1.1. Individual Learning Limited (" Embibe" or " we " or " us"), offers the mobile application and any service availed by you through the App, conditioned upon your acceptance of the terms and conditions contained in Embibe's Terms of Service as available on its website (https://www.embibe.com/tos), this privacy policy ( "Privacy Policy")and any other policies and notices specified by Embibe from time to time.
1.2. This Privacy Policy describes how we collect, use, disclose, transfer, store and otherwise process personal information of users of our Platform worldwide, including where applicable under the EU and UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), Brazil's Lei Geral de Proteção de Dados ("LGPD"), India's applicable data protection laws, South Africa's Protection of Personal Information Act ("POPIA"), China's Personal Information Protection Law ("PIPL") and other applicable privacy laws. This Privacy Policy also takes into account applicable data protection and child safety laws in the United Arab Emirates and other Middle Eastern jurisdictions that adopt similar principles (such as the UAE Personal Data Protection Law and child digital safety rules), where they apply to our processing activities.
1.3. Embibe respects your privacy and is committed to protecting your personal information. We process personal information in a lawful, fair and transparent manner, and only for specified, explicit and legitimate purposes. Please note that:
1.4. If you are a resident of certain jurisdictions (for example, the European Economic Area, the United Kingdom, California, Brazil, South Africa or China), additional jurisdiction-specific terms may apply to you. Where there is any conflict between those jurisdiction-specific terms and the rest of this Privacy Policy, the jurisdiction-specific terms will prevail for users in that jurisdiction.
We collect personal information only where we have a lawful basis to do so (for example, to perform a contract with you, with your consent, to comply with a legal obligation, or where we have a legitimate interest that is not overridden by your rights).
2.1. Traffic Data - we automatically track and collect the following categories of information as and when required when you use the platform, IP addresses; domain name servers; time spent on each screen; responses to questions; the app is in the foreground or background; recording of live classes, videos uploaded and any other information on the lessons performed on our platform; recording of in-class chats, discussions, processes, conversations, feedback or events on our course; school calendar; and other information concerning your device, the interaction of your device with the platform and applications. Depending on the jurisdiction and specific context, some of this information may be considered personal data or personal information if it can be linked to you or your device.
2.2. Personal Data - we may require you to provide us with certain information that personally identifies you. We categorise the information as - Contact Information (such as your email address, password, postal address, postal code, phone number and any details of your contacts), Financial Information (such as bank account or credit card or debit card or any other payment information). Information provided by parents/guardians in case of a child less than 18 years of age. Any information provided by school admins for School, its students and teachers during onboarding. Any information received through your access to any other social media platform (Facebook, Google, etc.) integrated with Embibe. "Personal data" or "personal information" means any information about an identified or identifiable individual. Anonymous or deidentified data that cannot reasonably be associated with you is not considered personal data.
2.3. Special Categories and Sensitive Data - We do not intentionally collect any special categories of personal data about you (such as information revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, data concerning health or data concerning a person's sex life or sexual orientation), nor information about criminal convictions and offences, unless required by law or provided by you with your explicit consent and subject to appropriate safeguards.
2.4. Under certain laws (including Indian law and some other jurisdictions), financial information, account passwords and authentication credentials may be considered "sensitive personal data" or "sensitive personal information". We apply heightened safeguards to such information as required by applicable law.
2.5. International Transfers - The Platform may transfer your information to our internal systems and to service providers and partners located in countries other than your own, including countries that may not provide the same level of data protection as your home jurisdiction. Where required by law, we implement appropriate safeguards such as standard contractual clauses or other legally recognized transfer mechanisms, and we ensure that recipients are subject to contractual obligations to protect your personal data.
We use different methods to collect data from and about you including through:
3.1. Direct interactions. You may give us your identity, contact and financial data by filling in forms or corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: create an account on our Platform; subscribe to our service or publications; request marketing content to be sent to you; enter a competition, promotion or survey; or give us feedback or contact us.
3.2. Automated technologies or interactions. As you interact with our platform, whether or not you are a registered member, we will automatically collect technical data about your equipment, browsing actions and patterns. Cookies are small text files constituting alphanumeric numbers used to collect the information about the Platform activity. These cookies help us analyse web traffic and help you by customising the Platform to your preferences. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. Some features and services may not function properly if your cookies are disabled. We also collect personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Where required by law (for example, in the EU/UK), we will seek your consent before using non-essential cookies or similar technologies.
3.3. Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources either within India or from various other regions as set out below: Technical data from the following parties: analytics providers such as Google; advertising networks; search information providers using YouTube data API for serving the content please refer Google Privacy Policy and YouTube Terms of Service; Contact, financial and transaction data from providers of technical, payment and delivery services based in India or abroad; Identity and contact data from data brokers or aggregators; Identity and contact data from publicly available sources.
4.1. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we rely on to process your personal data where more than one ground has been set out in the table below.
Most commonly, we will use your personal data for the following purposes:
| Purpose/Activity | Type of Data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer on the Embibe Platform | Identity | Performance of a contract with you |
| To verify your identity when you use the Platform and when you make submissions on the Platform. | Contact | Consent |
| To improve your experience, for example, to improve our services to you, including updating, enhancing operations and functionality of our platform features, to improve and customise the platform for ease of use. | ||
| To improve the functionality of the personalised learning experience. | ||
| To process and deliver your order, including | Identity | Performance of a contract with you |
| (a) Manage payments, fees and charges | Contact | Necessary for our legitimate interests (to recover debts due to us) |
| (b) Collect and recover money owed to us | Financial | Consent |
| Transaction | ||
| Marketing and Communications | ||
| To manage our relationship with you which will include: | Identity | Performance of a contract with you |
| (a) Notifying you about changes to our terms or privacy policy | Contact | Necessary to comply with a legal obligation |
| (b) Asking you to leave a review or to take a survey | Profile | Necessary for our legitimate interests (to keep our records updated and analyze how customers use our products/services) as well as to enhance our products/services and grow our business. |
| (c) Communicating with you, in particular about types of classes or courses relevant to your interests and to suit your needs. | Marketing and Communications | |
| To administer and protect our business and the platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | Identity | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network and cyber security, to prevent fraud and |
| Contact | Also in the context of a business reorganization or group restructuring exercise) | |
| Device and IPs | Necessary to comply with legal obligation | |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | Identity | Necessary for our legitimate interests (to analyse how customers use our products/services, to develop them, to grow our business and for our marketing strategy) |
| Contact | ||
| Profile | ||
| Usage | ||
| Marketing and Communications | ||
| Device, IPs, Network | ||
| To use data analytics to improve our platform, products/services, marketing, customer relationships and experiences | Device, IPs, Network | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| Usage | ||
5.1. We may share the information collected:
5.2. We also assure that the data provided by schools while being onboarded regarding the Student name and other such information will be kept confidential and can only be accessed by employees of Embibe only who are authorized to have access to it.
5.3. We will retain your personal data only for as long as reasonably necessary to fulfill the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation over our relationship with you.
5.4. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
5.5. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) as prescribed by the statutory provisions.
5.6. In some circumstances you can ask us to delete your data: for further information, see your legal rights below.
5.7. In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
5.8. We have adopted reasonable security practices and procedures, in line with international standard IS/ISO/IEC 27001, to include strategic, operational, managerial, technical, and physical security controls to safeguard and protect your data and information. We have implemented such measures, as stated above, to protect against unauthorized access to and unlawful interception of Personal Information. Additionally, we have adopted measures to ensure that your personal information is accessible to our employees or partner's employees strictly on the need to know basis.
5.9. Our website, applications, portals, and network equipment have industry-standard security precautions in place to protect against the loss, misuse and alteration of information which is in our environment. Whenever you change or access your account information, we facilitate the use of secure systems. The information in our custody and control is protected by adherence to reasonable security procedures in order to safeguard against unauthorized access. We apply encryption or other appropriate security controls to protect Personal Information when stored or transmitted by us.
6.1. Individual Learning Limited is the controller of the data collected and is responsible for safeguarding your personal data.
6.2. If you have any questions about this privacy policy or our privacy practices, please reach us by email at [email protected]
Or
by mail to
Attn: Legal Team
Individual Learning Limited,
First Floor, No.150, Towers B, Diamond District,
Old Airport Road, Kodihalli, Bengaluru - 560008, Karnataka.
For privacy practice suggestions and escalations, you may reach us at:
Name: Rajunaik Mude
Email: [email protected]
6.3. Your Rights.
6.3.1. Depending on your jurisdiction and subject to applicable law, you may have some or all of the following rights in relation to your personal data:
6.3.2. Right of access to your personal data and to receive a copy of the information we hold about you.
6.3.3. Right to rectification of inaccurate or incomplete personal data.
6.3.4. Right to deletion/erasure of your personal data in certain circumstances ("right to be forgotten").
6.3.5. Right to restriction of processing in certain circumstances.
6.3.6. Right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services, in a structured, commonly used and machine readable format, where technically feasible.
6.3.7. Right to object to certain processing, including where we rely on legitimate interests or use your data for direct marketing.
6.3.8. Right to withdraw consent at any time where we rely on your consent for processing (without affecting the lawfulness of processing before withdrawal).
6.3.9. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless certain conditions are met.
6.3.10. Additional rights under local law (for example, rights for California residents under CCPA/CPRA, such as the right to opt out of the "sale" or "sharing" of personal information, the right to limit use and disclosure of sensitive personal information, and the right not to be discriminated against for exercising privacy rights).
6.4. We may need to verify your identity before responding to your request. In some cases, we may be unable to fully comply with your request, for example, where it would conflict with legal obligations or the rights of other individuals. Where we act as a processor or service provider on behalf of a school or other institution, we may direct you to that institution to exercise your rights.
6.5. Children's Privacy. Our services may be used by children (for example, students) under the supervision of parents, guardians or schools. Where required by law, we obtain consent from a parent, guardian or school before collecting personal data from children below the relevant age threshold in your jurisdiction. If you are a parent or guardian and believe we have collected personal data from your child without appropriate consent, please contact us so that we can take appropriate action.
6.6. Complaints. You have the right to make a complaint at any time to the data protection authority or other competent supervisory authority in your country or region. We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority, so please consider contacting us first.
6.7. Third Party Websites and Services. Our Platform may include links to third-party websites, content, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
UAE and Middle East Addendum
If you are located in the United Arab Emirates or in another Middle Eastern country with similar data protection rules: