Privacy Policy

Introduction

VMI Collective Private Limited ("we", "us", "our", "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you:

• Visit our website (https://vmi-collective.in)
• Use our services (Training, enablement, international mobility, digital marketing, creative services, consulting)
• Enroll in our educational programs and courses
• Interact with us through various channels
• Make payments for our services or programs

By using our website, services, or programs, you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms and Conditions.

1. Information We Collect

1.1 Personal Information You Provide Directly

Contact and Identity Information:

• Full name, age, email address, phone number
• Postal address, city, state, country
• Date of birth and age verification
• Government-issued ID numbers (when required for verification)
• Emergency contact information (for program participants)

Professional and Academic Information:

• Company name, job title, industry
• Professional experience and qualifications
• Educational background and certifications
• LinkedIn profile and professional social media handles
• Portfolio or work samples (when submitted)

Program and Service-Related Information:

• Course applications and enrollment forms
• Academic records and performance data
• Assignment submissions and project work
• Examination and assessment results
• Attendance and participation records
• Course completion and certification status
• Learning preferences and accessibility requirements

Financial Information:

• Payment method details (credit/debit card information processed by secure third-party processors)
• Billing address and payment history
• Invoice and transaction records
• Bank account details (for refunds or direct transfers)
• Tax identification numbers (when required), PAN, GST, Aadhar, Passport, Digilocker ID etc

Communication Data:

• Messages sent through contact forms, emails, or chat systems
• Customer service interaction records
• Feedback, reviews, and testimonials
• Survey responses and program evaluations
• Support ticket information

1.2 Information Collected Automatically

Technical Information:

• IP address and geolocation data
• Browser type, version, and settings
• Operating system and device information
• Screen resolution and device specifications
• Referral URLs and exit pages

Usage Data:

• Pages visited and time spent on site
• Course progress and module completion rates
• Video viewing patterns and engagement metrics
• Download history for course materials
• Search queries and navigation patterns
• Login times and frequency of access

Cookies and Tracking Technologies:

• Essential cookies for website functionality
• Analytics cookies for usage statistics
• Preference cookies for user customization
• Marketing cookies for targeted advertising (with consent)
• Session cookies for security and authentication

1.3 Information from Third Parties

Social Media Integration:

• Profile information from LinkedIn, Facebook, Google (when you connect accounts)
• Professional networking data and connections
• Public social media posts mentioning our company

Payment Processors:

• Transaction confirmation and payment status
• Fraud detection and security verification data
• Chargeback and dispute information

Educational Partners:

• Third-party certification and accreditation records
• Partner institution academic transcripts
• Industry certification exam results

Marketing and Analytics Services:

• Website analytics and user behavior data
• Email marketing engagement metrics
• Advertising campaign performance data

Document Information

This Privacy Policy was last updated on September 25, 2025. We recommend reviewing this policy periodically to stay informed of our privacy practices. For specific questions about data processing or privacy rights, please contact our privacy team.

Language and Accessibility:
This policy is available in English. Alternative formats are available upon request for accessibility purposes.

2. How We Use Your Information

2.1 Service Delivery and Administration

Professional Services:

• Providing educational, international mobility and related services.
• Providing digital marketing, creative, and consulting services
• Training, enablement and go-to-market consulting services
• Business planning, raising finance and other related services
• Project management and client communication
• Delivering customized solutions and recommendations
• Managing service contracts and agreements

Educational Programs:

• Processing applications and enrollment
• Delivering course content and materials
• Tracking academic progress and performance
• Issuing certificates and credentials
• Providing student support and guidance
• Managing learning management systems

Payment Processing:

• Processing payments for services and programs
• Managing billing and invoicing
• Handling refunds and payment disputes
• Maintaining financial records for compliance

2.2 Communication and Marketing

Service-Related Communications:

• Sending appointment confirmations and reminders
• Providing course updates and announcements
• Sharing important policy or program changes
• Delivering technical support and assistance

Marketing Communications (with consent):

• Newsletters and industry insights
• Information about new programs and services
• Promotional offers and special discounts
• Event invitations and networking opportunities
• Alumni updates and success stories

2.3 Legal and Business Operations

Compliance and Legal Requirements:

• Meeting regulatory and licensing obligations
• Responding to legal requests and court orders
• Conducting internal audits and compliance checks
• Maintaining records for tax and accounting purposes

Business Operations:

• Analyzing service performance and user satisfaction
• Improving website functionality and user experience
• Conducting market research and program development
• Managing risk and preventing fraud
• Protecting intellectual property rights

3. Legal Basis for Processing

3.1 Under Indian Data Protection Laws

• Consent: When you explicitly agree to data processing for specific purposes such as marketing communications or optional program features.
• Contract Performance: When processing is necessary to fulfill our service agreements, educational program contracts, or payment obligations.
• Legal Obligation: When required to comply with Indian laws, tax regulations, educational standards, or court orders.
• Legitimate Interest: When processing serves our legitimate business interests while not overriding your privacy rights, such as:
  • Improving service quality and user experience
  • Preventing fraud and ensuring security
  • Managing business operations and communications
  • Conducting research and development

3.2 Under GDPR (for EU Users)

• Article 6 Lawful Bases:
  • Consent (6(1)(a)): For marketing, cookies, and optional features
  • Contract (6(1)(b)): For service delivery and program enrollment
  • Legal Obligation (6(1)(c)): For compliance with EU laws
  • Legitimate Interest (6(1)(f)): For business operations and improvements
• Article 9 Special Category Data: If we process sensitive personal data, we ensure additional legal bases and safeguards are in place.

3.3 Under Other International Laws

We comply with applicable data protection laws in jurisdictions where we operate, including:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Singapore's Personal Data Protection Act (PDPA)
• California Consumer Privacy Act (CCPA) for US users
• Australia's Privacy Act and other relevant regional legislation

4. Data Sharing and Disclosure

4.1 Service Providers and Business Partners

Technology Services:

• Cloud hosting providers (AWS, Google Cloud, Microsoft Azure)
• Content delivery networks and website optimization services
• Customer relationship management (CRM) systems
• Learning management system providers

Payment Processing:

• Secure payment gateways (Razorpay, Stripe, PayPal)
• Banking institutions and financial service providers
• Fraud detection and prevention services
• Accounting and invoicing software providers

Communication Services:

• Email marketing platforms and automation tools
• Video conferencing and webinar platforms
• SMS and messaging service providers
• Customer support and help desk systems

Educational Partners:

• Certification bodies and accreditation organizations
• Industry associations and professional bodies
• Guest instructors and subject matter experts
• Career placement and recruitment partners

4.2 Legal and Regulatory Disclosures

Government Authorities:

• Law enforcement agencies (when legally required)
• Regulatory bodies and licensing authorities
• Tax authorities and financial regulators
• Courts and legal tribunals

Legal Proceedings:

• Response to subpoenas, court orders, or legal processes
• Protection of legal rights and property
• Investigation of fraud or security breaches
• Compliance with regulatory investigations

4.3 Business Transactions

Mergers and Acquisitions:

• Due diligence processes with potential buyers or partners
• Asset transfers in business restructuring
• Successor entities in case of business sale or merger

4.4 Data Sharing Safeguards

Contractual Protections:

• Data processing agreements with all service providers
• Confidentiality and security requirements
• Purpose limitation and data minimization clauses
• Regular compliance monitoring and audits

Technical Safeguards:

• Encrypted data transmission and storage
• Access controls and authentication requirements
• Regular security assessments and updates
• Incident response and breach notification procedures

5. International Data Transfers

5.1 Cross-Border Data Processing

Given our global operations, your personal data may be transferred to and processed in countries including:

• India: Primary data processing and business operations
• United States: Cloud services and technology platforms
• European Union: GDPR-compliant processing for EU users
• Singapore: Regional service delivery and support
• Canada: Technology services and business partnerships

5.2 Transfer Safeguards

• Adequacy Decisions: We rely on adequacy decisions by relevant authorities where available.
• Standard Contractual Clauses: We use European Commission-approved standard contractual clauses for transfers to countries without adequacy decisions.
• Certification Programs: We work with service providers who maintain relevant certifications (Privacy Shield successors, ISO 27001, SOC 2).
• Technical Safeguards: All international transfers are protected by encryption, access controls, and monitoring systems.

6. Data Security Measures

6.1 Technical Safeguards

Encryption:

• End-to-end encryption for data transmission (TLS 1.3)
• Advanced encryption standards (AES-256) for data storage
• Encrypted backups and disaster recovery systems
• Secure key management and rotation practices

Access Controls:

• Multi-factor authentication for all system access
• Role-based access controls and principle of least privilege
• Regular access reviews and deprovisioning procedures
• Secure authentication protocols and session management

Infrastructure Security:

• Firewall protection and intrusion detection systems
• Regular security monitoring and threat intelligence
• Vulnerability scanning and penetration testing
• Secure development practices and code reviews

6.2 Organizational Safeguards

Policies and Procedures:

• Comprehensive data protection and privacy policies
• Employee training on data handling and security practices
• Incident response and breach notification procedures
• Regular policy reviews and updates

Personnel Security:

• Background checks for employees with data access
• Confidentiality agreements and privacy training
• Regular security awareness and phishing simulations
• Clear data handling roles and responsibilities

Vendor Management:

• Due diligence assessments for all service providers
• Contractual security and privacy requirements
• Regular vendor security audits and reviews
• Incident response coordination with partners

7. Data Retention and Deletion

7.1 Retention Periods

Active Users and Students:

• Personal and contact information: Retained while account is active
• Course materials and academic records: Retained for certification validity period
• Payment and financial records: Retained for 7 years (legal requirement)
• Communication history: Retained for 3 years for service quality purposes

Former Users and Students:

• Basic contact information: Retained for 2 years after last interaction
• Academic transcripts and certificates: Retained permanently for verification
• Marketing consent records: Retained until withdrawal or 3 years of inactivity
• Technical logs and analytics: Retained for 1-2 years depending on purpose

7.2 Deletion Procedures

Automated Deletion:

• Systematic purging of expired data according to retention schedules
• Secure deletion methods that prevent data recovery
• Regular audits to ensure deletion procedures are followed
• Documentation of deletion activities for compliance purposes

Manual Deletion Requests:

• Processing of individual deletion requests within 30 days
• Verification of identity before processing deletion requests
• Retention of minimal data where legal obligations require
• Notification to third parties when applicable

8. Your Privacy Rights

8.1 Universal Rights

Access and Portability:

• Right to access all personal data we hold about you
• Right to receive data in a structured, machine-readable format
• Right to transmit data to another service provider
• Reasonable response timeframe (typically 30 days)

Correction and Updates:

• Right to correct inaccurate or incomplete information
• Right to update contact and professional information
• Ability to modify communication preferences
• Self-service options through user portals where available

Deletion and Erasure:

• Right to request deletion of personal data
• Right to withdraw consent for processing
• Right to object to certain types of processing
• Exceptions where legal retention requirements apply

8.2 Jurisdiction-Specific Rights

GDPR Rights (EU Users):

• Right to object to processing based on legitimate interest
• Right to restriction of processing in certain circumstances
• Right to data portability in machine-readable format
• Right to lodge complaints with supervisory authorities

CCPA Rights (California Users):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights

PIPEDA Rights (Canadian Users):

• Right to access personal information held by organizations
• Right to request corrections to inaccurate information
• Right to file complaints with Privacy Commissioner
• Right to withdraw consent where applicable

8.3 Exercising Your Rights

Contact Methods:

Email: info@vmi-collective.in

Online Form: https://vmi-collective.in/contact.html

Phone:+91 7217767539

Mail: Privacy Officer, VMI Collective Private Limited, C 106 2nd Floor, Greater Kailash Part 1, New Delhi. 110048 India

Verification Process:

• Identity verification required for security purposes
• Reasonable proof of identity (government ID or account verification)
• Additional verification for sensitive requests
• Response within legally required timeframes

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies:

• Session management and authentication
• Security and fraud prevention
• Basic website functionality and navigation
• Load balancing and performance optimization

Analytics Cookies:

• Website traffic and usage analysis (Google Analytics)
• User behavior and interaction tracking
• Performance monitoring and optimization
• A/B testing and feature improvement

Functional Cookies:

• User preferences and customization settings
• Language and regional preferences
• Accessibility features and accommodations
• Course progress and bookmark functionality

Marketing Cookies (with consent):

• Targeted advertising and remarketing
• Social media integration and sharing
• Email marketing engagement tracking
• Conversion tracking and attribution

9.2 Cookie Management

Browser Controls:

• Instructions for managing cookies in major browsers
• Options to block or delete specific cookie types
• Impact of disabling cookies on website functionality
• Alternative methods for essential website features

Consent Management:

• Cookie consent banners and preference centers
• Granular control over cookie categories
• Ability to withdraw consent at any time
• Regular consent refresh and updates

Third-Party Cookies:

• List of third-party cookie providers
• Links to third-party privacy policies
• Opt-out mechanisms for third-party tracking
• Regular review and updates of third-party relationships

10. Special Categories of Personal Data

10.1 Sensitive Data Processing

Health and Accessibility Information:

• Accommodation requests and accessibility needs
• Medical documentation for program modifications
• Dietary restrictions for events and programs
• Mental health support and counseling referrals

Educational Records:

• Academic performance and assessment data
• Learning difficulties and support requirements
• Disciplinary records and academic integrity issues
• Scholarship and financial aid information

10.2 Additional Safeguards

• Enhanced Security: Extra protection measures for sensitive data categories
• Limited Access: Restricted access to authorized personnel only
• Explicit Consent: Clear and specific consent for sensitive data processing
• Regular Audits: Frequent reviews of sensitive data handling practices

11. Children's Privacy

11.1 Age Requirements

• Services generally intended for users 18+ years old
• Parental consent required for users under 18
• Special protections for users under 16 (GDPR requirements)
• Age verification procedures for program enrollment

11.2 Parental Rights

• Parental consent requirements for minors
• Right to access child's personal information
• Right to request deletion of child's data
• Right to control child's participation in programs

12. Updates and Notifications

12.1 Policy Updates

• Email notification for material changes
• Website banner announcements for updates
• Clear indication of changes in updated policy
• Archive of previous policy versions
• Continued use of services after updates constitutes acceptance of changes

12.2 System Updates

• Security Updates: Regular updates to security measures and protocols
• Feature Updates: New privacy features and controls for users
• Compliance Updates: Changes to meet evolving legal requirements

13. Data Protection Officer and Contact Information

Email: info@vmi-collective.in

Phone:+91 7217767539

Address: C 106, 2nd Floor, Greater Kailash Part - 1, New Delhi. 110048

Website: https://vmi-collective.in

Other jurisdictions: Contact information for relevant authorities in other operating jurisdictions

14. Complaints and Dispute Resolution

14.1 Internal Complaints Process

• Step 1: Contact our privacy team directly
• Step 2: Formal complaint review (30-day response)
• Step 3: Independent review by senior management
• Step 4: Final resolution and response

14.2 External Complaints

Regulatory Authorities:

• Right to file complaints with data protection authorities
• Contact information for relevant authorities
• Assistance with filing complaints when requested
• Cooperation with regulatory investigations

Alternative Dispute Resolution:

• Mediation services for privacy disputes
• Independent privacy organization complaints processes
• Industry association dispute resolution mechanisms

15. Definitions and Interpretation

15.1 Key Terms

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.)
• Controller: VMI Collective Private Limited as the entity determining purposes and means of processing
• Processor: Third parties processing personal data on our behalf under contract
• Data Subject: The individual whose personal data is being processed

15.2 Legal Framework

This Privacy Policy is governed by and interpreted according to Indian law and applicable international data protection regulations.

Document Information:

This Privacy Policy was last updated on September 25, 2025. We recommend reviewing this policy periodically to stay informed of our privacy practices. For specific questions about data processing or privacy rights, please contact our privacy team.

Language and Accessibility:

This policy is available in English. Alternative formats are available upon request for accessibility purposes.