COURSE 5 PRIVACY NOTICE OBJECTIVE
This privacy notice will tell you about what we collect and do with your personal information when you visit the Course5 website or interact with us for various services or fill in your personal information to contact us or want to access our services where we process your personal information.
Course5 is a global analytics provider that drives digital transformation through analytics, insights, and Artificial Intelligence (AI). Course5 Intelligence helps businesses make the most effective strategic and tactical moves relating to their customers, markets, and competition. Course5 Intelligence leverages rapid advances in Artificial Intelligence and Machine Learning to create disruptive technologies and accelerators for analytics, digital, and research solutions that provide significant and long-term value to their clients.
CONTROLLER’S CONTACT DETAILS
Course5 is the controller for the personal information we collect and process. If you want to exercise your privacy rights and know about what information we hold about you.
You can contact us via E-mail and post at the below details:
COURSE5 OFFICE ADDRESS:
Building 2A, Aster East Tower, Lower Ground floor, Embassy Tech Village,
Marathalli, Sarjapur Outer Ring Road, Devarabeesanahalli, Bengaluru- 560 103.
HOW DO WE GET PERSONAL INFORMATION?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.
HOW WE COLLECT PERSONAL DATA
Course5 collects personal data directly from you via online forms or when you contact Course5 and we also collect personal data from third parties, and we process that personal data on behalf of the Data controller.
The data we collect includes:
PURPOSE FOR COLLECTING PERSONAL DATA
The personal information we collected would be used for the following purposes:
REASONS WE MAY SHARE YOUR PERSONAL DATA
We may share your personal data:
HOW TO CONTROL AND ACCESS YOUR PERSONAL DATA
You can access and control the personal data that Course5 holds from you by contacting or submitting a Data Subject Access Request (DSAR) form to Course5:
OUR PRIVACY PRINCIPLES
We operate in multiple jurisdictions and to maintain global privacy posture and maximum legal compliance we have our privacy principles based on OECD guidelines, which also serve as founding principles for laws including but not limited to EU GDPR, KSA PDPL, Indian DPDP, UK DPA2018, CCPA, and various US state privacy policies.
The OECD Privacy Guidelines are high-level policy recommendations that can be used as a basis to develop a privacy protection framework with the flexibility to accommodate regional and local variations. Meanwhile, they also facilitate international interoperability for transborder flows of personal data. We at Course5 follow the following principles in our “Data Privacy & Protection” practices and our controls are regularly evaluated for:
Collection Limitation Principle: There shall be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, and kept up to date.
Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use is limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle: Personal data shall not be disclosed, made available or otherwise used for purposes other than those specified in accordance with (the Purpose Specification Principle) except:
Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.
Openness Principle: There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available for establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle: An individual should have the right:
Accountability Principle: A data controller should be accountable for complying with measures that give effect to the principles stated above.
DATA SUBJECT RIGHTS
Course5 provide their data subject to access their personal data held by us and further exercise their subject rights provided in their respective jurisdiction, where data was collected or used, and this is done as per applicable laws. Data Subjects can practice this by simply filling out the DSAR form or by contacting Course5.
We respect all the rights guaranteed to data subjects, when we use their personal data, as mentioned in their applicable laws on personal data processing in specific jurisdictions. Such rights include and are limited to the following:
Right to transparency: Course 5 as a Data Controller uses clear and plain language when informing data subjects about how their personal data will be processed. The information provided to the data subject will be clear, concise, and transparent, and it will be provided to them in an easily accessible format.
Right to be informed: Data subjects have the right to be informed. For example – About the fact that their data has been processed, the purpose for which it was processed, and the identity of the controller. Course5 will provide this through a Data Protection Notice to their data subjects whose personal data is processed.
Right to access: Data Subjects have the right to receive information from Data Controllers on whether their personal data is processed by their contractor or processor, the purpose of this processing, the categories of data concerned, and the recipients to whom their data are disclosed, the storage period, as well as the right to access this personal data.
Right to rectification: Data subjects have the right to rectify their data if it is inaccurate or incomplete.
Right to erasure / Right to be forgotten: Data subjects have the right to erase their data for example if their personal data is no longer needed by the Data Controller if they withdraw their consent or if the processing operation is unlawful.
Right to restrict the processing: Data subjects can ask the controller to restrict the data processing under certain circumstances, such as if they contest the accuracy of the processed data or if they are not sure if their data is lawfully processed.
Right to data portability: Data subjects have the right to obtain the data that the controller holds on them and to transfer it from one controller to another. Where technically possible, the controller must do this directly.
Right to object: Data subjects can object, on compelling legitimate grounds, to the processing of data relating to them.
Rights not to be subject to automated decision-making and profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal consequences for them or significantly affects them in a similar way.
BROWSER BASED CONTROL
Necessary cookies: Required for you to be able to use some important features on our website, such as logging in.
Functionality cookies: Provide functionality that makes using our service more convenient and makes providing more personalized features possible.
Analytics cookies: Used to track the use and performance of our website and services.
LINKS TO OTHER WEBSITE
Where we provide links to websites of other organizations, this privacy notice does not cover how that organization processes their personal information. We encourage you to read the privacy notice on the other websites you visit.
EXPLANATION OF KEY TERMS
Data Subject*: A “data subject” refers to an individual who is the subject or the focus of personal data. In the context of Indian data protection and privacy laws, (DPDP), a data subject is identified as Personal Data Principle and is any identifiable person whose personal data is being collected, processed, or stored by an organization or data controller.
Data Controller*: A “data controller” is an entity or organization that determines the purposes and means of processing personal data. In the context of Indian data protection and privacy laws (DPDP) the term Data Fiduciary shall be used for data controller, where it is the entity that is responsible for collecting personal data from individuals and deciding how that data will be processed.
The data controller has the authority to make decisions regarding the processing of personal data, including the types of data collected, the purposes for which the data is collected, the methods of processing, and the duration for which the data will be retained. The data controller is also accountable for ensuring that the processing of personal data complies with applicable data protection laws and regulations.
Data Processor: A “data processor” is an entity or organization that processes personal data on behalf of a data controller. In the context of data protection and privacy laws, including Indian DPDP in the European Union, a data processor is a separate entity from the data controller and is engaged by the data controller to handle personal data on its behalf.
Personal Data: The term “personal data” encompasses any information that relates to an identified or identifiable individual. It can include various types of data, such as names, addresses, email addresses, identification numbers, financial information, health records, IP addresses, and any other information that can directly or indirectly identify a person.
DPDP 2023: The main data privacy law in India is the Digital Personal Data Protection Act, 2023 (DPDP). The DPDP Act was, published in the Official Gazette on Friday, August 11, 2023.
The DPDP Bill regulates the processing of digital personal data, which is defined as any information that can be used to identify an individual, either directly or indirectly. The Bill applies to all organizations that process digital personal data, regardless of their size or location.
[Version: 3.0, Released on 21st Aug 2023]