1. Introduction
upGrad Enterprise (a B2B offering together with its parent company,upGrad Education Private Limited, subsidiaries, and international affiliates, hereinafter “upGrad Rekrut,” “Rekrut”, “us,” “we,” or “our” or “the Company”) is committed to the security and management of personal data. In doing so, it is essential that people’s privacy is protected through the lawful and appropriate means for handling personal data. Therefore, we have implemented this privacy policy (hereinafter referred to as ‘‘policy’’).
This Policy has been updated to comply with the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”), and the General Data Protection Regulation (“GDPR”)
2. Aim
This policy is aimed at providing individuals notice of the basic principles by which the company processes the personal data of individuals (“Personal Data/Personal Information”) who visits, uses, deals with and/or transact through the website/platform and includes a guest user and browser (hereinafter ‘you’, ‘user’).
3. Purpose and Scope
The purpose of this policy is to describe how upGrad Rekrut,” collects, uses, and shares information about you through our online interfaces (www.upgrad-rekrut.com) ([PK1] hereinafter the “website”). This policy is also designed to provide information on how upGrad Rekrut ensures data security, conducts data transfers and processes requests from data subjects. This policy control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees and other third parties who have access to Personal Data available within upGrad Rekrut. The company is also committed to ensuring that its employees conduct themselves in line with this and other related policies. Where third parties process data on behalf of upGrad Rekrut, the Company endeavours to obtain assurances from such third parties that your Personal Data will be safeguarded consistently.
4. Information Collection
We collect the following personal information from users who express interest in our services, primarily through our website:
a) Full Name
b) Email Address
c) Phone Number
d) Company Name
e) Designation
f) Information about your interactions with customer service and maintenance interactions with us.
g) Your preferences in receiving marketing information from us
h) Your communication preferences
5. Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
Furthermore, we may allow third-party advertising companies (such as Facebook, Google, Twitter, Quora and Bing) to place cookies on our website. These cookies enable such companies to track your activity across various sites where they display Ads and record your activities, so they can show Ads that they consider relevant to you as you browse the Internet. These cookies store information about the content you are browsing, together with an identifier linked to your device or IP address.
How do we use cookies?
upGrad uses cookies in a range of ways to improve your experience on our website, including:
a) To recognise our website users and to enhance user experience when interacting with our website
b) We moreover use cookies to help us analyse the use and performance of our website and services
c) We also use cookies to improve the delivery and value of various services and products offered by us.
What types of cookies do we use?
There are a few different types of cookies; however, our website uses:
a) Persistent Cookies. We use persistent Cookies to improve your experience of using the Sites. This includes recording your acceptance of our Cookie Policy to remove the cookie message that first appears when you use the Sites.
b) Session Cookies. Session Cookies are temporary and deleted from your machine when your web browser closes. We use session Cookies to help us track internet usage as described above.
c) Analytical/Performance Cookies. Analytical cookies allow us to recognise and count the number of visitors and see how many visitors move around our website while they are using it. This helps us improve the way our website works, for example, by ensuring users find what they are looking for.
d) Functionality Cookies. Functionality Cookies recognise when you return to the website. This enables the company to create greater content for you and remember your likes and dislikes and other preferences.
e) Targeting Cookies. Targeting Cookies records the visit to our website, the pages navigated to, and the links clicked upon. It helps to formulate information relevant to the user’s area of interest.
How to manage cookies?
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser and from version to version. Disabling some cookies from the website, may have a negative impact and may result in the non-availability of some features.
If you want to remove previously stored Cookies, you can manually delete the Cookies at any time. However, this will not prevent the Sites from placing further Cookies on your device unless and until you adjust your Internet browser setting as described above.
You can however obtain up-to-date information about blocking and deleting cookies via these links:
https://support.google.com/chrome/answer/95647 (Chrome)
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox)
https://www.opera.com/help/tutorials/security/cookies/ (Opera) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer)
https://support.apple.com/kb/PH21411 (Safari)
These opt-out mechanisms rely on cookies to remember your choices. If you delete your cookies, use another computer or device, or change browsers, you will need to repeat this process. In addition, opting out of interest-based ads will not opt you out of all ads, but rather only those ads that are personalized to your interests.
6. Data protection principles
We adhere to the following data protection principles for all processing of Personal Data. These principles reflect our legal obligations under applicable laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act), the General Data Protection Regulation (GDPR);
a) be processed fairly, lawfully and in a transparent manner
b) be collected for specific, explicit, and legitimate purposes
c) be adequate, relevant and limited to what is necessary for the purposes of processing
d) be kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay
e) not be kept for longer than is necessary for its given purpose
f) be processed in a manner that ensures appropriate security of Personal Data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) comply with the relevant laws and procedures for international transferring of Personal Data applicable to us.
7. Legal basis for processing your Personal Data
Certain jurisdictions require that we have a lawful basis to justify our processing of your Personal Data.
Where applicable, the lawful basis that upGrad Rekrut relies upon to justify a particular processing activity may differ from the lawful basis used to justify a different processing activity.
upGrad Rekrut relies on the following lawful basis to process Personal Data, as permitted under applicable law:
a) Processing necessary for the negotiation, execution, or performance of contracts
b) Processing to comply with legal and regulatory obligations
c) Processing in furtherance of our legitimate interests, including our interests to conduct legitimate business activities (such as improving our products and services, to communicate with you, to secure our systems, among other legitimate interests)
d) Processing necessary to protect vital interest of a user or any other natural person
e) Processing necessary for public interest
f) Processing based on your consent
8. Consent
We may obtain your consent to collect and use certain types of Personal Data when we are required to do so by law.
Once consent is obtained from the individual to use his or her information for those purposes, upGrad Rekrut has the individual’s explicit consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
Consent may also be implied where a user is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new services or products, and the client, customer, member does not opt-out.
Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), individuals can withhold or withdraw their consent for upGrad to use their personal information in certain ways.
Further, by using this website/ acknowledging this privacy policy / by voluntarily providing us with your Personal Data, you consent to collection, storage, and processing of your Personal Data in accordance with this privacy policy and our Terms of Service.
If you refuse or withdraw your consent, or if you choose not to provide us with any required Personal Data, we may not be able to provide you the services that can be offered on our Platform.
9. Advertising and Marketing
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or if you provided us with your details and expressly consented to receiving that marketing.
We may use your Personal Identification, Identity, Contact, Electronic and User generated Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
We also enter into agreements with third parties to serve Ads on our behalf across the internet, social networking sites and blogs. These third parties may collect Personal Data about your visits to our platform and your interactions with our products and use this information to target advertisements for goods and services. By consenting to this Policy you explicitly agree and consent to the collection of such additional information by these third parties.
Where electronic direct marketing communications are being sent, you have the option to opt-out in each communication sent, and this choice will be recognised and adhered to by us. We may use your personal information for marketing and advertising.
10. Data subject rights
Some jurisdictions have provided individuals with certain rights in relation to the processing of their Personal Data. This is the case where you or the any of our subsidiaries or affiliates with which you interact is located in the European Union, though these rights may be available in other jurisdictions as well. These rights are not available to everyone, and they do not necessarily apply in all contexts. Depending on applicable law, you may have the right to:
a) Request access to your Personal Data.
b) Request correction of your Personal Data (should your Personal Data be inaccurate, incomplete, or obsolete).
c) Request deletion of your Personal Data
d) Withdraw your consent to processing (where we processed Personal Data on the basis of your consent). Please note that withdrawing your consent applies only to future processing activities.
e) Object to the processing of your Personal Data.
f) Request restrictions on the processing of your Personal Data.
g) Request the transfer of your Personal Data to you or a third party.
h) Opt-out of certain transfers to third parties.
i) Request to opt out of automated decision making.
Additional DPDP right: nominate a representative to exercise rights in case of death/incapacity.
To exercise a right that you believe you may be entitled to under applicable law, please write to us at dpo@upgrad.com.
We may need to verify your identity before we fulfil your request.
Please note that certain conditions in relation to processing of your rights, will vary as many countries have varying data privacy rights. Our response and further processing of request to exercise these rights will depend upon the law applicable in relation to the rights exercised by you. We may refuse requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, may compromise and ongoing investigation, or are impractical. It is our policy to never discriminate against you for exercising any of these rights.
You may have the right to complain to a data protection authority about our processing of your Personal Data. For more information, please contact your local data protection authority.
11. Our Policy on Children’s Data
We do not knowingly collect personal data of children.
Children’s data privacy is important to us. Our Sites are not intended for children Age to constitute a user as children is different for different jurisdictions. The age (for valid consent) of children varies across jurisdictions. For example, under GDPR child is a person aged 16 years or below, and in United Kingdom, children is someone who is aged 13 , in case of Singapore and Qatar the valid age for providing consent is 18 years.
As a general policy, our company does not engage in the collection, processing, storage, use, dissemination, and transfer of Personal Data of children.
In case such a collection becomes necessary for the performance of our contractual obligations, or when required under the concerned law, we shall notify you in a time-bound and appropriate manner, informing the purposes and reasons for such collection and seek your explicit consent, and where applicable, parental authorization, prior to the processing of such data.
We will take appropriate steps to delete any Personal Data of children’s that has been collected on our website without verified parental consent upon learning of the existence of such Personal Data, subject to conditions stipulated in the laws of applicable jurisdiction.
We do not knowingly collect data from children under the age thresholds applicable by law (16 under GDPR, 18 under DPD). For DPDP, verifiable parental consent will be sought before processing the personal data of children.
12. Data Security
upGrad Rekrut will ensure that appropriate technical and organizational measures are in place, supported by privacy impact and risk assessments, to ensure a high level of security for Personal Data, and secure environment for information held both manually and electronically.
upGrad Rekrut implements appropriate security measures designed to prevent unlawful or unauthorized processing of personal information and accidental loss of or damage to personal information. upGrad Rekrut maintains written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures assign specific data security responsibilities and accountabilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your personal information.
In addition, as part of its organizational security measures, employees at upGrad Rekrut must:
a) ensure that all files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
b) ensure that all files or written information of a confidential nature are not left where they can be read by unauthorised people
c) check regularly on the accuracy of data being entered into computers
d) always use the passwords provided to access the computer system cautiously and such access should not be circulated, unless absolutely necessary
e) use computer screen blanking to ensure that Personal Data is not left on screen when not in use.
f) Personal Data should not be kept or transported on laptops, USB sticks, or similar devices, unless authorised by relevant stakeholders. Where Personal Data is recorded on any such device it should be protected by:
g) ensuring that data is recorded on such devices only where absolutely necessary
h) using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
i) ensuring that laptops or USB drives are not left lying around where they can be stolen.
j) Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
We also take steps to ensure that our service providers, contractors and other third parties maintain similar level of data protection measures when processing your Personal Data. While we strive to secure your Personal Data, please note that 100% security of Personal Data cannot be guaranteed and that upGrad shall not be liable for any misuse or loss of Personal Data carried out by third party cloud service provider.
13. Purpose of Data Collection
Apart from the purposes stated herein, we collect and process this information for the following lawful purposes:
a) Full Name: To personalize our communication and ensure accurate identification of individuals with whom we interact.
b) Email Address and Phone Number: To communicate with users regarding their interest in our services, including scheduling demos or consultations.
c) Company Name: To gain insights into users’ organizational context and requirements, facilitating tailored services.
d) Designation: To understand users’ roles within their organizations, aiding in the customization of our interactions and services.
Upon submission of the lead form, the provided information is securely stored on our AWS account. Read more here ________________[PK2]
14. Disclosure of Data
upGrad Rekrut is part of a global company upGrad Education Private Limited, and may share the personal information collected or provide such access to other companies within the upGrad group. Examples of third parties with whom upGrad may share Personal Data includes:
- With government bodies, including tax and social security authorities, to comply with applicable laws (including employment and tax laws), to obtain licenses or approvals, and upon request during an audit or assessment;
- With suppliers, subcontractors, any recruitment agency and service providers, to maintain an efficient and commercially viable business, including technology, telecom, internet providers;
- With professional advisers, consultants, and employment and recruitment agencies, to conduct background verification and reference checks, administer benefits and payroll, deal with disciplinary and grievance issues and maintain emergency contact details;
- With our legal advisors and external auditors for legal advice and to conduct business audits;
- With service providers for business continuity management and contingency planning in the event of business disruptions.
- With certain companies in order to establish a membership to participate in digital wallets, payment services or rewards programmes
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. By submitting your details, you explicitly agree and consent to the collection of such additional information by these third parties.
In addition to the examples cited above, upGrad also shares your Personal Data with:
| Recipients | Category(ies) of Personal Data we share | Why we share it |
| Service Providers | Personal Identification DataPersonal Characteristics DataContact DataUser generated dataFinancial DataElectronic Identification DataData generated from inquiresMarketing Data | We provide access to or share your information with operations and maintenance contractors and other third parties who perform services on our behalf strictly on confidential terms. They provide a variety of services to us, including billing, sales, marketing, test proctoring, couriers, mentoring, recruitment consulting, product content and features, advertising, analytics, research, customer service, data storage, security, fraud prevention, credit facilities, payment processing and legal services. Such third parties may also collect additional information to serve you better. By submitting your details, you explicitly agree and consent to the collection of such additional information by these third parties. |
| Third Parties | Personal Identification DataPersonal Characteristics DataContact DataUser generated dataFinancial DataElectronic Identification DataData generated from inquiresMarketing DataEducation and Recruitment DataBehavioural Data | we share certain Personal Data and materials with third parties including, but not limited to, service providers such as Facebook or WhatsApp in order to provide you services that you have requested or services that upGrad group providesto arrange and provide networking activities . may share information that can be used to directly contact you with recruiting organisations for opportunities that may be of interest to you.To third party business partners |
| Recruitment Service providers Recruitment agencyPotential employersSponsors Scholarship Providers | Personal Identification DataPersonal Characteristics DataContact DataUser generated dataEducation and Recruitment Data | We may share your Personal Data with potential employers, recruitment agencies, sponsors, and scholarship providers for the purpose of enabling employment, internship, sponsorship, or learning opportunities that align with your profile and career goals. Such sharing is an inherent part of our business operations as a recruitment and talent-matching platform, allowing us to connect candidates with organizations seeking relevant skills and qualifications. All third parties are required to handle your data in accordance with applicable data protection laws and to use it solely for the intended recruitment or engagement purposes. By submitting your details, you explicitly agree and consent to the collection of such additional information by these third parties. |
| Associate and Business Transfers | Personal Identification DataPersonal Characteristics DataContact DataUser generated data | We share your Personal Data with our associates for business purposes. upGrad Rekrut may disclose and/or transfer your Personal Data to an acquirer, assignee or other successor entity in connection with a sale, merger, or reorganisation of all or substantially all of the equity, business or assets of upGrad to which your Personal Data relates |
15. Retention of Personal Data
We retain your Personal Data, not longer than necessary for the purposes for which it was collected. The length of time to retain Personal Data depends on the purposes for which we collect and use it and/or as may be required to comply with applicable laws, to establish, exercise, or defend our legal rights.
The users can exercise their rights enumerated herein. Also, if in case required to extend the period of retention of such data, we shall obtain your consent for the same. Further, we may also dispose the data prior to completion of the period of retention, if the purpose for which it was collected is exhausted.
16. Procedures
The Company has taken the following steps to protect the Personal Data of relevant stakeholders, which it holds or to which it has access:
a) it appoints or employs employees with specific responsibilities for the processing and controlling of data with comprehensive reviewing and auditing of its data protection systems and procedures and overviewing the effectiveness and integrity of all the data that must be protected.
b) there are clear lines of responsibility and accountability for these different roles.
c) it provides its employees with information and training to make them aware of the importance of protecting Personal Data, to teach them how to do this, and to understand how to treat information confidentially
d) it can account for all Personal Data it holds, where it comes from, who it is shared with and also who it might be shared with
e) it carries out risk assessments as part of its reviewing activities to identify any vulnerabilities in its Personal Data handling and processing, and to take measures to reduce the risks of mishandling and potential breaches of data security. The procedure includes an assessment of the impact of both use and potential misuse of Personal Data in and by the Company
f) it recognises the importance of seeking individuals’ consent for obtaining, recording, using, sharing, storing and retaining their Personal Data, and regularly reviews its procedures for doing so, including the audit trails that are needed and are followed for all consent decisions. The Company understands that consent must be freely given, specific, informed and unambiguous. The Company will seek consent on a specific and individual basis where appropriate. Full information will be given regarding the activities about which consent is sought. Relevant individuals have the absolute and unimpeded right to withdraw that consent at any time
g) it has the appropriate mechanisms for detecting, reporting and investigating suspected or actual Personal Data breaches, including security breaches. It is aware of its duty to report significant breaches that cause significant harm to the affected individuals to the relevant supervisory authority, and is aware of the possible consequences
h) it is aware of the implications international transfer of Personal Data internationally.
17. External Links on our website
For your convenience we may provide links to sites operated by organizations other than upGrad Rekrut (“Third Party Sites”) that we believe may be of interest to you. We do not disclose your Personal Data to these Third-Party Sites unless we have a lawful basis on which to do so. We do not endorse and are not responsible for the privacy practices of these Third-Party Sites. If you choose to click on a link to one of these Third-Party Sites, you should review the privacy policy posted on the other websites to understand how that Third-Party website collects and uses your Personal Data.
upGrad Rekrut uses YouTube API Services to play YouTube videos. When a YouTube video is played, the app communicates directly with the content provider (YouTube) and not with upGrad Rekrut. Users of the app should be aware of the Google Privacy Policy available at https://policies.google.com/privacy, which states how YouTube treats user data. upGrad Rekrut does not have any record of the videos watched or any other user related YouTube API data.
We take no responsibility for the content or practices of any third-party services in the Third Party Sites.
We encourage you to carefully review the terms of services/use of any third-party services or Third Party Sites you access.
18. Use of this website and our Terms of Service
This website is the property of the upGrad. Our Terms of Use (also known as “Terms of Service” or “Terms and Conditions”) and this Privacy Policy collectively govern the use of the website and the services offered by upGrad. This Privacy Policy shall form a part of the Terms by way of reference. By using this website and the information offered herein, you indicate your acceptance of these Terms of Use.
19. Use of this website and our Terms of Service
This website is the property of the upGrad Rekrut. Our Terms of Use and this Privacy Policy collectively govern the use of the Platform and the Programs offered by upGrad. This Privacy Policy shall form a part of the Terms by way of reference. By using this website and the information offered herein, you indicate your acceptance of these Terms of Use.
20. Updates to this policy
We may update our Privacy Policy from time to time. We will take reasonable steps to inform all upGrad entities, Customers, Business Partners, and other data subjects affected by the revisions by posting the new Privacy Policy on this page and/or via email.
21. Data Controller/ Company Details
The “Data Controller” (i.e., upGrad Rekrut) means the entity that will make the decisions about how your data is used and that is responsible for deciding how it holds personal information about you.
Since upGrad Rekrut is made up of different legal entities, the entity that will be the controller for your data is dependent on the situation where your Personal Data is collected.
22. Data Protection Officer
The company, in accordance with the applicable laws, and all applicable rules made thereunder, has appointed a Data Protection Officer; who can be reached at the details below:
Name: Mr. Raj Dogra
Email Address: dpo@upgrad.com
23. Breach notification
Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the relevant supervisory authority within 72 hours of the Company becoming aware of it and may be reported in more than one instalment. Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual. If the breach is sufficient to warrant notification to the public, the Company will do so without undue delay.
24. Conflicts of Law
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.
25. International Data Transfers
While we do not currently engage in international data transfers, users are informed that their data may be stored on servers located outside their country of residence, such as those operated by AWS.
Our website is primarily operated and managed on servers located and operated within India. However, owing to the global nature of upGrad Rekrut, your Personal Data may also be stored in third-party data servers located in other countries where upGrad Rekrut provides its products and services.
upGrad Rekrut engages sub-contractors, service providers, and other third parties to facilitate our products, service offerings, and to offer support services to you, and your Personal Data may be transferred to servers of such sub-contractors, service providers, and other third parties. Depending upon the location of our service providers, your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Further, your Personal Data may be transferred, disclosed, and transferred between various upGrad group companies where such transfers are required for legitimate business reasons.
Where required under applicable law, we will seek your express consent for such transfers. In all other cases, by consenting to this policy, you also provide consent to upGrad Rekrut to transfer your Personal Data to upGrad Rekrut-affiliated companiess, Third-Party service providers, business partners or any third-party entity in locations around the world. We take steps to ensure that a degree of data protection which is similar to this policy, is afforded to such Personal Data transferred.
Where upGrad Rekrut transfers your personal information internationally, we will comply with applicable legal requirements and where required, we will enter into a data transfer agreement with the recipient of the personal information, which in the case of European Personal Data, may include the Standard Contractual Clauses. In other cases, and where applicable, we shall enter into separate Data Processing Agreements with the third parties/service providers/contractors and such other recipients of Personal Data. Further as the Company takes steps to ensure that transfers of Personal Data to any public authority cannot be massive, disproportionate, and indiscriminate in a manner that would go beyond what is necessary in a democratic society. In the event of conflicts between these and public authority requirements, the company will find a practical solution that fulfils the purpose of this Policy.
We are committed to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our data privacy and security standards.
26.Data Retention
We retain user data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Users may exercise their rights regarding their personal information, including the rights to access, rectification, erasure, restriction, data portability, and objection, by contacting us using the information provided below.
[PK1]Please enter website domain name
[PK2]Please add link to AWS about section