Privacy Policy of www.eduizzy.com/


Personal Data Collection Policy


1. General Provisions


1.1. This Policy outlines the procedure for the collection, protection, and processing of personal data, established by the Operator of personal data:


Eduizzy, H-21 Saraswati Nagar, Malviya Nagar Jaipur 302017, +91 8003040500, 

Dolphins Education Private Limited (Corporate Identity Number: U80302RJ2008PTC025964 2007-2008)

Requests related to the handling and protection of personal data can be sent to the email address eduizzy.com@gmail.com


1.2. The regulation of personal data handling is intended to ensure compliance with the legal rights and interests of Eduizzy, its employees, clients, contractors, and third parties, where it is necessary to obtain, organize, process, store, and transfer information that constitutes personal data.


1.3. The processing of personal data is conducted in accordance with the prevailing legislation of Eduizzy's country of operation, other applicable laws and regulations, as well as this Policy.


1.4. Eduizzy is authorized to establish additional local regulations (hereinafter referred to as LR) governing the procedure for processing and safeguarding personal data by Eduizzy, its employees, and authorized individuals.


2. Principles of Processing Personal Data


2.1. This document employs the following general definitions:


Personal data — any information directly or indirectly related to a specific or identified individual (the data subject).

Site — Eduizzy's website, which can be accessed at www.eduizzy.com

Personal Data Information System (PDIS) — a collection of personal data stored in databases and managed through information technology and technical means.

Processing of personal data — any action or series of actions, automated or not, involving personal data, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (distribution, provision, access), cross-border transfer, depersonalization, blocking, deletion, and destruction of personal data.

Distribution of personal data — actions aimed at disclosing personal data to an unspecified group of individuals.

Provision of personal data — actions aimed at disclosing personal data to a specific individual or a defined group of individuals.

Blocking of personal data — the temporary suspension of personal data processing, except when processing is required for personal data refinement.

Destruction of personal data — actions that render it impossible to recover the content of personal data in the PDIS or that destroy material media containing personal data.

Depersonalization of personal data — actions that make it impossible to identify personal data ownership without additional information.

2.2. The information received by Eduizzy can be in both material and electronic form.


2.3. The processing of personal data is limited to specific, predefined, and lawful purposes. Processing of personal data not aligned with the purposes of personal data collection is not permitted.


2.4. Combining databases containing personal data processed for incompatible purposes is not allowed.


2.5. Only personal data relevant to the purposes of processing are subject to processing.


2.6. Processed personal data content and volume must align with the stated processing purposes. Processed personal data must not exceed the needs of their processing purposes.


2.7. Personal data storage must be conducted in a manner allowing the identification of the data subject for no longer than necessary for the purposes of personal data processing, unless the period for personal data storage is mandated by law or contract, with the data subject being a party or beneficiary.


2.8. Processed personal data must be destroyed or depersonalized upon achieving the processing purposes or when the need to achieve these purposes ceases, unless otherwise stipulated by law.


2.9. If providing personal data is mandatory by law, Eduizzy must inform the data subject of the legal consequences of refusing to provide personal data.


3. Legal Grounds for Processing Personal Data


3.1. Information on the sources of personal data shall be specified in individual PDIS provisions.


3.1.1. Sources of personal data may include the data subject, publicly available sources of personal data, and other sources.


3.1.2. Processing of personal data, the source of which is not the data subject, shall adhere to the prevailing legislation on personal data protection.


3.1.3. When obtaining personal data from third parties, Eduizzy must take reasonable measures and obtain assurances from third parties providing information that personal data processing by such parties complies with current legislation.


3.2. Eduizzy is not authorized to obtain or process personal data related to race, nationality, political views, religious and philosophical beliefs, health status, and intimate life of the data subject, except when the data subject has given written consent for processing such personal data, or when such data are publicly disclosed by the data subject.


3.3. Processing of personal data is allowed only with the consent of the data subject, or without such consent under the following circumstances:


a. Processing of personal data is necessary to fulfill legal requirements, exercise functions, powers, and duties mandated by current legislation on Eduizzy.

b. Processing of personal data is required for the execution of a contract, where the data subject is a party or beneficiary, or for initiating a contract at the data subject's initiative.

c. Processing of personal data is necessary to protect the rights and legitimate interests of Eduizzy or third parties, provided it does not infringe upon the rights and freedoms of the data subject.

d. Processing of personal data is conducted for statistical or research purposes (except for personal data processing aimed at promoting goods, services, or works), provided that personal data is depersonalized.

e. Processing of personal data, access to which is made available to an unlimited group of individuals by the data subject or upon their request.

f. In other cases as stipulated by law.


3.4. The data subject must make a decision regarding the provision of their personal data and grant consent for its processing freely, willingly, and voluntarily. Consent for personal data processing must be specific, informed, and explicit.

3.5. Processing of personal data for the purpose of promoting goods, services, or works through direct contact with a potential consumer via communication channels is permitted only with the prior consent of the data subject. Such personal data processing shall be considered unauthorized without the data subject's prior consent, unless Eduizzy can prove that consent was obtained.


Upon the data subject's request, Eduizzy must promptly cease the processing of their personal data.


3.6. The data subject retains the right to withdraw their consent for personal data processing. In case the data subject withdraws consent, Eduizzy is entitled to continue processing personal data without consent if there are legal grounds to do so.


4. Transfer of Personal Data


4.1. When transferring personal data, Eduizzy must adhere to the following requirements:


a) Personal data of the data subject may be disclosed for commercial purposes only with the data subject's consent.


b) Eduizzy must inform recipients of personal data that this data can only be used for the purposes for which it was disclosed and must demand representations from these recipients confirming compliance with this rule. Recipients of personal data must uphold confidentiality.


c) Access to personal data of the data subject must be granted only to authorized individuals, who are entitled to access only the personal data necessary to fulfill specific functions.


4.2. Eduizzy is authorized to entrust the processing of personal data to another entity, subject to a contract between both parties.


4.2.1. An entity processing personal data on Eduizzy's behalf must comply with legal requirements and regulations governing personal data processing.


4.2.2. The contract between Eduizzy and the entity processing personal data must specify the actions (operations) with personal data that the entity will perform, the purposes of processing, obligations regarding the confidentiality and security of personal data during processing, and requirements for protecting processed personal data.


4.3. An entity processing personal data on Eduizzy's behalf is not obliged to obtain the data subject's consent for processing their personal data.


4.4. If Eduizzy entrusts the processing of personal data to another entity, Eduizzy remains liable to the data subject for the actions of that entity. The entity processing personal data on Eduizzy's behalf is liable to Eduizzy.


5. Processing of Personal Data


5.1. Eduizzy shall take all necessary legal, organizational, and technical measures, or ensure such measures are taken, to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions.


5.1.1. Organizational and legal measures to protect personal data and establish procedures for processing personal data by Eduizzy, its employees, and authorized individuals shall be carried out by a person authorized by Eduizzy's managing director.


5.1.2. Technical and other measures to protect personal data contained in individual PDIS shall be carried out by a person authorized by Eduizzy's managing director through relevant orders.


5.1.3. The list of individuals authorized to access individual PDIS shall be established in registers (lists) of persons with such access.


5.1.4. Access to personal data may also be granted to other individuals listed in the register of persons authorized to access personal data.


5.2. The procedures for storing material and electronic media containing personal data and PDIS, as well as the list of processed personal data and the purposes of processing, shall be detailed in the provisions for individual PDIS.


5.3. Processing of personal data shall be conducted in such a way that enables the determination of the locations where personal data is stored for each category of personal data, and the establishment of a list of individuals processing personal data and those with access to personal data.


5.4. Eduizzy shall maintain lists of current local regulations and PDIS, lists of individuals responsible for the protection of personal data and those with access to PDIS, as well as other lists requiring record-keeping. Record-keeping can be conducted in electronic and/or physical form.


6. Procedure for Processing Personal Data


6.1. Processing of personal data contained in PDIS or extracted from such a system shall be considered non-automated if actions involving personal data, such as usage, refinement, distribution, or destruction of personal data in relation to each data subject, are performed with direct human involvement.


6.2. It is prohibited to record personal data with incompatible processing purposes on a single physical medium. Separate physical media shall be used for various categories of personal data when processing purposes are obviously incompatible. If the purposes of processing personal data recorded on the same physical medium are incompatible and the medium does not allow for separate processing, measures must be taken to ensure separate processing.


6.3. Destruction and/or blocking of personal data may be carried out in a manner that prevents further processing of this data, including physical destruction of material media and permanent deletion of data from electronic media to prevent data recovery.


Destruction and/or blocking of personal data shall be carried out by the person responsible for protecting the relevant PDIS.


6.4. Refinement of personal data shall be performed by updating or modifying data on the relevant medium. If technical characteristics of the medium do not allow such updating, refinement shall be carried out by documenting changes made on the same medium or by creating a new medium with refined personal data.


6.5. When storing material media, conditions ensuring the safety of personal data and preventing unauthorized access must be observed. The list of measures necessary to ensure these conditions, the procedure for their implementation, and the list of individuals responsible for implementing these measures shall be established by Eduizzy.


7. General Measures for Protection of Personal Data


7.1. The measures necessary and sufficient for Eduizzy to fulfill its duties regarding the protection of personal data include, but are not limited to, the following responsibilities:


i. Approval of the list of PDIS and the appointment of individuals responsible for organizing personal data processing and protection.


ii. Publication of documents defining Eduizzy's policy on personal data processing and the issuance of local regulations establishing procedures aimed at preventing, detecting violations of law, and rectifying the consequences of such violations.


iii. Application of legal, organizational, and technical measures to ensure the security of personal data.


iv. Implementation of internal control and/or audits to ensure compliance with laws, regulations, requirements for personal data protection, Eduizzy's policy on personal data processing, and local regulations.


v. Assessment of potential harm to data subjects, the relationship between the harm and measures taken for personal data protection, and compliance with levels of personal data protection.


vi. Training or informing individuals directly involved in personal data processing.


7.2. Ensuring the security of personal data includes:


i. Identifying threats to personal data security during processing in personal data information systems.


ii. Implementing organizational and technical measures to secure personal data during processing in personal data information systems to meet personal data protection requirements, with compliance ensuring appropriate data protection levels.


iii. Using information security tools that have undergone compliance assessments as per established procedures.


iv. Assessing the effectiveness of security measures before introducing personal data information systems into operation.


v. Registering computer media containing personal data.


vi. Detecting unauthorized access to personal data and taking appropriate actions.


vii. Recovering personal data that has been modified or destroyed due to unauthorized access.


viii. Establishing rules for access to personal data processed in the personal data information system, and maintaining records of all actions involving personal data within the system.


ix. Monitoring measures taken to ensure personal data security and the level of security in personal data information systems.


7.3. Eduizzy shall provide unrestricted access to documents defining its policy on personal data processing and information about implemented personal data protection requirements by publishing these documents on the Site, at its location, or through other means.


8. Responsibility for Data Protection Violation


8.1. Individuals found responsible for violating the personal data processing procedure may face disciplinary, administrative, civil, or criminal liability in accordance with current legislation.


8.2. Individuals responsible for personal data processing violations shall indemnify against damages resulting from unlawful use of information containing personal data.


9. Consent to Processing of Personal Data


9.1. Use of the Site implies the full and unconditional consent of the user to the processing of their personal data by Eduizzy.


9.2. The legal grounds for processing personal data include the consent of the data subject, the execution of contracts, and the fulfillment of contractual obligations.


9.3. The list of personal data collected may include the name, phone number, email address, and country of residence.


9.4. Personal data is provided directly by the data subject when sending information to Eduizzy's representatives or by entering data on the Site. Data collection on the Site can be automated or performed by an authorized Eduizzy employee.


9.5. Personal data processing is conducted for the following purposes: contract formation and execution, notifying the data subject about promotions and special offers, gathering marketing data, responding to incoming queries and obtaining feedback, collecting and analyzing information related to service demand, conducting research and analysis based on depersonalized data, transferring the data subject's personal data to third parties for contract purposes, making phone calls, sending SMS, and email newsletters.


9.6. Personal data processing and storage continue until the objectives of personal data processing are achieved or until the data subject withdraws consent.


9.7. The person responsible for processing and protecting personal data is Eduizzy's head, unless otherwise designated by an appointment order.


9.8. Personal data shall be destroyed upon the expiration of the processing period, or as otherwise mandated by current legislation, by the person responsible for personal data protection and processing.


9.9. Consent applies to any action or set of actions involving provided personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, distribution, transfer (including cross-border), depersonalization, blocking, deletion, and destruction of personal data.