Privacy Policy

Last updated: January 2025

1. Introduction

NiSkills (a brand and initiative of SuSAMs),is committed to protecting the privacy and personal data of our users, especially children. This Privacy Policy explains how we collect, use, store, share, and protect your information.

This policy complies with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act) - India
  • Information Technology Act, 2000 - India
  • Children's Online Privacy Protection Act (COPPA) - USA
  • General Data Protection Regulation (GDPR) - EU/UK
  • Protection of Children from Sexual Offences Act (POCSO), 2012 - India (child safety principles)

2. Data Controller

NiSkills (A SuSAMs Initiative)

Data Protection Contact: info@niskills.com

3. Information We Collect

3.1 Information Provided by Parents/Guardians

  • Parent/Guardian name, email address, phone number
  • Child's name, age, grade/class
  • School name (optional)
  • City/Country of residence
  • Preferred language
  • Payment information (processed by third-party gateways; we do NOT store card details)

3.2 Information Collected During Classes

  • Class attendance records
  • NI Assessment responses and scores
  • Class recordings (video and audio)
  • Chat messages during live sessions
  • Student work and project submissions
  • Mentor feedback and progress notes

3.3 Automatically Collected Information

  • IP address and approximate location (country/city level)
  • Browser type, device type, operating system
  • Pages visited, time spent, referral source
  • Cookies and similar tracking technologies (see Section 9)

3.4 Information We Do NOT Collect

  • Aadhaar number or government ID of children
  • Biometric data
  • Precise GPS location
  • Credit/debit card numbers (handled by payment gateway)
  • Social media passwords or private messages

4. Children's Data - Special Protections

Enhanced Protection for Minors

NiSkills recognises that our primary users are children. We apply the highest standards of data protection for all users under 18 years of age.

  • Verifiable Parental Consent: As required by the DPDP Act 2023 (Section 9) and COPPA, we collect children's data only with verifiable parental consent. Enrollment by a parent/guardian constitutes this consent.
  • Minimal Data Collection: We collect only the minimum data necessary to provide educational services to the child.
  • No Behavioural Advertising: We do NOT use children's data for targeted advertising, behavioural profiling, or selling to third-party advertisers.
  • No Social Features: Children cannot publicly share personal information, create public profiles, or communicate with unknown users through our platform.
  • Class Recordings: Video recordings of classes that include children's faces/voices are stored securely, accessible only to enrolled batch members, and automatically deleted after 90 days unless retention is specifically requested.
  • No Marketing Use Without Consent: A child's image, voice, name, or likeness will NEVER be used in marketing materials without separate, explicit, written parental consent. This consent is entirely optional and can be revoked at any time.
  • Right to Deletion: Parents can request complete deletion of their child's data at any time (see Section 7).
  • Mentor Access: Mentors can access only the data necessary for teaching (child's first name, age, grade, progress scores). They cannot access parent contact details, payment information, or recordings outside their assigned batch.

5. How We Use Your Data

Purpose Legal Basis
Providing educational services & classes Contract performance
NI Assessment scoring & progress tracking Contract performance
Communicating class schedules, updates, reports Contract performance
Processing payments & issuing receipts Contract performance
Improving our curriculum & platform Legitimate interest
Sending promotional offers & newsletters Consent (opt-in)
Anonymised analytics & research Legitimate interest
Legal compliance & dispute resolution Legal obligation

6. Data Sharing & Third Parties

We do NOT sell, rent, or trade your personal data. We share data only in these limited circumstances:

Third Party Data Shared Purpose
Payment Gateway (Razorpay) Transaction details Payment processing
Video Platform (Zoom/Meet) Name, email for meeting access Conducting live classes
Cloud Hosting (Microsoft Azure) All platform data (encrypted) Infrastructure & storage
Email Service Provider Email address, name Sending communications
Analytics (Google Analytics) Anonymised usage data Website improvement
Law Enforcement As legally required Legal compliance

All third-party processors are bound by data processing agreements and are required to maintain appropriate security measures.

7. Your Rights

Under the DPDP Act 2023, GDPR, and COPPA, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you or your child.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure (Deletion): Request complete deletion of your/your child's data. We will comply within 30 days, except where retention is required by law.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time. This may affect our ability to provide Services.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or for direct marketing.
  • Right to Restrict Processing: Request restriction of processing in certain circumstances.
  • Right to Nominate: Under DPDP Act, nominate a person to exercise your rights in case of death or incapacity.

To exercise any of these rights, email info@niskills.com with subject line "Data Rights Request". We will respond within 30 days.

8. Data Storage & Security

  • Storage Location: Data is stored on Microsoft Azure servers. Primary storage is in India. Some data may be processed in other regions through our third-party service providers.
  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Strict role-based access. Only authorised personnel can access personal data, and only for legitimate business purposes.
  • Retention Period:
    • Active account data: Retained while account is active + 1 year after termination
    • Class recordings: 90 days from class date (unless extended by request)
    • Payment records: 7 years (as required by Indian tax laws)
    • Marketing consent records: Until consent is withdrawn
    • Anonymised/aggregated data: Indefinitely (cannot identify individuals)
  • Breach Notification: In the event of a data breach affecting your personal data, we will notify you and the relevant Data Protection Board within 72 hours as required by the DPDP Act.

9. Cookies & Tracking

Cookie Type Purpose Can You Disable?
Essential Site functionality, login sessions No (required)
Analytics Understanding site usage (Google Analytics) Yes
Preference Language, theme, currency selection Yes

We do NOT use advertising cookies or retargeting pixels that track children. You can manage cookies through your browser settings.

10. International Data Transfers

  • If you are located outside India, your data will be transferred to and processed in India.
  • For EU/UK users: Transfers are conducted under Standard Contractual Clauses (SCCs) or other approved mechanisms under GDPR.
  • For US users: We comply with COPPA requirements for children's data regardless of processing location.
  • By using our Services, you consent to the transfer of your data to India for processing.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., WhatsApp, YouTube, social media). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

12. Grievance Officer (DPDP Act Compliance)

Grievance Officer

Name: NiSkills Data Protection Team

Email: info@niskills.com

Response time: Within 30 days of receiving a complaint.

If unsatisfied with our response, you may file a complaint with the Data Protection Board of India.

13. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Muzaffarpur, Bihar, India.

This jurisdiction applies regardless of the user's location, nationality, or country of residence.

14. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
  • Material changes will be communicated via email and/or prominent notice on the website at least 15 days before taking effect.
  • The "Last updated" date at the top indicates the most recent revision.
  • Continued use of Services after changes constitutes acceptance.

15. Contact Us

For any privacy-related questions, concerns, or data rights requests:

NiSkills (A SuSAMs Initiative)

Email: info@niskills.com

WhatsApp: +91 90009 42693

Terms of Service ← Back to Home