Privacy Statement

MDM MADHUBANI TECHNOLOGIES PRIVATE LIMITED, its subsidiaries and branch operations hereinafter referred as 'GRADUS', 'we', 'us' or 'our' is committed to respect your privacy and choices. The privacy statement (hereinafter "Privacy Statement" or "Statement") highlights our privacy practices regarding Personal Information that we collect and process in compliance to applicable data privacy regulations.

Objective

Through this privacy statement we intend to provide a synopsis of our privacy practices regarding Personal Information that we collect and process about you through various sources. Although the primary focus of this statement is on the data collected and processed through our websites, that link to this Privacy Statement, which include gradusindia.in and gradus.live (collectively referred to as "GRADUS & MDM MADHUBANI TECHNOLOGIES PRIVATE LIMITED Websites"), our adherence to the below mentioned principles remain across the organization towards personal data processing. Depending on the purposes of processing and your relationship with us as a data subject, we may provide additional customized privacy statements, more information on which can be found below.

The scope of this Statement covers the categories of personal data collected, how we use or process such data, who are the recipients of such data, and your associated rights under applicable laws including how to exercise the same. The applicability of the Privacy Statement is global, however certain additional information may be relevant to you depending on the country where you reside. Such additional terms, based on these particular countries or regions, are called out in region-specific statements below.

Wherever we may have provided the translation of our Statement in local languages, as per applicability, in case of a conflict between the local language and the English version, the English version shall prevail.

1. Personal Information that we process and use

1.1 Personal Information that we process

We may collect the following categories of Personal Information:

• Information collected as part of your visit and usage of our websites, such as Internet Protocol (IP) address, demographics, your computers' operating system, device information, telemetry data and browser type and information collected via cookies or similar tracking technologies. As a website visitor who merely browses our websites (including the hosted content), without submitting any additional data, this is the most relevant paragraph for applicable data processing.
• Personal and Contact details, such as, Name, title, e-mail address, phone numbers, address, designation, Company/Organization, Industry, Location (in terms of City/Country), LinkedIn profiles/URLs (or similar professional data set).
• Login credentials, such as Username and Passwords, when you register for any of our applicable services.
• Audio-Visual information such as photographs or images captured, video recordings (if enabled), when attending any of our events, webinars etc.
• Queries, comments, or feedback as submitted by you, including any correspondence you have made with us.
• Preferences relating to marketing communications, interest areas, subscription details, dietary preferences/allergies (in relations to events we may organize).
• Additionally, we may collect certain data points based on the categories of data subject and their relationship with us, as are detailed out in additional Privacy Statements for relevant categories of data subjects at the end of this statement.

1.2 Sources of Personal Information

We may collect the aforementioned Personal Information through various sources, such as mentioned below:

• Submitted by yourself, through our Website forms, applications on our portals, or by contacting/emailing our official contacts.
• Shared to GRADUS employees, such as our sales or marketing representatives.
• Shared with or by GRADUS' affiliates.
• Shared by the employers of the visitors and contractors, where applicable.
• Sourced from public websites and social media, including your publicly accessible profiles.
• Shared by our suppliers, vendors and service providers.
• Sourced via Cookies and similar tracking technologies as deployed on our website (details are available in the Cookie Policy).

1.3 Use of your Personal Information

We may use your Personal Information for the following purposes:

• to provide better usability, troubleshooting and site maintenance
• to understand which parts of the website are visited and how frequently
• to create your login credentials, where applicable
• to identify you once you register on our website
• to facilitate communication with you, including contacting you and responding to your queries or requests
• to offer curated content tailored to your preferences
• to enable marketing and sales related communications and related purposes
• to provide access to podcasts available on our website(s)
• to know your interest of participation in ideathons or other competitions
• as a participant of any competitions and/or award ceremonies organized by us
• to publish your name and corresponding details to make them available to larger audience on the Internet (including details of awards won); for the jury members and other associated delegates and speakers, to publish their name, title, photograph, and bio in a similar manner
• to invite you for events, seminars and equivalent ceremonies organized by us and related purposes such as running marketing or promotional campaigns, including such promotions or publications on social media
• to publish testimonials and case studies
• to generate and maintain leads as part of our Customer Relationship Management database
• to perform data analytics for providing a better user experience, enhance website performance and achieve business objectives
• to enhance and optimize our business operations, applications, systems, and processes, including operation and management of our communication assets and systems, ensuring and strengthening information security, maintenance of audit trail and associated records
• to protect your data and GRADUS assets from information security threats
• to secure against any unauthorized access, disclosure, alteration, or destruction
• to comply with applicable laws and other legal requirements, such as regulatory filings, record-keeping and reporting obligations, cooperating with government authorized inspections or requests, protecting our legal rights, and seeking remedies, including defending against any claims or engaging in legal proceedings, responding to subpoenas or court orders and managing documentation for related purposes
• to enhance your website experience and other associated purposes by deploying cookies or similar technologies. For more information, refer to the cookie policies of our respective domains as called out below.
• For some of the personal data processing we undertake, we might use AI, Machine learning and related technologies to enhance customer experience and data analytic capabilities, but whenever we do so, we use responsible AI practices.

1.4 Legal basis of the processing

The applicable privacy and data protection laws provide for certain justifiable grounds for collection and processing of personal data, commonly referred to as legal basis of processing. We primarily rely on the following legal bases:

• 1.4.1 We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract, e.g., when you would engage with us for receiving our services and offerings, or when managing the data of our employees for ensuring the performance of their employment contract.
• 1.4.2 We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights), e.g., when we need to understand your usage of our website and interaction with the same, for generating your secure login credentials, or to optimize our processes.
• 1.4.3 We process your Personal Information with your consent. Where we process Personal Data based on consent, your consent is revocable at any time, e.g., when registering and inviting you for events organized by us, or for sharing our marketing related communications with you.
• 1.4.4 We may process your personal Information to comply with any Legal obligations on us, including to applicable laws and protecting our legal rights, seeking remedies, and defending against claims.

2. Consequences of not providing Personal Information

If you choose not to provide your Personal Information that is mandatory to process your request, we may not be able to fulfil the relevant purpose of processing, including provision of any services to you, if applicable.

3. Data recipients, transfer, and disclosure

GRADUS does not share your Personal Information with third parties for their direct marketing purposes. We share your Personal Information within:

• GRADUS or with any of its subsidiaries;
• Business partners;
• Service providers;
• Authorized third-party agents; or
• Auditors, and/or government authorities, where applicable.

3.2 Facilitating International Data Transfers

We may transfer Personal Information to countries outside of your country of residence, either to GRADUS group of companies or third parties, including to countries which have different data protection standards from those which apply in your country or region of residence. Where we may transfer the data outside your country or region of residence, we shall take reasonable and appropriate steps in line with applicable laws while executing such transfer.

4. Your Rights

4.1 Subject to the laws of your country, you may have certain rights as a data subject (including but not limited to right to information, access, rectification, erasure, object, restriction of processing, right to complain), relating to your Personal Information that we process. Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal.

4.2 Exercising your rights: For exercising your rights, we may need to request certain information from you for ascertaining your identity and confirming that you are entitled to exercise the same. You can exercise your rights by contacting us at contact@gradusindia.in.

5. Data security

At GRADUS, there exists a perfect balance between Governance, Process and Technology, the combination of which has established GRADUS' commitment to its customers and stakeholders. GRADUS adopts reasonable and appropriate security controls, practices and procedures including administrative, physical security, and technical controls in order to safeguard your Personal Information.

6. Data retention

Personal Information will not be retained for a period more than necessary to fulfil the purposes outlined in this privacy statement unless a longer retention period is required by law or for directly related legitimate business purposes. Personal Data that is no longer required to be retained as per legal and business requirements will be disposed in a secure manner.

7. Contact your Local Data Protection Authority

If you are unhappy with how we safeguard your personal data, depending on the laws of the countries where you reside, you have the right to bring a complaint to your local data protection authority.

8. Linked websites

Our privacy practices regarding Personal Information that we collect and store about you through our portals such as Recruitment and Global Alumni will be as per the privacy policy of those portals.

GRADUS provides links to third-party websites and services. However, GRADUS is not responsible for the privacy statements, practices, or the contents of such third-party websites.

9. Children's Privacy

GRADUS Websites, its associated products or services and hosted contents, are not intended for the use by children.

As such we do not knowingly solicit or collect personally identifiable information online from children without prior verifiable parental consent. If MDM MADHUBANI TECHNOLOGIES PRIVATE LIMITED learns that a child has submitted personally identifiable information online without parental consent, it will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children, please email us at contact@gradusindia.in.

10. How to contact us

If you have any questions regarding our privacy practices or this privacy statement, or to request this privacy statement in another format, please contact us at:

11. Updates to this privacy statement

GRADUS may change the data privacy practices and update this privacy statement as and when the need arises, and the same will be made available on the website. However, our commitment to protect the privacy of website users will continue to remain.