various sites where they display Ads and record your activities, so they can show Ads that they consider relevant to you as you browse the Internet. These cookies store information about the content you are browsing, together with an identifier linked to your device or IP address.
-
How do we use cookies?
-
Directors' Institute (DI) uses cookies in a range of ways to improve your experience on our website, including:
-
To recognize our website user and to enhance user experience when interacting with our website
-
To help us to analyse the use and performance of our website and services
-
To improve the delivery and value of various services and products offered by us.
What types of cookies do we use?
-
There are a few different types of cookies, however, our website uses:
-
Persistent Cookies. We use persistent Cookies to improve your experience of using the Sites. This includes recording your acceptance of our Cookie Policy to remove the cookie message which first appears when you use the Sites.
-
Session Cookies. Session Cookies are temporary and deleted from your machine when your web browser closes. We use session Cookies to help us track internet usage as described above.
-
Analytical/Performance Cookies. Analytical cookies allow us to recognise and count the number of visitors and see how many visitors move around our website while they are using it. This helps us improve the way our website works, for example, by ensuring the users find what they are looking for.
-
Functionality Cookies. Functionality Cookies recognise when you return to the website. This enables the company to create greater content for you and remember your likes and dislikes and other preferences.
-
Targeting Cookies. Targeting Cookies records the visit to our website, the pages navigated to and the links clicked upon. It helps to formulate information relevant to the user’s area of interests.
How to manage cookies?
-
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Disabling some cookies form the website, may have a negative impact and may result in some non-availability of some features.
-
If you want to remove previously-stored Cookies, you can manually delete the Cookies at any time. However, this will not prevent the Sites from placing further Cookies on your device unless and until you adjust your Internet browser setting as described above.
-
You can however obtain up-to-date information about blocking and deleting cookies via these links:
-
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox)
-
https://www.opera.com/help/tutorials/security/cookies/ (Opera)
-
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer)
-
https://support.apple.com/kb/PH21411 (Safari)
These opt-out mechanisms rely on cookies to remember your choices. If you delete your cookies, use another computer or device, or change browsers, you will need to repeat this process. In addition, opting out of interest-based ads will not opt you out of all ads, but rather only those ads that are personalized to your interests.
8. Data Analytics
-
We use Analytics tools and search information providers to measure how visitors interact with content on our website. We also use Facebook Custom Audiences to ask Facebook to show you ads that are customized based on your interaction with our websites or our Facebook applications and to measure how you interact with those ads. Additional information on how these services use such technologies can be found on Google’s website, Wix’s website, Moodle’s Website, MCA’s Website, Zoom’s Website, Adobe’s website and Facebook’s website.
-
If you do not wish to have data relating to your visits to our websites collected through Google Analytics, you may opt-out by installing the Google Analytics opt-out browser add-on. You may opt-out of Facebook Custom Audiences by visiting Facebook’s opt-out page.
9. Aggregated Data
-
“Aggregated Data” means records that have been stripped of Personal Data and has been manipulated or combined to provide generalised, anonymous information. Your identity and personal information are not available in Aggregated Data. We combine your Personal Data on an anonymous basis with other information to generate Aggregated Data for internal and commercial use and for sharing with affiliates, subsidiaries and business partners for planning and marketing purposes.
10. Data protection principles
-
Where third parties process data on behalf of Directors' Institute (DI), we endeavour to obtain assurances from such third parties that your Personal Data will be safeguarded consistently. We understand that it will be accountable for the processing, management and regulation, and storage and retention of all Personal Data held in the form of manual records and on computers.
-
All Personal Data obtained and held by the Company will be:
-
processed fairly, lawfully and in a transparent manner
-
collected for specific, explicit, and legitimate purposes
-
adequate, relevant and limited to what is necessary for the purposes of processing
-
kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay
-
not be kept for longer than is necessary for its given purpose
-
processed in a manner that ensures appropriate security of Personal Data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
-
comply with the relevant laws and procedures for international transferring of Personal Data applicable to us.
11. Legal basis for processing your Personal Data
-
Certain jurisdictions require that we have a lawful basis to justify our processing of your Personal Data.
-
Where applicable, the lawful basis that Directors' Institute (DI) relies upon to justify a particular processing activity may differ from the lawful basis used to justify a different processing activity.
-
Directors' Institute (DI) relies on the following lawful basis to process Personal Data, as permitted under applicable law:
-
Processing necessary for the negotiation, execution, or performance of contracts
-
Processing to comply with legal and regulatory obligations
-
Processing in furtherance of our legitimate interests, including our interests to conduct legitimate business activities (such as improving our products and services, to communicate with you, to secure our systems, among other legitimate interests)
-
Processing necessary to protect vital interest of a user or any other natural person
-
Processing necessary for public interest
-
Processing based on your consent
12. Consent
-
We may obtain your consent to collect and use certain types of Personal Data when we are required to do so by law.
-
Once consent is obtained from the individual to use his or her information for those purposes, Directors' Institute (DI) has the individual's implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
-
Consent may also be implied where a user is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new services or products, and the client, customer, member does not opt-out.
-
Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), individuals can withhold or withdraw their consent for Directors' Institute (DI) to use their personal information in certain ways.
-
Further, by using this website / acknowledging this privacy policy / by voluntarily providing us with your Personal Data, you consent to collection, storage, and processing of your Personal Data in accordance with this privacy policy and our Terms of Use and Service.
-
If you refuse or withdraw your consent, or if you choose not to provide us with any required Personal Data, we may not be able to provide you the services that can be offered on our Platform.
13. Purpose of collecting Personal Data
-
We collect your Personal Data for the following purposes
-
To fulfil or meet the reason you provided the information;
-
For managing and processing purposes, including, but not limited to, tracking attendance, progress and completion of a Program. As part of our management and processing of the Program, we will use certain Personal Data to administer exams, projects, and other assessments for the Program. For example, as part of an exam, Directors' Institute (DI) may use certain information collected from you in order to verify your identity or to monitor your performance during the exam to confirm that you are abiding by the applicable testing rules or requirements;
-
To send you updates about the Programs, other Directors' Institute (DI) events, platform maintenance or new services provided by Directors' Institute (DI), among other things, through itself or through third parties, via WhatsApp, email, SMS, phone call or any other medium;
-
Provide Chat Room services;
-
To enhance the quality of our content and product offerings;
-
Compliance with security and other mandatory policies and building access;
-
Providing information to relevant external authorities for tax, social security and other purposes as legally required;
-
Conducting surveys to assess your satisfaction, including but not limited to its processes or policies;
-
Setting up and maintaining accounts and subscriptions with third parties that provide information and research services or communication services;
-
Making decisions about your continued engagement, employment or membership;
-
Dealing with legal or regulatory disputes or investigations involving you, our work, or other partners, employees, workers and contractors, including accidents at work, potential and actual negligence claims and professional discipline matters;
-
To monitor use of our information and communication systems to ensure compliance with our IT and document management policies;
-
To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution;
-
Business management and planning, including accounting, auditing and insuring;
-
Planning or reviewing options in relation to the operation or management;
-
Keeping registers required by law or regulation;
-
Communicating with you, for example to respond to inquiries;
-
Enhancing the safety and security of the services and preventing fraud, or protecting our or our customers’, or your rights or property;
-
Enforcing applicable terms and conditions and other applicable policies;
14. Advertising and Marketing
-
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or if you provided us with your details and expressly consented to receiving that marketing.
-
We may use your Personal Identification, Identity, Contact, Electronic and User generated Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
-
We also enter into agreements with third parties to serve Ads on our behalf across the internet, social networking sites and blogs. These third parties may collect Personal Data about your visits to our platform and your interactions with our products and use this information to target advertisements for goods and services.
-
Where electronic direct marketing communications are being sent, you have the option to opt-out in each communication sent, and this choice will be recognised and adhered to by us.
-
15. Disclosure of Personal Data
-
Directors' Institute (DI) is a part of a global company and may share the personal information collected or provide such access to other companies within the RightSource Global group.
-
Examples of third parties with whom Directors' Institute (DI) may share Personal Data includes government bodies, including tax and social security authorities, to comply with applicable laws (including employment and tax laws), to obtain licenses or approvals, and upon request during an audit or assessment;
-
With suppliers, subcontractors and service providers, to maintain an efficient and commercially viable business, including technology, telecom, internet providers;
-
With professional advisers, consultants, and employment and recruitment agencies, to conduct background verification and reference checks, administer benefits and payroll, deal with disciplinary and grievance issues and maintain emergency contact details;
-
With our legal advisors and external auditors for legal advice and to conduct business audits;
-
With service providers for business continuity management and contingency planning in the event of business disruptions.
-
With certain companies in order to establish a membership to participate in digital wallets, payment services or rewards programme
-
We require all third parties to respect the security of Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
-
16. Data Security
-
Directors' Institute (DI) will ensure that appropriate technical and organizational measures are in place, supported by privacy impact and risk assessments, to ensure a high level of security for Personal Data, and secure environment for information held both manually and electronically.
-
Directors' Institute (DI) implements appropriate security measures designed to prevent unlawful or unauthorized processing of personal information and accidental loss of or damage to personal information. Directors' Institute (DI) maintains written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures assign specific data security responsibilities and accountabilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your personal information.
-
In addition, as part of its organizational security measures, employees at Directors' Institute (DI) must:
-
ensure that all files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
-
ensure that all files or written information of a confidential nature are not left where they can be read by unauthorized people.
-
check regularly on the accuracy of data being entered into computers.
-
always use the passwords provided to access the computer system cautiously and such access should not be circulated, unless absolutely necessary.
-
use computer screen blanking to ensure that Personal Data is not left on screen when not in use.
-
-
Personal Data should not be kept or transported on laptops, USB sticks, or similar devices, unless authorised by the Management of RSG- DI. Where Personal Data is recorded on any such device it should be protected by:
-
ensuring that data is recorded on such devices only where absolutely necessary
-
using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
-
ensuring that laptops or USB drives are not left lying around where they can be stolen.
-
-
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
-
We also take steps to ensure that our service providers, contractors, and other third parties maintain a similar level of data protection measures when processing your Personal Data. While we strive to secure your Personal Data, please note that 100% security of Personal Data cannot be guaranteed and that Directors' Institute (DI) shall not be liable for any misuse or loss of Personal Data carried out by third-party cloud service provider.
17. International data transfers
-
Our website is primarily operated and managed on servers located and operated within India. However, owing to the global nature of Right Source Global, your Personal Data may also be stored in third party data servers located in other countries where Directors' Institute (DI) provides its products and services.
-
Directors' Institute (DI) engages sub-contractors, service providers and other third parties for facilitating our products, service offerings and to offer support services to you, and your Personal Data may be transferred to servers of such sub-contractors, service providers and other third parties. Depending upon the location of our service providers, your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
-
Further, your Personal Data may be transferred may be shared, disclosed, and transferred between various RightSource Global companies where such transfers are required for legitimate business reasons.
-
Where required under applicable law we will seek your express consent for such transfers. In all other cases, by consenting to this policy, you also provide consent to Directors' Institute (DI) to transfer your Personal Data to Directors' Institute (DI) affiliated companies, service providers or any third-party entity in locations around the world. We take steps to ensure that a degree of data protection which is similar to this policy is afforded to such Personal Data transferred.
-
Where Directors' Institute (DI) transfers your personal information internationally, we will comply with applicable legal requirements and where required we will enter into a data transfer agreement with the recipient of the personal information, which in the case of European Personal Data may include the Standard Contractual Clauses. In other cases, and where applicable, we shall enter into separate Data Processing Agreements with the third parties / service providers / contractors and such other recipients of Personal Data. Further as the Company takes steps to ensure that transfers of Personal Data to any public authority cannot be massive, disproportionate, and indiscriminate in a manner that would go beyond what is necessary in a democratic society. In the event of conflicts between these and public authority requirements, the company will find a practical solution that fulfils the purpose of this Policy.
-
We are committed to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our data privacy and security standards.
18. Records management
-
Records management refers to a set of activities required for systematically controlling the creation, distribution, use, maintenance, and disposition of recorded information maintained as evidence of business activities and transactions. It is impossible to be compliant with information law without robust records management policies and practises. Good records management practices ensure not only record quality, but that Personal Data is only kept for as long as necessary for its original purpose and help support data minimization.
19. Organization and Responsibilities
-
Directors' Institute (DI) will maintain records of data processing as required by the laws.
-
Our compliance with relevant policies and regulatory requirements in respect of data protection as part of our Data Management Strategy will be periodically monitored internally by a designated governance group. All employees, volunteers, consultants, partners, or other parties who will be handling Personal Data on behalf of Directors' Institute (DI) will be appropriately trained and supervised where necessary.
-
The collection, storage, use and sharing of Personal Data will be regularly reviewed by the Data Protection Officer, the Governance Group, and any relevant business area. We will adhere to relevant codes of conduct where they have been identified and discussed as appropriate.
-
Where there is likely to be a high risk to individuals rights and freedoms due to a processing activity, we will first undertake a Data Protection Impact Assessment (DPIA) and consult with the relevant supervisory authority prior to processing, if necessary.
20. Conflicts of Law
-
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.
21. Retention of Personal Data
-
We retain your Personal Data, not longer than necessary for the purposes for which it was collected. The length of time to retain Personal Data depends on the purposes for which we collect and use it and/or as may be required to comply with applicable laws, to establish, exercise, or defend our legal rights.
-
The users can exercise their rights enumerated herein. Also, if in case required to extend the period of retention of such data, we shall obtain your consent for the same. Further, we may also dispose the data prior to completion of the period of retention, if the purpose for which it was collected is exhausted.
22. Procedures
-
The Company has taken the following steps to protect the Personal Data of relevant stakeholders, which it holds or to which it has access:
-
it appoints or employs employees with specific responsibilities for the processing and controlling of data; the comprehensive reviewing and auditing of its data protection systems and procedures; overviewing the effectiveness and integrity of all the data that must be protected; and there are clear lines of responsibility and accountability for these different roles.
-
it provides its employees with information and training to make them aware of the importance of protecting Personal Data, to teach them how to do this, and to understand how to treat information confidentially
-
it can account for all Personal Data it holds, where it comes from, who it is shared with and also who it might be shared with
-
it carries out risk assessments as part of its reviewing activities to identify any vulnerabilities in its Personal Data handling and processing, and to take measures to reduce the risks of mishandling and potential breaches of data security. The procedure includes an assessment of the impact of both use and potential misuse of Personal Data in and by the Company
-
it recognises the importance of seeking individuals’ consent for obtaining, recording, using, sharing, storing and retaining their Personal Data, and regularly reviews its procedures for doing so, including the audit trails that are needed and are followed for all consent decisions. The Company understands that consent must be freely given, specific, informed and unambiguous. The Company will seek consent on a specific and individual basis where appropriate. Full information will be given regarding the activities about which consent is sought. Relevant individuals have the absolute and unimpeded right to withdraw that consent at any time
-
it has the appropriate mechanisms for detecting, reporting and investigating suspected or actual Personal Data breaches, including security breaches. It is aware of its duty to report significant breaches that cause significant harm to the affected individuals to the relevant supervisory authority and is aware of the possible consequences
-
it is aware of the implications international transfer of Personal Data internationally.
-
23. Breach notification
-
Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the relevant supervisory authority within 72 hours of the Company becoming aware of it and may be reported in more than one installment. Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual. If the breach is sufficient to warrant notification to the public, the Company will do so without undue delay.
24. External Links on our website
-
For your convenience, we may provide links to sites operated by organizations other than the Directors' Institute (DI) ("Third Party Sites") that we believe may be of interest to you. We do not disclose your Personal Data to these Third-Party Sites unless we have a lawful basis on which to do so. We do not endorse and are not responsible for the privacy practices of these Third-Party Sites. If you choose to click on a link to one of these Third-Party Sites, you should review the privacy policy posted on the other websites to understand how that Third-Party website collects and uses your Personal Data.
25. Use of this website and our Terms of Service
-
This website is the property of the Directors' Institute (DI). Our Terms of Use and this Privacy Policy collectively govern the use of the Platform and the Programs offered by the Directors' Institute (DI). This Privacy Policy shall form a part of the Terms by way of reference. By using this website and the information offered herein, you indicate your acceptance of these Terms of Use.
26. Updates to this policy
-
We may update our Privacy Policy from time to time. We will take reasonable steps to inform all Directors' Institute (DI) entities, Customers, Business Partners, and other data subjects affected by the revisions by posting the new Privacy Policy on this page and/or via email.
27. Data Controller/ Company Details
-
The "Data Controller" (i.e., Directors' Institute (DI)) means the entity that will make the decisions about how your data is used and that is responsible for deciding how it holds personal information about you.
-
Since Directors' Institute (DI) is made up of different legal entities, the entity that will be the controller for your data is dependent on the situation where your Personal Data is collected.
28. Data Protection Officer
-
The company, in accordance with the applicable laws, and all applicable rules made thereunder, has appointed a Data Protection Officer; who can be reached at the details below:
-
Name: Lavlesh Sharma
-
Email Address: lavlesh@directors-institute.com
-
The information shall be safe and reserved only for the usage for which the participant would want to be communicated for.