1. Home /
  2. Page
Previous page

Privacy Policy

Effective Date: 17 July 2025
Website: https://course.educationmesd.com
Entity: Education MESD (“Education MESD,” “we,” “us,” or “our”)
Support / Privacy Contact: [email protected] | +91 9836590025

Education MESD is committed to protecting the privacy and security of learners, instructors, and visitors who use our online course platform. This Privacy Policy explains what personal data we collect, how we use and share it, the legal bases on which we process data, how we safeguard it, and the choices and rights available to you. By using our website, enrolling in a course, creating an account, or making a payment through our Razorpay‑enabled checkout, you agree to the practices described here.

1. Scope & Applicability

This Policy applies to personal data collected through the Education MESD course platform (the “Platform”), related subdomains, customer support channels (email, phone, chat), and payment processing facilitated via Razorpay. It covers data collected directly from you, data generated automatically from your use of the Platform, and limited data received from payment processors and other service providers required to deliver our services. It is drafted to align with India’s data protection framework, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). (meity.gov.in, dataguidance.com, dlapiperdataprotection.com)

2. Key Definitions (Plain Language)

Personal Data / Personal Information – Any data about an identifiable individual, whether obtained directly or when combined with other data. (dlapiperdataprotection.com)

Sensitive Personal Data / Information (SPDI) – Under India’s SPDI Rules this includes (among other categories) passwords, financial information (such as bank account, credit/debit card details), physical/physiological/mental health conditions, sexual orientation, medical records/history, and biometric information. (oercs.berkeley.edu, dataguidance.com)

Data Principal – The individual to whom the personal data relates (similar to “data subject”). Data Fiduciary – The entity that determines the purpose and means of processing personal data (that’s us when we run the Platform). (meity.gov.in, dlapiperdataprotection.com)

3. Data We Collect

We collect only the data needed to provide and improve our learning services, process payments, comply with law, and communicate with you.

3.1 Account & Profile Data

  • Name, email address, mobile number.
  • Optional details you choose to add (e.g., profile photo, educational background, professional role).

3.2 Enrollment & Learning Activity

  • Courses purchased or enrolled in, progress, completion records, quiz scores, certificates issued, discussion posts, assignment submissions.

3.3 Support Interactions

  • Information you share when contacting support (tickets, calls, emails, attachments).

3.4 Payment & Billing Data (via Razorpay)

  • Order ID, transaction amount, currency, payment status, and timestamp received from Razorpay callbacks/webhooks.
  • Limited masked payment instrument info (e.g., last 4 digits, card type) if returned by the payment gateway for reconciliation.
  • We do not collect or store full card numbers, CVV, UPI PINs, or net‑banking credentials; these are captured and processed directly by Razorpay’s secured systems compliant with applicable payment security standards (see Section 5). (india.su.org, razorpay.com, razorpay.com)

3.5 Device & Usage Data (Cookies / Logs)

  • IP address, device type, operating system, browser, referring URLs, pages viewed, features used, session timestamps, and error logs. Data of this type is routinely collected by modern web platforms and is similarly used by Razorpay to administer secure services. (razorpay.com, razorpay.com)

3.6 Optional Marketing Preferences

  • Your opt‑in/opt‑out selections for email, SMS, or WhatsApp updates.

4. Lawful Bases & Consent

Where required, we obtain your consent before collecting or processing personal data—consent must be free, specific, informed, and revocable. You may withdraw consent at any time; if you do, we may be unable to provide certain services (for example, process a course purchase) after withdrawal. This approach follows the consent standards under the DPDP Act and the SPDI Rules, which also require providing users an option not to supply data and the ability to withdraw consent. (meity.gov.in, dataguidance.com)

In addition to consent, we rely on other lawful grounds permitted under applicable law, including: performing a contract (delivering a purchased course), complying with legal obligations (tax, accounting, regulatory reporting), and pursuing legitimate interests such as platform security, fraud prevention, and service analytics—balanced against your rights. (dlapiperdataprotection.com, razorpay.com)

5. Payments Processed via Razorpay

When you initiate a payment, you are redirected (or an embedded checkout loads) to complete the transaction through Razorpay, our payment gateway provider. Razorpay collects and processes payment instrument data (card, UPI, net‑banking, wallet) using industry‑standard security controls including encryption and PCI‑DSS‑aligned safeguards; transaction data is retained only as long as needed to complete and secure the purchase. We receive transaction confirmation details (order ID, amount, status) but do not receive or store full card credentials. (india.su.org, razorpay.com, razorpay.com)

6. How We Use Your Data

We use personal data to:

  • Register and manage user accounts; authenticate logins.
  • Deliver, track, and improve courses and learning experiences.
  • Process orders and payments; issue invoices/receipts.
  • Provide learner support, respond to queries, and resolve complaints.
  • Send service communications (enrollment confirmations, schedule changes, certification notices).
  • Detect and prevent fraud, abuse, or security incidents.
  • Generate aggregated, de‑identified analytics to improve courses and site performance.
  • Send optional marketing communications when you have opted in (you can unsubscribe anytime). These uses align with permissible processing purposes under India’s data protection framework and common e‑learning service needs. (dlapiperdataprotection.com, razorpay.com)

7. Cookies & Tracking Technologies

We use cookies, local storage objects, and similar technologies to keep you signed in, remember preferences, measure course engagement, and understand site performance. Standard web server logs may also capture IP address, browser type, and time of access to help maintain security—practices also described in Razorpay’s privacy disclosures for administering its services. You can control cookies through your browser settings; disabling some cookies may affect site functionality. (razorpay.com, razorpay.com)

8. Data Sharing & Disclosure

We do not sell personal data. We share data only as described below:

Service Providers & Technical Partners – Hosting, analytics, communication tools, and payment processing (Razorpay) receive only the data needed to perform contracted services and are bound by confidentiality and security commitments. (razorpay.com, razorpay.com)

Instructors / Academic Partners – Limited learner name, enrollment status, and progress may be shared with course instructors or institutional partners when needed to deliver instruction, grading, or certification, subject to contractual safeguards consistent with Indian privacy requirements for data disclosure. (dataguidance.com, legal500.com)

Legal, Compliance & Fraud Prevention – We may disclose data when required by law, to respond to lawful requests from government agencies, to enforce our agreements, or to protect the rights, property, or safety of users, Education MESD, or others. The SPDI Rules permit disclosure to government agencies for lawful purposes and require appropriate documentation; similar obligations exist across India’s data privacy framework. (dataguidance.com, dlapiperdataprotection.com)

9. International Data Transfers

If our servers or service providers are located outside India, your data may be transferred internationally. When we transfer data, we do so in line with applicable Indian law and contractual safeguards. The DPDP Act contemplates cross‑border transfers subject to conditions that may be prescribed by the Government; we will comply with any notified restrictions or adequacy designations. (dlapiperdataprotection.com, meity.gov.in)

10. Data Retention

We retain personal data only for as long as needed to fulfill the purposes described in this Policy, satisfy legal/accounting/reporting obligations, resolve disputes, or enforce agreements. Emerging guidance under India’s evolving data protection regime stresses defined retention periods and secure disposal once the purpose is served. (legal500.com, dlapiperdataprotection.com)

11. Your Rights

Subject to applicable law, you may have the following rights:

  • Access / Review – Request a copy of the personal data we hold about you.
  • Correction / Update – Ask us to correct inaccurate or incomplete data. The SPDI Rules call for correction of inaccurate data where feasible. (dataguidance.com)
  • Withdraw Consent – Withdraw consent to data processing; if you do, some services may no longer be available. Both the DPDP Act and SPDI Rules recognize withdrawal of consent (with consequences explained to the user). (meity.gov.in, dataguidance.com)
  • Deletion / Erasure – Request deletion where data is no longer needed for the stated purpose or legal obligations; data minimization and purpose limitation are emphasized in India’s developing privacy regime. (dlapiperdataprotection.com, legal500.com)
  • Grievance Redressal – Contact our Grievance Officer (see Section 14); Indian rules require designation of a Grievance Officer and timely response to complaints. (dataguidance.com, dlapiperdataprotection.com)

To exercise any of these rights, email [email protected] with “Privacy Request” in the subject line or call +91 9836590025. We may need to verify your identity before acting on a request, consistent with security best practices. (razorpay.com)

12. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures include access controls, encryption in transit (HTTPS), secure credential storage, logging, and periodic security reviews aligned with the “reasonable security practices” contemplated under India’s IT Act/SPDI Rules; organizations commonly align with recognized standards such as PCI‑DSS (for payments handled by Razorpay) and broader information security frameworks. Razorpay separately implements encryption, tokenization, and fraud‑prevention controls to secure payment data. (razorpay.com, dataguidance.com, india.su.org)

13. Children & Learners Under 18

Our courses are primarily intended for learners aged 16 and above; younger learners may participate only with the consent and supervision of a parent/guardian and the educational institution (if applicable). We do not knowingly solicit or collect personal data from children under 13; if we learn we have done so, we will delete it promptly unless retention is required by law. These practices help reduce risk when processing minors’ data under emerging Indian privacy norms. (dlapiperdataprotection.com)

14. Contact, Grievance & Data Protection Queries

If you have questions, concerns, or requests about privacy or this Policy, please contact us:

Email: [email protected]
Phone: +91 9836590025
Postal Address: [Insert full postal address for Education MESD’s registered office / principal place of business.]

Grievance Officer / Data Protection Contact: [Name / Title to be designated]. Indian SPDI Rules require that we publish the name and contact details of a Grievance Officer and respond within a defined timeframe (currently within one month of receiving a grievance). (dataguidance.com, dlapiperdataprotection.com)

15. Updates to This Policy

We may update this Policy from time to time to reflect changes in law, technology, or our services. Material changes will be communicated via email or prominent notice on the Platform before they take effect. Continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the revised terms. Staying current with India’s evolving data protection laws (including rules issued under the DPDP Act) may require periodic revisions. (dlapiperdataprotection.com, meity.gov.in)

16. Your Consent

By registering on the Platform, purchasing a course, or otherwise submitting personal data, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy, as updated from time to time. Where consent is the basis of processing, you may withdraw it using the methods described above. (meity.gov.in, dataguidance.com)

Implementation Notes (Remove Before Publishing)

  • Replace all bracketed placeholders (postal address, Grievance Officer name/title) before going live.
  • Link to Razorpay’s official Privacy Policy from the Payments section within the published page.
  • Ensure cookie banner and consent capture are implemented if using marketing or analytics trackers beyond strictly necessary cookies.
  • Align data retention schedules with accounting/tax requirements and any DPDP Rules notifications when finalized.

Last reviewed: 17 July 2025.