Harappa Learning Private Limited is a company registered in India with its registered office at N-154 Panchsheel Park New Delhi, South Delhi – 110017, India (referred to herein as “Harappa”, “we”, “our” or “us”). Harappa is a web and mobile based platform which offers curated and specially designed and scripted courses aimed at strengthening foundational skills and building competencies geared towards achieving professional success through its website, https://harappa.education/ (or any successor site) and its related sub-domains, sites, mobile applications and tools accessed through a mobile device, mobile application, computer or any other device (“Website”). The words “you” or “your” or “User” as used herein, refer to all individuals and/or entities browsing, accessing, or using the Website or services for any reason.
PURPOSE & SCOPE
We collect, process, and store your Personal Information, to provide a safe, efficient, and customized experience to our Users accessing the Website. You can browse through the Website without giving any Personal Information about yourself or by creating an account to avail of our services on the Website. These services shall include but not be limited to providing the Users with online pathways, participate in public forums, sign-up for email, calls and SMS, WhatsApp updates, purchase our services. To register and create an account (“Account”), you may be required to provide us with your contact and identity information and other Personal Information as indicated on the Website and complete the registration process. Where possible, we indicate which fields are mandatorily required and which fields are optional. You always have the option to not provide Personal Information by choosing not to use a particular service or feature on the Website unless we require it so. Your Account and Personal Information is protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and Personal Information by selecting and protecting your password appropriately and limiting access to your mobile phone and browser by signing off after you have finished accessing your Account. We advise you to not share login credentials/Account information with anyone to avoid unauthorized access.
This policy control applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees and other third parties who have access to Personal Data available within Harappa.
- LEGAL BASIS OF PROCESSING PERSONAL INFORMATION
We process your Personal Information on the following legitimate basis as also mandated under applicable data protection, data security or privacy laws including but not limited to the Indian Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Data Protection Law”):
1.1 Consent: Processing based on your consent.
1.2 Legitimate interests: Processing, where permitted under Data Protection Law, in furtherance of our legitimate interests to provide and personalise our services to you including our interests to conduct legitimate business activities (such as improving our products and services), to communicate with you, to secure our systems, among other legitimate interests like processing of payment, fraud detection, for the establishment, exercise, or defence of legal claims;.
1.3 Compliance with legal obligations: We may process your Personal Information if necessary for us to comply with any legal obligations arising under any applicable law to which we may be subject.
- TYPE OF INFORMATION WE COLLECT
Following type of Personal Information may be collected by Harappa subject to your interactions with us and the services chosen by you and the applicable laws when you browse or use our Website and when you register as a user to subscribe to our services:
- Title / Gender
- Name & Surname
- Profile Picture
- Contact information like mobile number, postal address and email address
- Educational qualifications
- a username you will use to access the Website;
- all information including user feedback gathered during any correspondence or interaction between you and us via emails, chats, telephone calls, SMSs, WhatsApp messages, posts on public forums etc. collectively referred as User Generated Content/ UGC.
- any detail relating to the above clauses as provided to us for providing service; and any other information required under lawful contract or otherwise.
2.1 Sensitive Personal Information
We collect and process Personal Information categorized as Sensitive Personal Data or Information (“SPDI”)which is the User’s password related information.
Special Category of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade unions memberships, information about your health and genetic and biometric data.
Should we specifically require SPDI in connection with one or more of the uses described in this policy, we will request your explicit consent to use the data in accordance with applicable laws, this Policy and/or in the ways described at the point where you were asked to disclose the SPDI.
Other legal basis for our processing of special category data may include, as permitted by Data Protection Law, for scientific research, for employment, social security or social protection law, for reasons of substantial public interest, or as necessary for the establishment, exercise or defence of legal claims. If you voluntarily share with us or post/upload any “special” or “sensitive” Personal Data to this website for any other reason, you consent that we may use such data in accordance with applicable law and this policy. You can contact our DPO at firstname.lastname@example.org for more information about our processing of your Personal Information.
2.2 Information Automatically Collected/ Acquired Information
2.2.1. Location Information and IP Address: When you access the Website, your IP address is recorded by us. This method ensures smooth operations and protection against attacks and requires the User’s IP address to be saved for the duration of the session. We may be able to determine from an IP address a User’s Internet Service Provider and the geographic location of his or her point of connectivity.
2.2.2. Device Information: We collect information about the apps, browsers, and devices you use to access our website, which helps us provide features like automatic service updates. The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number.
2.2.3. Behavioural Information: We may automatically track, collect, and aggregate certain information about you based upon your behaviour on our Website or while accessing our services. We may use such information to do internal research on our Users’ demographics, interests, and behaviour to better understand, protect and serve our Users. This information is compiled and analysed on an aggregated basis.
You agree, if you send us personal correspondence, such as emails, calls, SMSs (including WhatsApp messages) or letters, or if other users or third parties send us correspondence about your activities or postings on the Website in connection with our Services, we may collect and/or store such information.
2.3 Third-Party Tools:
If you do not wish to have data relating to your visits to our websites collected through Google Analytics, you may opt-out by installing the Google Analytics opt-out browser add-on.
2.4 User Generated Content:
Content added, created, uploaded, submitted, distributed, posted by Users including but not limited to feedback, queries, chats, discussions are collectively referred to as, “User Content”. User is the sole owner and responsible for the authenticity and correctness of all the User Content.
We may use your User Content, in a number of different ways in connection with our services and Harappa’s business as we may determine at our sole discretion. By submitting User Content through the Website, you hereby do and shall grant Harappa a worldwide, non-exclusive, royalty-free, fully paid, sub-licensable (through multiple tiers) and transferable license to use, copy, reproduce, distribute, prepare derivative works of, display, perform, and otherwise fully utilise the User Content in connection with our services and Harappa’s (and its successors and assigns’) business, including without limitation for promoting and redistributing part or all of the Website (and derivative works thereof), publicly displaying it, reformatting it, incorporating it into marketing materials, advertisements and other works, creating derivative works from it, promoting it, distributing it, and allowing other users to do the same in connection with their own websites, media platforms, and applications (“Third Party Media”),
For clarity, the foregoing license grant to Harappa does not affect your other ownership or license rights in your User Content(s), including the right to grant additional licenses to the material in your User Content(s), unless otherwise agreed in writing with Harappa.
When you delete your User Content, they will be removed from the Website. However, you understand that any removed User Content may persist in backup copies for a reasonable period of time (but following removal will not be shared with others) or may remain with users who have previously accessed or downloaded your User Content or may be retained by Harappa for such period as stipulated under law. If you have questions or concerns about the legal basis upon which we collect and use your Personal Information, you can contact us at email@example.com.
3. HOW WE USE YOUR PERSONAL INFORMATION
3.1 Provide, maintain and Customize our Services:
3.2. Improve our Services :
Information collected form your feedback, reviews, ratings you provide, poll questions and surveys including phone interviews you take may be aggregated and analysed by us in order to improve and enhance our services, our Website etc. Participation in these surveys is purely optional. Identity of the survey participants is anonymous unless otherwise stated in the survey.
3.3. Participation in Online pathways, Public Forums and Signing Up for Updates
We use the Personal Information as provided by you for processing purposes, including but not limited to that of following attendance, progress, utilisation and completion of your online subscription. We may also share details regarding your performance in a given online pathway with the instructor/instructors or other designated individuals who assisted you in such content. This will help us modify, alter, and operate the online pathway conveniently. We may also collect student generated content in the form of various assignments, peer-grading feedback, responses related to the pathway data in the form of exams, surveys etc. We may collect or/and store such information as provided by you.
Harappa may offer public forums. We may require your Personal Information if you wish to participate and share your thoughts on these forums. Please keep in mind that such posts as shared by you will be available on our website and/or any related application or platform. We may collect and/or store such information as provided by you on these forums. We may also provide you with updates by either posting such updates on the Website or through letters, emails, calls, SMS, WhatsApp etc.
3.4. Communicate with You
We may also aggregate (gather up data across all Accounts) information and disclose such information in a non-personally identifiable manner to advertisers and other third parties for other marketing and promotional purposes. We don’t share Personal Information that personally identifies you with advertisers, such as your name or contact information, unless you ask us to.
3.6. Services Offered on the Website by Third Parties:
3.7 Aggregated Data
“Aggregated Data” means records that have been stripped of Personal Data and has been manipulated or combined to provide generalised, anonymous information. Your identity and personal information are not available in Aggregated Data. We combine your Personal Data on an anonymous basis with other information to generate Aggregated Data for internal and commercial use and for sharing with affiliates, subsidiaries and business partners for planning and marketing purposes.
3.8 Data protection principles
Where third parties process data on behalf of Harappa we endeavour to obtain assurances from such third parties that your Personal Data will be safeguarded consistently. We understand that it will be accountable for the processing, management and regulation, and storage and retention of all Personal Data held in the form of manual records and on computers.
All Personal Data obtained and held by the Company will:
- be processed fairly, lawfully and in a transparent manner
- be collected for specific, explicit, and legitimate purposes
- be adequate, relevant and limited to what is necessary for the purposes of processing
- be kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay
- not be kept for longer than is necessary for its given purpose
- be processed in a manner that ensures appropriate security of Personal Data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- comply with the relevant laws and procedures for international transferring of Personal Data applicable to us.
3.9. Posting to Public Forums:
Please remember that if you post any of your Personal Information in public forums of the Website, such information may be collected and used by others over whom we have no control. You are to please note that these posts may be made available in the public domain.
- INTERNATIONAL DATA TRANSFER
Our website is primarily operated and managed on servers located and operated within India. However, your Personal Information may also be stored in third party data servers located in other countries where HARAPPA provides its products and services.
HARAPPA engages sub-contractors, service providers and other third parties for facilitating its products, service offerings and to offer support services to you, and your Personal Information may be transferred to servers of such sub-contractors, service providers and other third parties. Depending upon the location of our service providers, your information, including Personal Information, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. Where required under applicable law we will seek your express consent for such transfers. In all other cases, by consenting to this policy, you also provide consent to HARAPPA to transfer your Personal Information to HARAPPA affiliated companies, service providers or any third-party entity in locations around the world. We take steps to ensure that a degree of data protection which is similar to this policy is afforded to such Personal Information transferred. HARAPPA will always ensure transfer of your personal information internationally, will be in accordance with the lawful contract and all applicable legal requirements.
Where Harappa transfers your personal information internationally, we will comply with applicable legal requirements and where required we will enter into a data transfer agreement with the recipient of the personal information, which in the case of European Personal Data may include the Standard Contractual Clauses. In other cases, and where applicable, we shall enter into separate Data Processing Agreements with the third parties / service providers / contractors and such other recipients of Personal Data. Further as the Company takes steps to ensure that transfers of Personal Data to any public authority cannot be massive, disproportionate, and indiscriminate in a manner that would go beyond what is necessary in a democratic society. In the event of conflicts between these and public authority requirements, the company will find a practical solution that fulfils the purpose of this Policy.
- PROCESSING AND STORAGE
Your Personal information is processed and stored on Harappa’s internal servers. Your Personal information is either stored manually or electronically. Any data stored electronically will be stored in secure servers, and any data stored manually will be stored in our premises.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal information, we cannot guarantee the security of data transmitted to our Website and any transmission is at your own risk.
- WITH WHOM YOUR PERSONAL INFORMATION IS SHARED
6.1 We do not rent, sell, or share your Personal Information with other people (save with your consent) or non-affiliated companies except to provide our products or services, or under the following circumstances:
- We will share your Personal Information with our employees and directors who need it to deliver the services, complete your request or carry out your instructions.
- To provide Personal Information to trusted partners who work on behalf of or with us under confidentiality agreements. These entities may use your Personal Information to assist us in providing our services to you and help us communicate with you about offers from us and our marketing partners.
- To respond to summons, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
- From time to time, to reveal general statistical information about our website and visitors, such as number of visitors, number and type of products and services purchased, etc.
- We may combine your Personal Data on an anonymous basis with other information to generate Aggregated Data for internal and commercial use and for sharing with affiliates, subsidiaries and business partners for planning and marketing purposes.
- With Companies in the same group as Harappa.
In addition to the circumstances described above, HARAPPA may disclose User’s Personal Information if required to do so:
- by law, required by any enforcement authority for investigation, by court order or in reference to any legal process.
- to conduct our business.
- for regulatory, internal compliance and audit exercise(s)
- to secure our systems; or
- to enforce or protect our rights or properties of HARAPPA or any or all its affiliates, associates, employees, directors, or officers or when we have reason to believe that disclosing Personal Information of User(s) is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
Any disclosure and storage by any enforcement authority for investigation, by court order or in reference to any legal process may take place without your knowledge. In that case, we shall not be liable to you or any third party for any damages however arising from such disclosure and storage.
- HOW LONG DO WE KEEP YOUR DATA?
We may retain Personal Information for as long as it is necessary. It may be archived as long as we believe that the purpose for which it was used still exists or as necessary for our legitimate business interests or for complying with legal obligations or for a period as mentioned in the applicable laws.
There will be some residual information in anonymised form that shall remain with us within our logs, database, and other records. Such residual information may or may not include Personal Information. Please also note that we shall retain your Personal Information if we require the same for complying with a legal obligation.
Organization and Responsibilities
Harappa will maintain records of data processing as required by the laws.
The ‘Data Protection Officer’ (DPO) has the specific responsibility of overseeing data protection and ensuring that we comply with the data protection principles and relevant legislation. The DPO will ensure that the Data Processing Register is kept up to date and demonstrates how the data protection principles are adhered to by our activities. Individual members of staff have a duty to contribute to ensure that the measures outlined in the Register are accurately reflected in our practice.
Our compliance with relevant policies and regulatory requirements in respect of data protection as part of our Data Management Strategy will be periodically monitored internally by a designated governance group. All employees, volunteers, consultants, partners, or other parties who will be handling Personal Data on behalf of Harappa will be appropriately trained and supervised where necessary.
The collection, storage, use and sharing of Personal Data will be regularly reviewed by the Data Protection Officer, the Governance Group, and any relevant business area. We will adhere to relevant codes of conduct where they have been identified and discussed as appropriate.
Where there is likely to be a high risk to individuals rights and freedoms due to a processing activity, we will first undertake a Data Protection Impact Assessment (DPIA) and consult with the relevant supervisory authority prior to processing, if necessary.
- DATA SECURITY
We endeavour to safeguard your Personal Information under our control by adhering to strict security measures and best practises to prevent loss, misuse or unauthorized access of data. Harappa is ISO 27001:2013 (ISMS) Certified and GDPR Compliant.
All the Personal Information is collected, stored, and processed as per the Data Protection Laws. Personal Information of the Users residing outside India is collected stored and processed as per the data protection laws in their respective jurisdictions such as EU General Data Protection Regulation 2016/679 (the “GDPR”) to the extent possible in consonance with the Indian Data Protection Laws as mentioned above.
Harappa will ensure that appropriate technical and organizational measures are in place, supported by privacy impact and risk assessments, to ensure a high level of security for Personal Data, and secure environment for information held both manually and electronically.
Harappa implements appropriate security measures designed to prevent unlawful or unauthorized processing of personal information and accidental loss of or damage to personal information. Harappa maintains written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures assign specific data security responsibilities and accountabilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your personal information.
In addition, as part of its organizational security measures, employees at Harappa must:
- ensure that all files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
- ensure that all files or written information of a confidential nature are not left where they can be read by unauthorised people
- check regularly on the accuracy of data being entered into computers
- always use the passwords provided to access the computer system cautiously and such access should not be circulated, unless absolutely necessary
- use computer screen blanking to ensure that Personal Data is not left on screen when not in use.
Personal Data should not be kept or transported on laptops, USB sticks, or similar devices, unless authorised by [insert details]. Where Personal Data is recorded on any such device it should be protected by:
- ensuring that data is recorded on such devices only where absolutely necessary
- using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
- ensuring that laptops or USB drives are not left lying around where they can be stolen.
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
We also take steps to ensure that our service providers, contractors and other third parties maintain similar level of data protection measures when processing your Personal Data. While we strive to secure your Personal Data, please note that 100% security of Personal Data cannot be guaranteed and that Harappa shall not be liable for any misuse or loss of Personal Data carried out by third party cloud service provider.
- CHILDREN’S PRIVACY
Harappa does not engage in the collection, processing, storage, use, dissemination, and transfer of Personal Information of children. We do not knowingly collect personal information online from children under legal age (18 years in India), depending on the jurisdiction/ country concerned. If a child/ minor has provided us with the Personal Information online such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. In the event HARAPPA becomes aware that the User is a minor or below the legal age to consent in the jurisdiction concerned, HARAPPA reserves its right to terminate all services to such User/ Account without any prior notice.
In case such a collection becomes necessary for the performance of our contractual obligations, or when required under the concerned law, we shall notify you in a time-bound and appropriate manner, informing the purposes and reasons for such collection and seek your explicit consent, and where applicable, parental authorization, prior to the processing of such data.
We will take appropriate steps to delete any Personal Data of children’s that has been collected on our website without verified parental consent upon learning of the existence of such Personal Data, subject to conditions stipulated in the laws of applicable jurisdiction.
- RIGHTS AVAILABLE TO THE USER
Some jurisdictions have provided individuals with certain rights in relation to the processing of their Personal Data. This is the case where you or the any of our subsidiaries or affiliates with which you interact is located in the European Union, though these rights may be available in other jurisdictions as well. These rights are not available to everyone, and they do not necessarily apply in all contexts. Depending on applicable law, you may have the right to:
- You have a right to access and rectify the record of your Personal Information maintained by the Harappa if it is inaccurate.
- You have a right for erasure /deletion of your data. On receipt of deletion request, Harappa shall delete all information pertaining to you/ your account barring the invoice which will be retained by Harappa for accounting and audit purpose. User further acknowledges that post deletion Harappa will not be able to share any User detail including the ‘Course Completion Certificate’ neither will it be able to continue providing the desired services.
- You have the right to withdraw your consent in relation to any SPDI you may have provided to Harappa.
- You have the right to object, at any time to processing if you have concerns that Harappa is using your data for direct marketing purposes.
- You have a right to restrict processing. If the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of their use instead.
- When technically feasible, Harappa will, at your request, provide your Personal Information to you or transmit it directly to another controller.
- You may also request additional information about the purpose of the processing; the categories of Personal Information concerned; who else outside the Harappa might have received the data from Harappa; what the source of information was; and how long it will be stored.
If access cannot be provided within a reasonable time frame, Harappa will provide you the additional information at the earliest possible.
In the event you wish to exercise any of the above-mentioned rights, you may send your written request firstname.lastname@example.org
Please note that certain conditions in relation to processing of your rights, will vary as many countries have varying data privacy rights. Our response and further processing of request to exercise these rights will depend upon the law applicable in relation to the rights exercised by you. We may refuse requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, may compromise and ongoing investigation, or are impractical. It is our policy to never discriminate against you for exercising any of these rights.
You may have the right to complain to a data protection authority about our processing of your Personal Data. For more information, please contact your local data protection authority.
- Use of this website and our Terms of Service
- Data Controller/ Company Details
The “Data Controller” (i.e., Harappa) means the entity that will make the decisions about how your data is used and that is responsible for deciding how it holds personal information about you.
Since Harappa is made up of different legal entities, the entity that will be the controller for your data is dependent on the situation where your Personal Data is collected.
- Breach notification
Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the relevant supervisory authority within 72 hours of the Company becoming aware of it and may be reported in more than one instalment. Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual. If the breach is sufficient to warrant notification to the public, the Company will do so without undue delay.
- Conflicts of Law
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.
- THE OPT-OUT PRACTICE
If you are no longer interested in receiving email announcements and other marketing information from us, or you want us to remove any personal information that we have collected about you, you can opt-out anytime by sending an e-mail about your request to email@example.com Or firstname.lastname@example.org
- GRIEVANCE OFFICER AND CUSTOMER SUPPORT
Grievance Officer: Mr. Gaurav Minhas
Email Id: email@example.com
DPO: Ms. Mamta Swaroop
Email Id: firstname.lastname@example.org