Privacy Policy

Last updated: 23 August 2025 (IST)

This webinar / workshop privacy agreement (“agreement”) governs how ai academy India (operated by Kumar Enterprises, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you register for, attend, or interact with our webinar / workshops (“webinar / workshop”) provided through www.ai-academy-in.com (the “site”) or third-party platforms (e.g., zoom, Microsoft teams). Under the digital personal data protection act, 2023 (“DPDP act”), we are a data fiduciary, and you are the data principal.

By registering for or attending the webinar / workshop, you explicitly consent to this agreement in a free, specific, informed, unconditional, and unambiguous manner through a clear affirmative action (e.g., checking a mandatory checkbox). If you do not consent, you must not register, access, or participate in the webinar / workshop. This agreement constitutes a binding legal contract between you and us, enforceable under Indian law. Any prior agreements or understandings are superseded. This agreement applies to all webinar / workshop-related interactions, including registration, participation, feedback, and follow-up communications.

Definitions

Terms used in this agreement have the meanings ascribed under the DPDP act, unless otherwise defined herein:

  • Personal data: any data about an individual who is identifiable by or in relation to such data (section 2(j), DPDP act).

  • Sensitive personal data: personal data revealing financial data, health data, sexual orientation, biometric data, transgender status, intersex status, caste, tribe, religious or political belief or affiliation (as interpreted under draft digital personal data protection rules, 2025 (“draft rules”)).

  • Processing: any operation or set of operations performed on personal data, including collection, storage, use, disclosure, or erasure (section 2(q), DPDP act).

  • Consent: free, specific, informed, unconditional, and unambiguous indication of the data principal’s wishes by a clear affirmative action (section 2(d), DPDP act; rule 5, draft rules).

  • Data fiduciary: a person who alone or in conjunction with others determines the purpose and means of processing personal data (section 2(i), DPDP act).

  • Data principal: the individual to whom the personal data relates (section 2(h), DPDP act).

  • Significant data fiduciary (“SDF”): a data fiduciary notified as such by the central government based on factors like volume/sensitivity of data, risk to rights, etc. (section 10, DPDP act).

  • Data protection board: the board established under section 18 of the DPDP act.

  • Cross-border transfer: processing of personal data outside India (section 16, DPDP act).

  • Breach: unauthorized processing, disclosure, or any incident leading to accidental or unlawful destruction, loss, alteration, or unauthorized access to personal data (rule 14, draft rules).

 

1. Who we are

Legal entity: Kumar Enterprises, a proprietorship firm registered under the laws of India (GSTIN: 06AIEPK1173E1ZO]), with its registered office at D-3/26 FF, Exclusive Floors, DLF 5, Gurgaon 122009.

Grievance officer and data protection officer:
Name: S Kumar
Designation: data protection officer (as required under section 10 for sdfs, if applicable)
Email: info@ai-academy-in.com
Phone: +91 98180 16800
Address: D-3/26 FF, Exclusive Floors, DLF 5, Gurgaon 122009.

We acknowledge all privacy requests (e.g., access, deletion, grievances) within 72 hours and resolve them within 15 working days (or as specified in rule 12, draft rules). If delays occur due to complexity or volume, we will notify you within 72 hours with detailed reasons, an estimated timeline, and interim measures. Unresolved grievances may be escalated to the data protection board under section 18 of the DPDP act.

If we are notified as an sdf, we will appoint an independent data protection officer based in India, conduct data protection impact assessments (dpias) for high-risk processing (rule 11, draft rules), and undergo periodic audits.

2. Scope

This agreement covers all personal data processed:

  • Through webinar / workshop registration forms, surveys, or feedback mechanisms on the site or third-party tools.

  • During webinar / workshop participation (e.g., in-person, via zoom, including chat, polls, q&a, or recordings).

  • Via communications related to the webinar / workshop (e.g., emails, sms, whatsapp, etc.).

  • Automatically via cookies or tracking technologies during webinar / workshop access.

This agreement incorporates the draft rules (notified january 3, 2025) and any subsequent notifications or amendments. It does not apply to anonymized or de-identified data that cannot be attributed to you (section 2(a), DPDP act) or to data processed solely by third-party platforms (see §12). We adhere to principles of purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability (section 8, DPDP act).

3. Personal data we collect

We collect only the minimum personal data necessary for the webinar / workshop, strictly adhering to data minimization (section 8(3), DPDP act):

  • Provided by you:

    • Identifiers: full name, email address, phone number (optional but required for reminders).

    • Professional: company name, job role/title (optional).

    • Webinar / workshop-specific: registration details, topic preferences, feedback, survey responses, chat messages, or q&a submissions.

    • Financial (for paid webinar / workshops only): billing details, gstin; we do not store full card/upi credentials (handled by processors).

    • Sensitive personal data: none collected unless explicitly necessary (e.g., accessibility needs) and only with verifiable, granular consent (rule 6, draft rules).

  • Collected automatically:

    • Technical: ip address, device type, browser, operating system, timestamps, language/timezone.

    • Interaction: webinar / workshop join/leave times, pages visited, clicks, chat/poll participation.

    • Tracking: via cookies or similar technologies (see §6).

  • From third parties:

    • Registration tools: metadata from platforms like calendly (e.g., booking time).

    • Webinar / workshop platforms: participation data from zoom, microsoft teams, etc. (e.g., attendance duration).

    • Analytics: engagement metrics from google analytics 4 (e.g., session duration).

    • Payment processors: transaction ids from razorpay, stripe (excluding sensitive payment data).

Collection is logged with timestamps, and we ensure accuracy by allowing updates (section 8(4), DPDP act). No data is collected without a lawful basis.

4. Purposes & lawful bases

We process personal data only for specified, explicit purposes under the DPDP act (section 4):

  • Consent (section 6): for webinar / workshop registration, participation, recordings, marketing communications, and non-essential cookies/analytics. Consent is obtained via a consent manager (if implemented per rule 7, draft rules) or direct affirmative action, with proof retained.

  • Contractual necessity (section 7(a)): to deliver the webinar / workshop, provide access links, share materials (e.g., slides), issue certificates, or process payments.

  • Legitimate uses (section 7(b)-(h)): for security, fraud prevention, aggregated analytics (post-legitimate interest assessment ensuring no override of your rights), or business operations.

  • Legal obligations (section 7(i)): to comply with laws, e.g., tax/gst (income tax act, 1961), trai regulations, or authority requests.

Purposes are limited; incompatible processing requires fresh consent (section 8(1)). No automated decision-making with legal/significant effects without explicit consent and safeguards (rule 10, draft rules).

5. How we use your data

We use personal data exclusively for:

  • Registering you, sending access details, and facilitating webinar / workshop participation.

  • Delivering content, managing interactions (e.g., q&a, polls), and sharing materials (e.g., slides, recordings if consented).

  • Issuing certificates and processing payments (for paid webinar / workshops).

  • Sending operational communications (e.g., reminders, follow-ups).

  • If consented, sending marketing about future events (via consent manager).

  • Anonymized analytics to improve webinar / workshops (section 7(f)).

  • Security and abuse prevention (e.g., IP logging for threat detection).

  • Legal compliance (e.g., GST invoices).

All processing is documented in a record of processing activities (ROPA), available upon request (rule 9, draft rules). We conduct DPIAS for high-risk activities if SDF (section 10).

6. Cookies & tracking technologies

We use:

  • Essential cookies: for functionality (e.g., session authentication). Non-disableable but notified (section 6(3)).

  • Functional/analytics cookies: for preferences/engagement measurement, with granular consent via banner (rule 5(3), draft rules).

Consent banner provides options; withdrawal is as easy as granting (e.g., via site settings). No cross-site tracking or third-party sharing for advertising without consent. Blocking non-essential cookies may limit features but not access.

7. Disclosures

We do not sell, rent, or trade personal data (prohibited under section 8(8)). Disclosures are minimized and limited to:

  • Data processors (section 9): third-party tools (e.g., zoom, google) under data processing agreements (DPAS) mandating: purpose restriction, security (per rule 13), sub-processor approval, audit rights, breach liability, and deletion post-processing.

  • Legal recipients: authorities/courts under verified lawful requests (section 7(i)), with minimal data and challenge where possible.

  • Business transfers: in mergers/acquisitions, with successors bound by this agreement (section 17).

Disclosures are logged in ROPA; we notify you of non-prohibited compelled disclosures within 72 hours (rule 14).

 

8. Cross-border transfers

Transfers outside India comply with section 16 and central government notifications (e.g., no transfers to restricted countries per notifications). Safeguards include:

  • Standard contractual clauses in DPAS (rule 15, draft rules).

  • Adequacy decisions or binding corporate rules.

  • Consent for non-essential transfers, with risks disclosed.

  • Transfer impact assessments (tias) ensuring equivalent protection.

Destinations are disclosed during consent; sensitive data requires additional safeguards.

9. Retention

Personal data is retained only as necessary (section 8(7)):

  • Registration/participation: 1 year post-webinar / workshop or until purpose fulfilled/deletion requested.

  • Analytics: 1 year (anonymized after 6 months).

  • Payment: 7-10 years for tax/compliance (section 8(7) exceptions).

  • Recordings: 6 months max or upon request.

Deletion uses secure methods (e.g., nist sp 800-88); retention is reviewed annually via audits.

10. Your rights

You have absolute rights under sections 11-15, exercisable free (except manifestly unfounded requests, per rule 12):

  • Access (section 11): confirmation, summary/copy in machine-readable format.

  • Correction (section 12): rectify inaccuracies.

  • Erasure (section 13): delete when unnecessary/withdrawn consent/unlawful (except legal holds).

  • Portability (section 14): transfer consent/contract data where feasible.

  • Consent withdrawal (section 6(5)): via same mechanism as grant; no retroactive effect.

  • Nomination (section 14): designate nominee for incapacity/death.

  • Grievance (section 32): redressal; escalate to data protection board.

Requests to info@ai-academy-in.com; identity verified non-invasively (e.g., email token). Response within 15 days with reasons for denial.

11. Communications

Communications comply with TRAI (telecom commercial communications customer preference regulations, 2018), using DLT-registered templates. Opt-out via “stop,” unsubscribe links, or email; processed within 24 hours with permanent suppression (rule 5(5), draft rules). No marketing without consent.

12. Third-party platforms

Third-party platforms (e.g., zoom) process data under their policies (links provided during registration). We mandate DPAS ensuring DPDP compliance; not liable for their independent breaches but notify you and assist remedies.

13. Recordings

Recordings require separate, granular consent (checkbox/verbal opt-in); notified at registration/start. Opt-out options: disable camera/mic, request exclusion/deletion. Used only for consented purposes; deleted within 6 months. No ai processing of recordings without consent.

14. Security

We implement safeguards proportionate to risks (section 8(5); rule 13, draft rules):

  • Technical: tls 1.3 encryption transit, aes-256 rest, mfa, intrusion detection.

  • Administrative: training, access logs, incident response plan.

  • Physical: iso 27001-compliant facilities.

Quarterly assessments/pen tests; breaches notified to you/board within 72 hours with details/remedies (section 8(6); rule 14). You indemnify us for breaches from your negligence (e.g., credential sharing).

15. Children

Webinar / workshops restricted to 18+; no data from children without verifiable parental consent (section 9; rule 8, draft rules: age-gating, consent verification). Immediate deletion if detected (24 hours).

16. Changes

Updates reflect legal/operational needs; “last updated” revised. Material changes notified 30 days in advance via email/site, with opt-out (e.g., withdrawal). Continued participation binds; non-acceptance terminates access.

17. Additional clauses

  • Severability: if any provision is invalid, others remain enforceable (section 39).

  • No waiver: delay in enforcement not a waiver; must be written.

  • Entire agreement: this is the complete understanding; no oral modifications.

  • Notices: via email to provided address or info@ai-academy-in.com.

  • Governing law: laws of India; exclusive jurisdiction in Gurugram courts (section 36). Disputes resolved via arbitration under arbitration and conciliation act, 1996, before escalating to board/courts.

  • Penalties: non-compliance may attract fines up to INR 250 crore (section 33); we commit to full adherence.

18. Contact

Email: info@ai-academy-in.com
Address: Kumar Enterprises, D 3/26 FF, Exclusive Floors, DLF 5, Gurgaon 122009. India
Phone: +91 98180 16800