Privacy Statement

This Privacy Policy (“Policy”) describes how DOSSIERNEXUS ACADEMIA PRIVATE LIMITED (“Company”, “we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you access, register on, or use the dossier.nexus Platform, including our websites, mobile applications, and related services (collectively, the “Platform” or “Services”).

This Policy applies to all Users of the Platform, including Organisers, End Users, attendees, learners, and visitors. By using the Platform, you consent to the collection and use of your personal data as described in this Policy.

For residents of the European Union, United Kingdom, or other jurisdictions with specific data protection laws, please review Sections 8–10 below for additional rights and protections.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account Registration:

• Full name, email address, phone number

• Username and password

• Organization name, type, and role

• Billing address and payment information

• Profile information and biography

Event/Program Creation (Organisers):

• Event title, description, dates, times, and venue

• Speaker or facilitator names and biographies

• Pricing, seat availability, and eligibility requirements

• Event-specific terms and policies

• Images, logos, and promotional materials

Event Registration/Ticket Purchase (Attendees):

• Full name, email, phone number

• Attendance preferences and dietary requirements

• Accessibility needs and accommodations

• Payment information (processed securely by payment processors)

• Feedback, reviews, and testimonials

Communication:

• Messages, feedback, support tickets, or inquiries

• Participation in surveys, polls, or focus groups

• Subscription preferences and communication opt-ins

Content Upload:

• Files, documents, presentations, videos, or other materials you create or upload

• User-generated content, comments, or forum posts

• Training materials or course content

1.2 Information Collected Automatically

Device and Usage Data:

• IP address and location (inferred from IP)

• Device type, browser, and operating system

• Pages visited, duration on page, and clickstreams

• Features used and actions taken within the Platform

• Search queries and preferences

• Download and upload activities

Cookies and Tracking Technologies:

• Session cookies for authentication

• Performance and analytics cookies

• Third-party cookies from analytics providers and advertising partners

• Pixels, beacons, and similar tracking technologies

Platform Analytics:

• Login and logout times

• Account activity and engagement metrics

• Data usage and storage consumption

• Event creation, promotion, and attendance metrics

• Conversion data (registrations, purchases, completions)

1.3 Information from Third Parties

• Payment processors (for transaction and billing data)

• Analytics providers and marketing partners

• Publicly available sources (for identity verification or fraud prevention)

• Other Users who import or reference your information with consent

2. HOW WE USE YOUR INFORMATION

2.1 Legal Bases for Processing

The Company processes your personal data based on one or more of the following legal bases:

(a) Contractual Performance: Processing is necessary to provide the Platform and Services you have subscribed to or used.

(b) Consent: You have explicitly agreed to the processing.

(c) Legitimate Interests: Processing is necessary for the legitimate business interests of the Company, including:

• Platform operation, improvement, and optimization

• Fraud prevention and security

• Customer service and support

• Analytics and business insights

• Legal compliance and audit

• Product development and innovation

(d) Legal Obligations: Processing is required to comply with applicable law or regulatory obligations.

(e) Vital Interests: Processing is necessary to protect your health, safety, or rights, or those of others.

2.2 Specific Uses of Your Data

The Company uses your personal data for:

Service Provision and Administration:

• Creating and managing your account

• Processing payments and issuing invoices

• Sending service announcements and updates

• Providing customer support and technical assistance

• Enforcing these Terms and other agreements

Event and Program Management:

• Creating and promoting events or programs

• Registering attendees and managing tickets

• Sending event reminders and updates

• Facilitating communication between Organisers and attendees

• Processing refunds and handling disputes

Marketing and Communications:

• Sending promotional emails, newsletters, and updates (if you have opted in)

• Customizing content and recommendations

• Conducting surveys, polls, and feedback gathering

• Displaying your profile and achievements with your consent

Analytics and Improvement:

• Analyzing usage patterns and Platform performance

• Improving features, functionality, and user experience

• Conducting market research and competitive analysis

• Generating aggregated, anonymized insights

• Testing new features and optimizations

Fraud Prevention and Security:

• Detecting and preventing fraud, abuse, and unauthorized access

• Monitoring for malware, viruses, or malicious activity

• Protecting against DDoS attacks and other security threats

• Verifying identity and authentication

• Investigating complaints and violations of these Terms

Legal Compliance:

• Complying with law enforcement requests and court orders

• Complying with tax, audit, and regulatory obligations

• Establishing and defending legal claims

• Enforcing intellectual property and contractual rights

3. HOW WE SHARE YOUR INFORMATION

3.1 Sharing with Organisers

When you register for an event or program, we share the following information with the Organiser:

• Your name, email, and phone number

• Event registration details and attendance status

• Feedback and reviews you provide about the event

• Any communication or inquiries you direct to the Organiser

Organisers use this information to manage their events, communicate with attendees, and fulfil their services. You are responsible for reviewing each Organiser’s privacy practices and terms.

3.2 Sharing with Service Providers

The Company engages third-party service providers to assist in providing and operating the Platform, including:

• Payment processors (Stripe, Razorpay) – for processing payments and billing

• Email and communication providers (Zepto Mail, MSG91) – for sending emails and notifications

• Hosting and storage providers (Square Brothers, AWS) – for data storage and infrastructure

• Analytics providers (Google Analytics, Mixpanel) – for usage analytics and optimization

• Customer support platforms (WhatsApp Business, Freshdesk) – for managing support requests

• Compliance and verification providers – for fraud prevention and identity verification

Service providers are contractually obligated to:

• Use your data only for the purposes specified by the Company

• Maintain appropriate security and confidentiality

• Comply with applicable data protection laws

3.3 Sharing with Legal Requirements

The Company may disclose your personal data if required or permitted by law, including:

• Court orders, subpoenas, or legal process

• Law enforcement or government agencies

• Regulatory bodies and authorities

• To establish, exercise, or defend legal claims

• To protect the safety, rights, and property of the Company, Users, or the public

3.4 Business Transfers

If the Company undergoes a merger, acquisition, bankruptcy, dissolution, re-organization, or similar transaction, your personal data may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have.

3.5 Aggregated and Anonymised Data

The Company may share aggregated, anonymised data that cannot identify you, including:

• Market research and industry insights

• Usage trends and analytics

• Feature adoption and engagement metrics

• Public reports and blog posts

4. DATA RETENTION

4.1 Retention Periods

The Company retains personal data for as long as necessary to:

• Provide the Services and fulfill contractual obligations

• Comply with legal and regulatory requirements

• Establish and defend legal claims

• Resolve disputes and complaints

• Maintain account security and prevent fraud

4.2 Specific Retention Timelines

Active Users:

• Account information and activity data are retained for the duration of your use of the Platform.

Upon Account Deletion:

• Customer Data (files, documents, event information) is deleted within 30 days.

• Account Information is deleted within 90 days.

• Backups may retain data for up to 90 days.

Attendee and Event Data:

• Organisers may retain attendee information in accordance with their privacy policies and legal obligations.

• After event completion, data is retained for 12 months, then deleted unless legal obligations require retention.

Payment and Billing:

• Payment information is retained in accordance with tax and accounting requirements, typically 7 years.

• Credit card information is not retained by the Company; it is processed and tokenized by payment processors.

Legal Holds:

• Data subject to legal holds or litigation is retained for the duration of the proceeding.

4.3 Deletion and Anonymisation

Upon your request or after the retention period, the Company will:

• Delete your personal data from active systems

• Remove identifying information to anonymise data for research or analytics

• Retain anonymised data indefinitely for legitimate business purposes

5. SECURITY AND DATA PROTECTION

5.1 Security Measures

The Company implements comprehensive technical, organisational, and administrative measures to protect your personal data, including:

Technical Controls:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)

• Secure authentication (multi-factor authentication, strong password policies)

• Regular security testing and penetration testing

• Intrusion detection and prevention systems

• Firewalls and network segmentation

Access Controls:

• Role-based access to sensitive data

• Employee confidentiality agreements

• Least-privilege principles

• Regular access reviews and audits

Operational Procedures:

• Incident response and breach notification protocols

• Regular security updates and patching

• Business continuity and disaster recovery plans

• Data backup and recovery procedures

• Physical security at data centers

5.2 Data Breach Notification

In the event of a personal data breach, the Company will:

• Notify affected Users and relevant authorities without undue delay, as required by law

• Provide information about the nature of the breach, data affected, and steps taken

• Recommend protective measures Users can take

• Comply with all applicable data protection law requirements

5.3 Your Responsibility

You are responsible for:

• Protecting your login credentials and passwords

• Maintaining confidentiality of your account

• Notifying the Company immediately of unauthorised access

• Complying with security policies and guidelines

• Using strong, unique passwords

5.4 Limitations

While the Company uses industry-standard security measures, no system is completely secure. The Company does not guarantee absolute security and is not liable for unauthorised access or data breaches resulting from factors beyond its reasonable control.

6. YOUR RIGHTS AND CHOICES

6.1 Account Access and Control

You have the right to:

• Access your account and review your personal data

• Update, correct, or modify your account information

• Download a copy of your data in a portable format

• Export your Customer Data at any time

To exercise these rights, log in to your account settings or contact support@dossiernexus.com.

6.2 Communication Preferences

You may opt out of or control certain communications:

• Promotional emails: Unsubscribe using the link in emails or adjust preferences in your account settings

• Service notifications: Cannot opt out of critical service communications

• Cookies: Control cookie preferences through your browser settings or our cookie consent tool

6.3 Do Not Track

Some browsers and devices allow you to send “Do Not Track” (DNT) signals. The Platform does not currently respond to DNT signals, but you can control tracking through browser settings and cookie controls.

6.4 Third-Party Sharing

You may limit certain third-party sharing through account settings, subject to operational requirements of the Platform.

7. CHILDREN’S PRIVACY

7.1 Age Restriction

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children without parental consent.

7.2 Parental Involvement

If a child under 18 wishes to use the Platform:

• A parent or legal guardian must create and manage the account

• The parent/guardian is responsible for all usage and adherence to these Terms

• We recommend parents review our Privacy Policy and Terms with their children

7.3 Report of Child Data

If you believe we have collected personal data from a child without appropriate consent, contact [privacy@dossier.nexus] immediately, and we will delete the data.

8. EUROPEAN UNION AND UK USERS – GDPR RIGHTS

If you are located in the European Union, European Economic Area, or United Kingdom, GDPR and UK DPA provide you with the following rights:

8.1 Right of Access (GDPR Article 15)

You have the right to request and obtain:

• Confirmation of whether we process your personal data

• A copy of your personal data in a portable, machine-readable format

• Details about the processing, including categories of data, recipients, and retention periods

How to exercise: Submit a request to [privacy@dossier.nexus] with “GDPR Access Request” in the subject line.

8.2 Right to Rectification (GDPR Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

How to exercise: Update your account information directly or contact support@dossiernexus.com.

8.3 Right to Erasure – “Right to Be Forgotten” (GDPR Article 17)

You have the right to request deletion of your personal data, except where:

• Data is necessary to perform our contract with you

• Data is required by law

• Data is necessary for legal claims

• Data is processed for legitimate interests that outweigh your rights

How to exercise: Contact support@dossiernexus.com with “GDPR Erasure Request” in the subject line.

8.4 Right to Restrict Processing (GDPR Article 18)

You may request that we limit processing of your data to storage only, if:

• You dispute the accuracy of the data

• Processing is unlawful but you do not want deletion

• We no longer need the data but you need it for legal claims

• You object to processing pending verification of legitimate interests

How to exercise: Contact support@dossiernexus.com with “GDPR Restriction Request” in the subject line.

8.5 Right to Data Portability (GDPR Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another organization without hindrance.

How to exercise: Contact support@dossiernexus.com. We will provide data within 30 days in CSV or similar portable format.

8.6 Right to Object (GDPR Article 21)

You have the right to object to:

• Processing based on legitimate interests

• Direct marketing

• Automated decision-making and profiling

How to exercise: Contact support@dossiernexus.com with “GDPR Objection” in the subject line, specifying the processing you object to.

8.7 Right Not to Be Subject to Automated Decision-Making (GDPR Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects, unless:

• The decision is necessary for contract performance

• You have explicitly consented

• Processing is authorised by law

• Appropriate safeguards are in place

How to exercise: Contact support@dossiernexus.com if you believe you are subject to such processing.

8.8 Right to Lodge a Complaint (GDPR Article 77)

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction if you believe your rights have been violated. Relevant authorities include:

• India: Data Protection Board under Ministry of Electronics and Information technology - EU: Data Protection Authority (DPA) in your member state

• UK: Information Commissioner’s Office (ICO)

• Other jurisdictions: Your local data protection authority

8.9 Response Timeframe

The Company will respond to GDPR requests within 30 days. If the request is complex, we may extend the deadline by 2 months, with notice.

8.10 No Discrimination

The Company will not discriminate against you for exercising any GDPR rights, including by:

• Denying service or charging different prices

• Providing lower service quality

• Retaliatory action

9. CALIFORNIA USERS – CCPA RIGHTS

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

9.1 Right to Know (CCPA § 1798.100)

You have the right to request and obtain:

• Categories of personal information we collect

• Specific personal information we have collected

• Sources of collection

• Our purposes for collection

• Categories of third parties with whom we share data

How to exercise: Submit a verified request to support@dossiernexus.com with “CCPA Disclosure Request” in the subject line.

9.2 Right to Delete (CCPA § 1798.105)

You have the right to request deletion of personal information we have collected from you, except where:

• Deletion would prevent us from performing contractual obligations

• Deletion would violate legal obligations

• Deletion would prevent fraud detection or security

How to exercise: Submit a verified request to support@dossiernexus.com with “CCPA Deletion Request” in the subject line.

9.3 Right to Opt-Out of Sale or Sharing (CCPA § 1798.120)

You have the right to opt out of the sale or sharing of your personal information.

Note: The Company does not knowingly sell personal information for monetary consideration. If you wish to opt out, contact support@dossiernexus.com with “CCPA Opt-Out Request” in the subject line.

9.4 Right to Correct (CCPA § 1798.100)

You have the right to request correction of inaccurate personal information.

How to exercise: Submit a request to support@dossiernexus.com with “CCPA Correction Request” in the subject line.

9.5 Right to Limit Use (CCPA § 1798.135)

You have the right to limit use and disclosure of sensitive personal information to purposes necessary to perform services you reasonably expect.

How to exercise: Submit a request to support@dossiernexus.com with “CCPA Limit Use Request” in the subject line.

9.6 Non-Discrimination

The Company will not discriminate against you for exercising CCPA rights, including by denying services, charging different prices, or providing lower service quality.

9.7 Response Timeframe

We will respond to CCPA requests within 45 days. If the request is complex, we may extend by 45 additional days.

9.8 Authorised Agent

You may designate an authorised agent to submit CCPA requests on your behalf. We will require verification of the agent’s authority.

10. INTERNATIONAL TRANSFERS

10.1 Data Transfers

The Company may transfer your personal data to countries outside your country of residence, including the United States and other jurisdictions. These countries may not have data protection laws equivalent to your home country.

10.2 Safeguards for Transfers

For transfers to countries without adequate data protection laws, the Company implements safeguards including:

• Standard Contractual Clauses (for EU/UK transfers)

• Binding Corporate Rules (for intra-company transfers)

• Adequacy Decisions by relevant authorities

• Data Processing Agreements with Standard Contractual Clauses

10.3 GDPR Article 44-50 Compliance

EU/UK users: The Company complies with GDPR Articles 44–50 for international data transfers. Additional details are available in our Data Processing Addendum.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Cookies Used

The Platform uses the following types of cookies:

Essential Cookies:

• Session authentication and login

• Security and fraud prevention

• Platform functionality

Performance and Analytics Cookies:

• Google Analytics (analytics.google.com)

• Mixpanel (mixpanel.com)

• Usage metrics and performance optimisation

Third-Party Cookies:

• Advertising and marketing partners

• Social media integrations

• Affiliate and referral tracking

11.2 Cookie Consent

When you first visit the Platform, we obtain your consent to use cookies (except essential cookies, which do not require consent). You can manage cookie preferences through:

• Cookie consent banner on the Platform

• Browser cookie settings

• Privacy settings in your account

11.3 Third-Party Cookies

Third-party service providers may set their own cookies. We do not control third-party cookies. Please review their privacy policies:

• Google Analytics: google.com/policies/privacy

• Facebook Pixel: facebook.com/policies

• LinkedIn Insight: linkedin.com/legal/cookie-policy

11.4 Disabling Cookies

You can disable cookies through your browser settings. However, disabling cookies may limit Platform functionality and user experience.

12. CONTACT US AND DATA PROTECTION INQUIRIES

12.1 Grievance Officer

For questions or concerns about this Privacy Policy or your personal data, contact our Grievance Officer

Email: grievance@dossiernexus.com

Address: DOSSIERNEXUS ACADEMIA PRIVATE LIMITED 1st Floor, 368, Maruthamalai Main Road, P.N.Pudur, Coimbatore, Tamil Nadu, India. Pincode: 641011

Phone: 9080750302

12.2 Response Time

We will respond to privacy inquiries within 10 business days.

12.3 Complaints

If you believe your privacy rights have been violated, you have the right to:

• Contact us first at grievance@dossier.nexus

• File a complaint with your local data protection authority

• Pursue legal remedies in your jurisdiction

12.4 Changes to This Policy

The Company may update this Privacy Policy from time to time. We will notify you of material changes by:

• Sending an email notification

• Displaying a prominent notice on the Platform

• Requiring your consent where required by law

Your continued use of the Platform after such notification constitutes your acceptance of the updated Privacy Policy.

13. GLOSSARY

• Personal Data: Any information relating to an identified or identifiable natural person

• Processing: Any operation performed on personal data (collection, use, storage, disclosure, deletion)

• Data Controller: Entity that determines purposes and means of processing (the Company)

• Data Processor: Entity that processes data on behalf of the Controller (service providers)

• Data Subject: Individual to whom personal data relates

• Consent: Clear, affirmative action or agreement to processing

• Legitimate Interest: Legal basis for processing when not covered by contract, law, or consent

• Special Categories of Data: Sensitive data including racial/ethnic origin, political opinions, religious beliefs, health, biometric data, genetic data

END OF PRIVACY POLICY

Acknowledgment:

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.