Privacy Notice

COURSE 5 PRIVACY NOTICE OBJECTIVE

This privacy notice will tell you about what we collect and do with your personal information when you visit the Course5 website or interact with us for various services or fill in your personal information to contact us or want to access our services where we process your personal information.

Course5 is a global analytics provider that drives digital transformation through analytics, insights, and Artificial Intelligence (AI). Course5 Intelligence helps businesses make the most effective strategic and tactical moves relating to their customers, markets, and competition. Course5 Intelligence leverages rapid advances in Artificial Intelligence and Machine Learning to create disruptive technologies and accelerators for analytics, digital, and research solutions that provide significant and long-term value to their clients.

CONTROLLER’S CONTACT DETAILS

Course5 is the controller for the personal information we collect and process. If you want to exercise your privacy rights and know about what information we hold about you.

You can contact us via E-mail and post at the below details:

COURSE5 OFFICE ADDRESS:

Course5 Intelligence,

Building 2A, Aster East Tower, Lower Ground floor, Embassy Tech Village,

Marathalli, Sarjapur Outer Ring Road, Devarabeesanahalli, Bengaluru- 560 103.

Dataprotectionofficer@course5i.com

HOW DO WE GET PERSONAL INFORMATION?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

You subscribe to our E-newsletter.
You have made an information request to us via the website.
You enrolled for participation in surveys, various studies, and research programs.
You have made a complaint or inquiry to us.
You have downloaded our assets from the website like case studies, whitepapers, etc.
You have registered for our webinars, podcasts, events, or other thought leadership initiatives.
You have shared your contact details at past physical events and other networking opportunities
You have responded to us on our social handles like LinkedIn, Facebook, Twitter, etc.
You have filled out an inquiry form in our ads on online channels like LI, Google, etc.
You have reached out to us through the contact details shared on the website with inquiries or requests.
We may collect your personal information from public domains such as social media platforms or other public repositories of data as part of the research project.
We may collect your personal information from third parties, for further processing of personal information we have sent the consent request/ form to the individuals for their privacy rights.
An employee of ours gives your contact details as an emergency contact or a reference.
We may collect & share personal information with third parties to conduct engagement programs.
We may collect your personal information for internal engagement activities.
We may collect your personal information as a part of the Employee Personal File for HR & Admin records.
We may collect your personal information for recruitment purposes.

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.

HOW WE COLLECT PERSONAL DATA

Course5 collects personal data directly from you via online forms or when you contact Course5 and we also collect personal data from third parties, and we process that personal data on behalf of the Data controller.

The data we collect includes:

We may collect your contact information such as full name, company name, email address, postal address, and telephone number when you email or call us with an inquiry or an application for work.
We may also collect your details from publicly available sources or purchase lists from suppliers operating within data protection regulations.
When we conduct market research, we may collect additional information from you with your valid consent.
We may process your information on behalf of our clients who have lawfully collected your information for the purpose of asking you whether you would like to participate in market research, consultancy projects, advisory boards, or events. This information may include your full name, job title, company name, email address, telephone number, and postal address, and may also include information about your area of specialization or health status.
Information you provide through online questionnaires or feedback forms.

PURPOSE FOR COLLECTING PERSONAL DATA

The personal information we collected would be used for the following purposes:

We use personal data to provide you with information, you have requested or inquiries about our services and offerings.
To send you newsletters, e-mails relating to participation in any of our events or surveys, our proprietary product-related information, and promotional events.
Use for conducting market surveys and research with your consent.
To assess applications for jobs we have on offer.

REASONS WE MAY SHARE YOUR PERSONAL DATA

We may share your personal data:

Within our company in order to manage and provide our services, and for other legitimate business purposes.
As part of any re-organization, or merger of all or a portion of the Course5 Intelligence
We will not sell or share your personal information with third parties for their own promotional or marketing purpose unless you give us consent to do so and permitted by applicable law.
During services delivery as agreed in the contracts with adequate safety measures.

HOW TO CONTROL AND ACCESS YOUR PERSONAL DATA

You can access and control the personal data that Course5 holds from you by contacting or submitting a Data Subject Access Request (DSAR) form to Course5:

If Course5 obtained your consent to use your personal data, you can withdraw that consent at any time.
You can request access to, erasure of, and updates to your personal data.
You have a right to ask for a copy of the information we hold on you at any time.
You can also object to or restrict personal data used for direct marketing purposes or we are performing a task in the public interest or pursuing our legitimate interest.
You opt-out from receiving internet-based advertising from Course5.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

OUR PRIVACY PRINCIPLES

We operate in multiple jurisdictions and to maintain global privacy posture and maximum legal compliance we have our privacy principles based on OECD guidelines, which also serve as founding principles for laws including but not limited to EU GDPR, KSA PDPL, Indian DPDP, UK DPA2018, CCPA, and various US state privacy policies.

The OECD Privacy Guidelines are high-level policy recommendations that can be used as a basis to develop a privacy protection framework with the flexibility to accommodate regional and local variations. Meanwhile, they also facilitate international interoperability for transborder flows of personal data. We at Course5 follow the following principles in our “Data Privacy & Protection” practices and our controls are regularly evaluated for:

Collection Limitation Principle: There shall be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, and kept up to date.

Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use is limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

Use Limitation Principle: Personal data shall not be disclosed, made available or otherwise used for purposes other than those specified in accordance with (the Purpose Specification Principle) except:

a) with the consent of the data subject; or
b) by the authority of law.

Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.

Openness Principle: There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available for establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle: An individual should have the right:

To obtain from a data controller, or otherwise, confirmation of whether the data controller has data relating to him.
To have communicated to him, data relating to him within a reasonable time at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him.
To be given specific reasons if a request made under points (a) and (b) is denied, and to be able to challenge such denial.
To challenge data relating to him/her and, if the challenge is successful to have the data erased, rectified, completed, or amended.

Accountability Principle: A data controller should be accountable for complying with measures that give effect to the principles stated above.

DATA SUBJECT RIGHTS

Course5 provide their data subject to access their personal data held by us and further exercise their subject rights provided in their respective jurisdiction, where data was collected or used, and this is done as per applicable laws. Data Subjects can practice this by simply filling out the DSAR form or by contacting Course5.

We respect all the rights guaranteed to data subjects, when we use their personal data, as mentioned in their applicable laws on personal data processing in specific jurisdictions. Such rights include and are limited to the following:

Right to transparency: Course 5 as a Data Controller uses clear and plain language when informing data subjects about how their personal data will be processed. The information provided to the data subject will be clear, concise, and transparent, and it will be provided to them in an easily accessible format.

Right to be informed: Data subjects have the right to be informed. For example – About the fact that their data has been processed, the purpose for which it was processed, and the identity of the controller. Course5 will provide this through a Data Protection Notice to their data subjects whose personal data is processed.

Right to access: Data Subjects have the right to receive information from Data Controllers on whether their personal data is processed by their contractor or processor, the purpose of this processing, the categories of data concerned, and the recipients to whom their data are disclosed, the storage period, as well as the right to access this personal data.

Right to rectification: Data subjects have the right to rectify their data if it is inaccurate or incomplete.

Right to erasure / Right to be forgotten: Data subjects have the right to erase their data for example if their personal data is no longer needed by the Data Controller if they withdraw their consent or if the processing operation is unlawful.

Right to restrict the processing: Data subjects can ask the controller to restrict the data processing under certain circumstances, such as if they contest the accuracy of the processed data or if they are not sure if their data is lawfully processed.

Right to data portability: Data subjects have the right to obtain the data that the controller holds on them and to transfer it from one controller to another. Where technically possible, the controller must do this directly.

Right to object: Data subjects can object, on compelling legitimate grounds, to the processing of data relating to them.

Rights not to be subject to automated decision-making and profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal consequences for them or significantly affects them in a similar way.

BROWSER BASED CONTROL

We use cookies and other similar technologies to analyze customer behavior, administer the website, track users’ movements, and collect information about users. This is done in order to personalize and enhance your experience with us.

You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement. We may use cookies to determine whether your browser can accept a particular type of software, or to stop pop-up boxes appearing each time you visit our site. We may use cookies for other purposes in the future, as our site develops, and this statement will be amended to reflect any such changes.

We use cookies to process information that helps us to secure our website, as well as detect fraud and abuse.

We use cookies for the following purposes:

Necessary cookies: Required for you to be able to use some important features on our website, such as logging in.

Functionality cookies: Provide functionality that makes using our service more convenient and makes providing more personalized features possible.

Analytics cookies: Used to track the use and performance of our website and services.

LINKS TO OTHER WEBSITE

Where we provide links to websites of other organizations, this privacy notice does not cover how that organization processes their personal information. We encourage you to read the privacy notice on the other websites you visit.

EXPLANATION OF KEY TERMS

Data Subject*: A “data subject” refers to an individual who is the subject or the focus of personal data. In the context of Indian data protection and privacy laws, (DPDP), a data subject is identified as Personal Data Principle and is any identifiable person whose personal data is being collected, processed, or stored by an organization or data controller.

Data Controller*: A “data controller” is an entity or organization that determines the purposes and means of processing personal data. In the context of Indian data protection and privacy laws (DPDP) the term Data Fiduciary shall be used for data controller, where it is the entity that is responsible for collecting personal data from individuals and deciding how that data will be processed.

The data controller has the authority to make decisions regarding the processing of personal data, including the types of data collected, the purposes for which the data is collected, the methods of processing, and the duration for which the data will be retained. The data controller is also accountable for ensuring that the processing of personal data complies with applicable data protection laws and regulations.

Data Processor: A “data processor” is an entity or organization that processes personal data on behalf of a data controller. In the context of data protection and privacy laws, including Indian DPDP in the European Union, a data processor is a separate entity from the data controller and is engaged by the data controller to handle personal data on its behalf.

Personal Data: The term “personal data” encompasses any information that relates to an identified or identifiable individual. It can include various types of data, such as names, addresses, email addresses, identification numbers, financial information, health records, IP addresses, and any other information that can directly or indirectly identify a person.

DPDP 2023: The main data privacy law in India is the Digital Personal Data Protection Act, 2023 (DPDP). The DPDP Act was, published in the Official Gazette on Friday, August 11, 2023.

The DPDP Bill regulates the processing of digital personal data, which is defined as any information that can be used to identify an individual, either directly or indirectly. The Bill applies to all organizations that process digital personal data, regardless of their size or location.

[Version: 3.0, Released on 21^st Aug 2023]