Privacy Policy
The Foundation recognises the importance of protecting the privacy and dignity of individuals and is committed to handling personal data responsibly, transparently, and in accordance with applicable law.
This Privacy Policy (“Policy”) is published in compliance with applicable laws including the Digital Personal Data Protection Act, 2023 (“DPDP Act”), Section 43A of the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”).
This Policy describes how PrashantAdvait Foundation (the “Foundation”, “we”, “our”, or “us”) collects, processes, stores, protects, uses, shares, transfers, retains, and otherwise handles personal information of individuals who access or use the application “Acharya Prashant” (“Application”), the website https://www.acharyaprashant.org (“Website”), and services offered through them (“Services”).
For the purposes of the Digital Personal Data Protection Act, 2023, the Foundation acts as the Data Fiduciary in relation to personal data collected and processed through the Website, Application, and Services.
Please read this Policy carefully along with the Terms of Use (“ToU”) available on the Website and Application.
By accessing or using the Website, Application, or Services, you acknowledge that you have read and understood this Privacy Policy. Where the processing of personal data requires consent under applicable law, such consent shall be obtained separately through appropriate consent mechanisms made available by the Foundation.
Where personal data is processed on the basis of consent, such consent may be provided through consent notices, account settings, consent checkboxes, click-wrap mechanisms, participation forms, event registration forms, or such other mechanisms as may be made available by the Foundation from time to time.
PRINCIPLES OF DATA PROCESSING
The Foundation processes personal data in accordance with applicable data protection laws and principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, security, and accountability.
Personal data is collected and processed only for specific, lawful, and legitimate purposes related to the provision of Services, educational activities, community engagement, charitable activities, operational requirements, or such other purposes as may be disclosed to users in accordance with applicable law.
GROUNDS FOR PROCESSING PERSONAL DATA
The Foundation shall process personal data only for lawful purposes and in accordance with applicable law.
Depending on the nature of the activity, personal data may be processed:
(a) on the basis of consent provided by the individual or where users voluntarily provide personal data for participating in programmes, events, discussions, sessions, communities, donations, purchases, subscriptions, or other activities made available through the Services;
(b) for the provision, administration, operation, maintenance, or improvement of the Services;
(c) for compliance with legal obligations;
(d) for responding to grievances, inquiries, requests, or disputes;
(e) for security, fraud prevention, risk management, and protection of rights and interests;
(f) for educational, charitable, volunteer, donor, community, programme, event-related, or outreach activities undertaken by the Foundation; and
(g) for any other purpose permitted under applicable law.
Where consent forms the basis of processing, users may withdraw such consent at any time in accordance with this Policy and applicable law.
AUTOMATICALLY COLLECTED INFORMATION
The Website/Application may automatically collect technical and usage-related information including:
• device type and model;
• device identifiers;
• IP address;
• browser type and language;
• operating system;
• application version;
• pages visited and usage patterns;
• date and time of access;
• cookie identifiers;
• session identifiers;
• crash reports and diagnostics;
• log information;
• network information;
• approximate geolocation information where enabled;
• permissions granted to the Application; and
• other technical, diagnostic, behavioural, or usage-related information reasonably necessary for operation, analytics, fraud prevention, security, functionality enhancement, personalisation, and improvement of the Services.
Such information assists in security, fraud prevention, service administration, analytics, functionality enhancement, and improvement of user experience.
DISCLOSURE OF PERSONAL DATA
The Foundation may disclose personal data:
(a) to service providers, vendors, contractors, and processors engaged by the Foundation;
(b) to affiliates, associated organisations, group entities, where applicable, involved in providing, supporting, administering, operating, or improving the Services;
(c) to auditors, accountants, lawyers, consultants, and professional advisors;
(d) to courts, regulators, governmental authorities, law enforcement agencies, or statutory bodies where required by law;
(e) in connection with mergers, restructuring, transfer of operations, or organisational changes;
(f) where necessary to protect rights, safety, property, or legal interests of the Foundation, users, or third parties; or
(g) where disclosure is otherwise permitted or required under applicable law.
The Foundation does not sell personal data.
RECORDING
The Foundation may record sessions, discussions, programmes, events, or other interactions conducted through the Website, Application, or associated platforms. The Foundation may use, edit, reproduce, archive, publish, display, disseminate, transmit, distribute, or otherwise make available such recordings, participant contributions, or related content in accordance with this Policy, applicable notices, any consents obtained, and applicable law.
ANONYMISATION AND DE-IDENTIFICATION
The Foundation may anonymise, aggregate, or de-identify personal data in accordance with applicable law and may use such anonymised, aggregated, or de-identified information for research, analytics, educational, statistical, operational, service improvement, archival, or other lawful purposes.
CROSS-BORDER PROCESSING AND TRANSFER OF PERSONAL DATA
Personal data may be processed, stored, hosted, accessed, or transferred through third-party service providers, technological infrastructure, cloud environments, or affiliates located in India or outside India.
Such processing or transfer shall be carried out subject to applicable law, including any restrictions, prohibitions, or conditions imposed by competent governmental authorities from time to time.
The Foundation shall implement reasonable contractual, organisational, and technical safeguards in relation to such processing and transfer, as considered appropriate under applicable law.
DATA BREACH RESPONSE
In the event of a personal data breach affecting personal data processed by the Foundation, the Foundation shall take such remedial measures and provide such notifications to affected individuals and competent authorities without undue delay, where required under applicable law.
WITHDRAWAL OF CONSENT
Where processing is based on consent, users may withdraw consent previously provided at any time by contacting the Foundation or through available consent management mechanisms.
Withdrawal of consent shall not affect the lawfulness of processing undertaken prior to such withdrawal.
Withdrawal of consent may affect the availability, quality, or continued provision of certain Services where such personal data is necessary for providing such Services.
CONSENT MANAGER
Where permitted under applicable law, users may exercise consent-related choices through a Consent Manager recognised under applicable law. The Foundation shall honour such choices to the extent required under applicable law.
RETENTION OF INFORMATION
Personal data shall not be retained for longer than is necessary to fulfil the purposes for which such personal data was collected or processed unless retention is required or permitted under applicable law.
Information may also be retained for:
• compliance with legal obligations;
• enforcement of contractual or legal rights;
• fraud prevention;
• dispute resolution;
• archival purposes;
• security purposes; and
• compliance with statutory requirements.
Upon expiry of the applicable retention period or where the purpose for processing is no longer being served, personal data shall be deleted, anonymised, archived, or otherwise handled in accordance with applicable law and internal policies.
USER RIGHTS
Subject to applicable law, users may have the right to:
(a) request access to personal data held by the Foundation;
(b) request correction, completion, or updating of inaccurate personal data;
(c) request erasure of personal data;
(d) withdraw consent for processing where processing is based on consent;
(e) nominate another individual to exercise rights in the event of death or incapacity;
(f) raise grievances relating to processing of personal data; and
(g) seek information regarding categories of personal data shared by the Foundation and, where required under applicable law, the identity of Data Fiduciaries or Data Processors with whom such personal data has been shared.
(h) seek a summary of personal data being processed by the Foundation and processing activities undertaken in relation thereto, where required under applicable law.
Requests relating to these rights may be submitted through the contact details provided in this Policy.
DUTIES OF USERS
Users agree that they shall not:
(a) impersonate another person while providing personal data;
(b) suppress any material information while providing personal data for any document, unique identifier, proof of identity, or proof of address issued by the State or any instrumentality thereof;
(c) register false or frivolous grievances or complaints with the Foundation or any competent authority; or
(d) furnish false particulars or otherwise misuse rights available under applicable data protection laws.
Users shall ensure that information provided to the Foundation is authentic, accurate, complete, and not misleading.
CHILDREN’S PRIVACY
The Website, Application, and Services are intended for individuals capable of entering into legally binding contracts under applicable law. Individuals below eighteen (18) years of age may access or participate in the Services only through or under the supervision of a parent or lawful guardian.
Where personal data of a minor is processed, the Foundation shall obtain verifiable consent from the parent or lawful guardian in accordance with applicable law.
The Foundation does not knowingly process personal data of children in violation of applicable law.
CHANGES TO THIS PRIVACY POLICY
The Foundation may revise or update this Privacy Policy from time to time to reflect changes in applicable law, technology, operational practices, or the Services.
Updated versions of this Policy shall be made available through the Website, Application, or such other means as the Foundation may consider appropriate.
Continued use of the Services after such updates shall constitute acknowledgement of the revised Policy, subject always to any consent requirements prescribed under applicable law.
GRIEVANCE REDRESSAL
In accordance with applicable law, users may raise grievances regarding the processing of personal data.
Grievance Officer:
Mr. Devesh Mittal
PrashantAdvait Foundation
Email:
[email protected]
The Foundation shall endeavour to address grievances within such period as may be prescribed under applicable law or internal policy.
If a grievance remains unresolved, users may have the right to approach the Data Protection Board of India or any other competent authority in accordance with applicable law.
Where the Foundation is designated as a Significant Data Fiduciary under applicable law, the Foundation shall comply with such additional obligations as may be prescribed under applicable law.