1. Introduction & Acceptance

College Disha Pvt. Ltd. ("College Disha", "we", "us" or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, process, store, disclose and otherwise manage personal information collected through our websites, mobile sites, mobile applications, related online services and offline interactions (collectively, the "Platform") and when you otherwise interact with us.

By accessing or using our Platform, creating an account, submitting information, or otherwise interacting with College Disha, you acknowledge that you have read, understood and agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please do not use or access the Platform.

Important: This Privacy Policy is an electronic record, pursuant to the Information Technology Act, 2000 and related rules, and does not require a physical signature.

2. Scope & Applicability

This Policy applies to personal information that we collect in the context of providing services related to college discovery, counseling, mentorship, and admissions guidance, and other education-related products and services. It applies to information collected:

• When you use our Platform (registered or unregistered).
• When you contact us or our partners directly.
• When our partners or third-party service providers share information with us as permitted by you or by law.

This Policy does not apply to information that is anonymized (i.e., that cannot be reasonably linked to an identifiable person) or publicly available information that you have placed in the public domain.

3. Definitions

For ease of reading, the following capitalized terms have the meanings indicated below:

"Personal Information"

Any information that identifies, relates to, describes, or can reasonably be associated with an identifiable natural person.

"Sensitive Personal Data or Information" ("SPDI")

Information of a sensitive nature that may include financial information, bank account/credit card details, authentication information, health information, unique identifiers and other information identified as sensitive under applicable law.

"Processing"

Any operation performed on Personal Information such as collection, recording, storage, modification, retrieval, transfer, disclosure, erasure and destruction.

"Controller"

The entity that determines the purposes and means of processing Personal Information. For the purposes of this Policy, College Disha acts as the Controller.

"You"

Means the individual accessing or using the Platform or otherwise providing Personal Information to College Disha.

4. Controller & Contact

The Controller of your personal information under this Policy is:

College Disha Pvt. Ltd.
CIN: U85499DL2025PTC448014
Registered Office: H No- P-134 Ground Floor, Batla House, Okhla, Jamia Nagar, South Delhi, New Delhi, Delhi, India, 110025
Email: legal@collegedisha.in

For privacy-related queries, please use the email address above. We will respond in accordance with applicable laws and timelines.

5. Information We Collect

We collect Personal Information and Non-Personal Information as described below.

5.1 Personal Information (collected directly or indirectly)

Examples of Personal Information that we may collect include, without limitation:

• Identity Information: Full name, date of birth, gender.
• Contact Information: Email address, postal address, phone number.
• Academic & Professional Information: Education history, marks/grades, transcripts, program preferences, entrance exam scores, intended courses, universities of interest.
• Transaction & Payment Information: Payment card tokens or masked card details (where required and handled through secure third-party payment gateways), billing details, transaction history.
• Authentication Data: Usernames, password hashes (we store securely), OTPs and similar authentication tokens.
• Support & Communication: Messages and content you provide when contacting support or counselors.
• Preferences & Profiles: Interests, course preferences, mentoring preferences.

5.2 Sensitive Personal Data or Information (SPDI)

We may collect and process certain SPDI only where necessary and with appropriate safeguards and lawful basis, for example:

• Financial information required to process payments (directly or via third-party gateways);
• Health-related information where it is voluntarily provided for a specific service (for example, accessibility requirements);

We will take extra care before collecting SPDI and will only do so in compliance with applicable law and with your explicit consent where required.

5.3 Non-Personal Information

Non-personal or aggregated information includes:

• Device type, operating system, browser type and version.
• IP address, approximate geolocation (city-level), Internet service provider.
• Usage data such as pages visited, clicks, time spent, referral source, and aggregated analytics.
• Cookie identifiers and advertising identifiers.

5.4 Information from Third Parties

We may receive information about you from our partners or third parties (for example, when you apply to a partner college, or when you sign in using a social login). This may include profile information you have made available on social platforms, or partner-provided data to facilitate your application or counseling.

6. How We Collect Information

We collect information in several ways, including:

• Directly from you: When you register, complete forms, apply for services, contact support, participate in surveys, or otherwise provide information.
• Automatically: Through cookies, log files and other tracking technologies when you visit our Platform.
• From third parties: From service providers, partners, academic institutions, public records, and social networks (where you authorize such access).
• From offline sources: Events, workshops, telephonic interactions, or partner referrals.

6.1 Examples of collection points

• Account creation pages and registration forms.
• Application forms and document upload facilities.
• Feedback forms, surveys and reviews.
• Live chat and support interactions.
• Third-party integrations such as social sign-in (Google, Facebook).

7. How We Use Your Information

We use the information we collect for legitimate business and operational purposes which may include but are not limited to the following:

7.1 Core service delivery

• To provide college search, counseling, mentorship and admission support services;
• To process, evaluate and manage your applications or registrations with partner institutions;
• To verify identity and to authenticate accounts;

7.2 Communication

• To respond to your inquiries, provide customer support and to deliver important account notices;
• To send transactional messages such as confirmations and receipts;

7.3 Personalization & Improvement

• To personalize content, recommendations, and the Platform experience;
• To analyze usage trends and improve our Platform and offerings;

7.4 Marketing & Outreach

• To send newsletters, promotional offers and relevant educational opportunities with your consent or pursuant to legitimate interest where permitted;

7.5 Security, Legal & Compliance

• To detect and prevent fraud, abuse or other illegal activity;
• To comply with legal obligations, enforce our terms and protect our rights.

We will not use your Personal Information for purposes materially different from those described above without providing you notice and, where required, obtaining your consent.

8. Legal Bases for Processing (Where Applicable)

For individuals in jurisdictions such as the European Economic Area (EEA), the United Kingdom and other regions where data protection laws require lawful bases for processing, College Disha relies on one or more of the following legal bases as applicable:

• Contractual necessity: Processing necessary to perform a contract with you (e.g., providing counseling services, processing applications).
• Consent: When you have given clear consent for us to process your Personal Information for a specific purpose (e.g., marketing emails).
• Legal obligation: Processing necessary to comply with a legal obligation (e.g., tax or regulatory requirements).
• Legitimate interests: Where we have a legitimate interest in processing (e.g., fraud prevention, service improvements) that is not overridden by your rights and interests.

If you are located in a jurisdiction where specific legal bases apply, we will inform you at the point of collection which basis applies to the processing we intend to carry out.

9. Cookies & Tracking Technologies

We and our service providers use cookies and similar technologies for various purposes. Cookies are small text files stored on your device that help us recognize your device and remember preferences. Below is a summary of cookie categories and typical uses:

9.1 Types of cookies

• Essential / Strictly necessary cookies: Required for the operation of our Platform (e.g., session cookies, authentication).
• Performance / Analytics cookies: Help us understand how you use our Platform and help improve performance and user experience.
• Functional cookies: Remember choices you make (e.g., language, region).
• Targeting / Advertising cookies: Used to deliver relevant marketing content and measure the effectiveness of ads.

9.2 Managing cookies

You can control and manage cookies via your browser settings or cookie preference controls provided on our Platform. Disabling cookies may affect functionality or degrade your experience.

9.3 Third-party tracking

Third-party services used on our Platform (for example, analytics and advertising partners) may place cookies. Their use is governed by their respective privacy policies.

10. Sharing, Disclosure & Transfer of Information

We may share Personal Information with:

10.1 Partner colleges & institutions

With your consent and for the purpose of facilitating admissions, recruitment or counseling, we may share your application details and documents with colleges, universities and other educational institutions. You will be informed where such disclosure is being made in your course of application or registration.

10.2 Service providers and processors

We use third-party vendors to provide services such as hosting, analytics, payment processing, email delivery, customer support and marketing. These providers process Personal Information on our behalf under contract and are required to implement appropriate safeguards.

10.3 Legal and regulatory authorities

We may disclose Personal Information when required by law, to comply with a court order, regulation, legal process, or to protect rights, property or safety of College Disha, our users or others.

10.4 Business transfers

In the event of a reorganization, sale, merger, acquisition, joint venture, transfer of assets, or insolvency, Personal Information may be transferred to third parties as part of the transaction. We will require that any transferee adhere to the terms of this Privacy Policy unless we notify you otherwise.

10.5 Aggregated & anonymized data

We may create and share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for analytical and marketing purposes.

We do not sell your Personal Information to third parties. Where applicable law defines "sale" or similar terms broadly, we will provide notice and opt-out options if required by law.

11. Third-Party Services & Links

Our Platform may integrate third-party services such as social sign-in, payment gateways, analytics providers, advertising platforms and external content providers. These third parties have their own privacy policies and practices. We encourage you to read any third-party privacy policies before providing any information to them.

11.1 Examples of third-party services

• Payment processors (for course fees, paid services).
• Analytics providers to measure and improve our Platform.
• Marketing platforms that enable email or SMS communications.
• Social logins (Google, Facebook) that facilitate account creation and login.

We are not responsible for the privacy practices of third parties and the use of your data by those third parties.

12. International Data Transfers

College Disha is based in India and may process and store your Personal Information in India and in other jurisdictions where our service providers operate. Processing abroad may involve transferring Personal Information to countries that may have different data protection laws.

When transferring data internationally, we will take appropriate steps to ensure there are adequate protections in place, such as contractual safeguards, standard contractual clauses, or other lawful transfer mechanisms as required by applicable law.

13. Data Security Measures

We implement appropriate technical, administrative and organisational security measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

13.1 Examples of safeguards

• Role-based access controls and least-privilege principles;
• Encryption in transit (e.g., HTTPS) and where appropriate at rest;
• Regular security assessments, penetration testing and audits;
• Employee training and contractual safeguards for third-party providers;
• Incident response plans to manage and notify relevant stakeholders in case of a breach.

Although we implement commercially reasonable safeguards, no system can be guaranteed to be 100% secure. If a security incident affects your Personal Information, we will take steps required by applicable law including notification to affected individuals and authorities where necessary.

14. Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes described in this Policy, to comply with legal obligations, to resolve disputes and to enforce our agreements.

14.1 Retention principles

• Information used to provide ongoing services will be retained as long as your account is active or as needed for the provision of services;
• Transactional or billing data may be retained for legal, tax or accounting obligations for periods required by applicable law;
• Information for marketing may be retained until you opt out or withdraw consent;
• We periodically review data and securely delete or anonymize data that is no longer required.

15. Children & Minors

Our Platform is not intended for children under the age of 13 (or the age specified by local law). We do not knowingly collect Personal Information from children without parental consent. If we learn that we have unintentionally collected Personal Information from a child without appropriate consent, we will take steps to delete such information.

If you are a parent or guardian and you believe your child has provided Personal Information without consent, please contact us at legal@collegedisha.in and we will take prompt action.

16. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your Personal Information. Below is a non-exhaustive summary of rights commonly available in many jurisdictions:

16.1 Access

You may request access to the Personal Information we hold about you and receive a copy of it in a commonly used format where applicable.

16.2 Correction

You can request correction of inaccurate or incomplete Personal Information.

16.3 Deletion / Erasure

Where permitted by applicable law, you may request that we delete your Personal Information (subject to exceptions such as legal obligations, fraud prevention and contractual needs).

16.4 Restriction of processing

You may request restriction of processing where the accuracy of data is disputed, where processing is unlawful, or where data is no longer needed by us.

16.5 Data portability

Where applicable, you may request a copy of your Personal Information in a structured, commonly used and machine-readable format.

16.6 Object & Withdraw Consent

You can object to processing based on legitimate interests and withdraw any consent you previously gave for processing.

16.7 How to exercise your rights

To exercise your rights, email legal@collegedisha.in with sufficient details to help us locate your data and respond. We will respond within the timeframes required by applicable law. We may ask you to verify your identity before taking action to protect your security and privacy.

Note: In some cases, we may decline requests that are manifestly unfounded, excessive, or require disproportionate effort. Where we are unable to comply with a request in full we will explain why and provide any partial compliance where possible.

17. Marketing Communications & Opt-Out

We may send promotional messages about our services or offers from partners where you have consented to receive such messages. You may opt-out from marketing communications at any time by:

• Clicking the unsubscribe link in promotional emails;
• Changing your preferences in your account settings (if available); or
• Emailing us at legal@collegedisha.in with your request.

Opting out of marketing will not prevent you from receiving administrative messages related to your account or services (for example, payment confirmations or service notifications).

18. Grievance Redressal

If you have a complaint about how we process your Personal Information, please email legal@collegedisha.in. We will acknowledge receipt of a complaint and aim to respond within a reasonable timeframe and in accordance with applicable law.

If your complaint is not resolved to your satisfaction, you may escalate the same to relevant data protection authorities in your jurisdiction.

19. Changes to this Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements or new features. When we make changes, we will revise the Effective Date above and, where appropriate, provide more prominent notice (for example, displaying a notice on our Platform).

Your continued use of the Platform after the updated policy becomes effective constitutes your acceptance of the updated policy.

20. Governing Law & Jurisdiction

This Privacy Policy and our processing of your Personal Information shall be governed by the laws of India, unless otherwise required by the laws that apply to you, and you agree to submit to the exclusive jurisdiction of the courts of competent jurisdiction in India to resolve any disputes (unless otherwise required by mandatory local laws).

21. Contact Information

For questions, requests or concerns about this Privacy Policy or our data practices, please contact us:

College Disha Pvt. Ltd.
CIN: U85499DL2025PTC448014
Registered Office: H No- P-134 Ground Floor, Batla House, Okhla, Jamia Nagar, South Delhi, New Delhi, Delhi, India, 110025
Email: legal@collegedisha.in

Please include sufficient detail in your communications so we can properly address your request.

Annexures & Appendix

Annex A — Typical Processing Activities & Purposes

The table below illustrates common processing activities and purposes for which we process Personal Information:

• Provision of Services: Name, contact, academic details — used to provide counseling and admission services.
• Verification & Fraud Prevention: Identity and transaction data — used to verify and prevent misuse.
• Payment Processing: Payment and billing details — used to complete transactions via secure third-party processors.
• Analytics & Performance: Usage data — used to improve our Platform and offerings.

Annex B — Cookie Example Table

Below is a representative non-exhaustive example of cookies you may encounter:

• _session — session cookie used for user authentication (essential)
• _ga — Google Analytics client identifier (analytics)
• _gid — Google Analytics session identifier (analytics)
• ads_id — ad network identifier (advertising)

Annex C — Data Subject Request Template

Use this template when requesting data access, correction, or deletion:

Subject: Request under Privacy Policy — [Access/Correction/Deletion]
Name: [Your full name]
Email associated with account: [your email]
Details of request: [Describe what you are asking for]
Attachment: [Include copy of ID for verification (if required)]
      

We may request additional information to verify your identity prior to actioning sensitive requests.