Privacy Policy
We at Centum Foundation (hereinafter mentioned as “Centum”, "us," "we," or "our" or “the organization”) is committed to security and management of personal data, to function effectively and successfully for the benefit of our stakeholders, clients, users and for the community. In doing so, it is essential that people’s privacy is protected through the lawful and appropriate means for handling the personal data. Therefore, we have implemented this privacy policy (hereinafter referred to as ‘‘policy’’).
Aim
This policy aims to protect personal data of the various stakeholders connected to our organization. This policy is aimed at providing individuals notice of the basic principles by which the organization processes the personal data of individuals (“Personal Data/Personal Information”) who visits, uses, deals with and/or transacts through the website/platform and includes a guest user and browser (hereinafter ‘you’, ‘user’).
Purpose and Scope
The purpose of this policy is to describe how Centum collects, uses, and shares information about you through our online interfaces owned and controlled by us, including but not limited to https://centumfoundation.in/ (hereinafter the "website"). This policy is also designed to provide information on how Centum ensures data security, conducts data transfers and process requests from data subjects. This policy control applies to all systems, people and processes that constitute the organization’s information systems, including members, employees and other third parties who have access to Personal Data available within Centum. The organization is also committed to ensure that its employees conduct themselves in line with this, and other related, policies. Where third parties process data on behalf of Centum, the organization endeavours to obtain assurances from such third parties that your Personal Data will be safeguarded consistently.
Centum processes Personal Data strictly for programme implementation, statutory and regulatory compliance, monitoring and evaluation, impact assessment, reporting to funding partners, and other lawful purposes aligned with its charitable and social objectives.
Information We Collect
The nature and extent of personal information collected by us depends on the relationship you have with us and the manner in which you interact with our services. Accordingly, we may collect different categories of information as set out below:
a) Clients / Institutional Partners
Where you engage with us in a professional or contractual capacity, we may collect and process the following information:
Name of the company / firm
Company / firm registration and identification details
Official email address
Official phone number
Designation and professional details of authorized representatives
Information shared during business communications and service interactions
b) Individual Users / Prospective Users
Where you are an individual user, learner, or have expressed interest in our services, we may collect:
Full name
Email address
Phone number
Company or organization name (if applicable)
Educational background and academic details
Previous employment or professional experience (where relevant)
c) Interaction and Preference Data
Additionally, depending on your engagement with us, we may collect:
Information relating to your interactions with our customer support or service teams
cYour preferences regarding marketing communications
Your communication preferences and consent choices
All information is collected solely for legitimate business purposes and in accordance with applicable data protection laws.
What types of cookies do we use?
There are a few different types of cookies, however, our website uses:
a) Persistent Cookies. We use persistent Cookies to improve your experience of using the Sites. This includes recording your acceptance of our Cookie Policy to remove the cookie message which first appears when you use the Sites.
b) Session Cookies. Session Cookies are temporary and deleted from your machine when your web browser closes. We use session Cookies to help us track internet usage as described above.
c) Analytical/Performance Cookies. Analytical cookies allow us to recognise and count the number of visitors and see how many visitors move around our website while they are using it. This helps us improve the way our website works, for example, by ensuring the users find what they are looking for.
d) Functionality Cookies. Functionality Cookies recognise when you return to the website. This enables us to create greater content for you and remember your likes and dislikes and other preferences.
e) Targeting Cookies. Targeting Cookies records the visit to our website, the pages navigated to and the links clicked upon. It helps to formulate information relevant to the user’s area of interests.
How to manage cookies?
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Disabling some cookies form the website, may have a negative impact and may result in some non-availability of some features.
If you want to remove previously stored Cookies, you can manually delete the Cookies at any time. However, this will not prevent the Sites from placing further Cookies on your device unless and until you adjust your Internet browser setting as described above.
You can however obtain up-to-date information about blocking and deleting cookies via these links:
https://support.google.com/chrome/answer/95647 (Chrome)
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox)
https://www.opera.com/help/tutorials/security/cookies/ (Opera) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer)
https://support.apple.com/kb/PH21411 (Safari)
These opt-out mechanisms rely on cookies to remember your choices. If you delete your cookies, use another computer or device, or change browsers, you will need to repeat this process. In addition, opting out of interest-based ads will not opt you out of all ads, but rather only those ads that are personalized to your interests.
Consent
We may obtain your consent to collect and use certain types of Personal Data when we are required to do so by law.
Once consent is obtained from the individual to use his or her information for those purposes, Centum has the individual's implied consent to collect or receive any supplementary information that is necessary to fulfil the same purposes. Express consent will also be obtained if, or when, a new use is identified.
Consent may also be implied where a user is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new services or products, and the client, customer, member does not opt-out.
Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), individuals can withhold or withdraw their consent for centum to use their personal information in certain ways.
Further, by using this website/ acknowledging this privacy policy / by voluntarily providing us with your Personal Data, you consent to collection, storage, and processing of your Personal Data in accordance with this privacy policy and our Terms of Service.
If you refuse or withdraw your consent, or if you choose not to provide us with any required Personal Data, we may not be able to provide you the services that can be offered on our website.
Advertising and Marketing
Centum may use limited Personal Data such as name, contact details and communication preferences to share information relating to its programmes, initiatives, events, research, partnerships, impact updates, and other activities aligned with its charitable and social objectives. Such communications shall be undertaken only where: (a) you have expressly consented to receive such communications; or (b) such communication is reasonably necessary for programme implementation, stakeholder engagement, or permitted under applicable law.
Centum does not sell Personal Data or use Personal Data for commercial advertising or monetisation purposes.
Centum may engage third-party service providers to support communication and outreach activities (such as email distribution, digital platforms, or website analytics). Such service providers process Personal Data solely on our instructions, are bound by confidentiality and data protection obligations, and are not permitted to use Personal Data for their own independent purposes.
Where electronic communications are sent, you will be provided with an appropriate opt-out mechanism, and your preferences will be respected.
Disclosure of Personal Data
We may share the personal information collected or provide such access to other companies/organizations.
Examples of third parties with whom we may share Personal Data includes:
a) With government bodies, including tax and social security authorities, to comply with applicable laws (including employment and tax laws), to obtain licenses or approvals, and upon request during an audit or assessment;
b) With suppliers, subcontractors and service providers, to provide you with required/requested service, including technology, telecom, internet providers;
c) With professional advisers, consultants, and employment and recruitment agencies, to conduct background verification and reference checks, administer benefits and payroll, deal with disciplinary and grievance issues and maintain emergency contact details;
d) With our legal advisors and external auditors for legal advice and to conduct business audits;
e) With service providers for continuity management and contingency planning in the event of business disruptions.
f) With certain companies in order to establish a membership to participate in digital wallets, payment services or rewards programme
g) We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Data subject rights
Some jurisdictions have provided individuals with certain rights in relation to the processing of their Personal Data. In India, these rights arise under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). Where applicable, individuals located in other jurisdictions, including the European Union, may also have rights under their respective data protection laws. Depending on applicable law, you may have the right to:
a) Request access to your Personal Data.
b) Request correction of your Personal Data (should your Personal Data be inaccurate, incomplete, or obsolete).
c) Request deletion of your Personal Data
d) Withdraw your consent to processing (where we processed Personal Data on the basis of your consent). Please note that withdrawing your consent applies only to future processing activities.
e) Object to the processing of your Personal Data.
f) Request restrictions on the processing of your Personal Data.
g) Request the transfer of your Personal Data to you or a third party.
h) Opt-out of certain transfers to third parties.
i) Request to opt out of automated decision making.
To exercise a right that you believe you may be entitled to under applicable law, please write to us at dpo.centum@centum.ind.in
We may need to verify your identity before we fulfil your request.
Please note that certain conditions in relation to processing of your rights, will vary as many countries have varying data privacy rights. Our response and further processing of request to exercise these rights will depend upon the law applicable in relation to the rights exercised by you. We may refuse requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, may compromise and ongoing investigation, or are impractical. It is our policy to never discriminate against you for exercising any of these rights.
You may have the right to complain to a data protection authority about our processing of your Personal Data. For more information, please contact your local data protection authority.
Our Policy on Children’s Data
Children’s data privacy is important to us. Our Site is not intended for children Age to constitute a user as children is different for different jurisdictions. The age (for valid consent) of children varies across jurisdictions. For example, under GDPR child is a person aged 16 years or below, and in United Kingdom, children is someone who is aged 13 , in case of Singapore and Qatar the valid age for providing consent is 18 years.
As a general policy, our company does not engage in the collection, processing, storage, use, dissemination, and transfer of Personal Data of children.
In case such a collection becomes necessary for the performance of our contractual obligations, or when required under the concerned law, we shall notify you in a time-bound and appropriate manner, informing the purposes and reasons for such collection and seek your explicit consent, and where applicable, parental authorization, prior to the processing of such data.
We will take appropriate steps to delete any Personal Data of children’s that has been collected on our website without verified parental consent upon learning of the existence of such Personal Data, subject to conditions stipulated in the laws of applicable jurisdiction.
Data Security
We will ensure that appropriate technical and organizational measures are in place, supported by privacy impact and risk assessments, to ensure a high level of security for Personal Data, and secure environment for information held both manually and electronically.
We implement appropriate security measures designed to prevent unlawful or unauthorized processing of personal information and accidental loss of or damage to personal information. We maintain written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures assign specific data security responsibilities and accountabilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your personal information.
In addition, as part of its organizational security measures, employees must:
a) ensure that all files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
b) ensure that all files or written information of a confidential nature are not left where they can be read by unauthorised people
c) check regularly on the accuracy of data being entered into computers
d) always use the passwords provided to access the computer system cautiously and such access should not be circulated, unless absolutely necessary
e) use computer screen blanking to ensure that Personal Data is not left on screen when not in use.
f) Personal Data should not be kept or transported on laptops, USB sticks, or similar devices, unless authorised by relevant stakeholders. Where Personal Data is recorded on any such device it should be protected by:
g) ensuring that data is recorded on such devices only where absolutely necessary
h) using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
i) ensuring that laptops or USB drives are not left lying around where they can be stolen.
j) Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
We also take steps to ensure that our service providers, contractors and other third parties maintain similar level of data protection measures when processing your Personal Data. While we strive to secure your Personal Data, please note that 100% security of Personal Data cannot be guaranteed and that we shall not be liable for any misuse or loss of Personal Data carried out by third party cloud service provider.
Retention of Personal Data
We retain your Personal Data, not longer than necessary for the purposes for which it was collected. The length of time to retain Personal Data depends on the purposes for which we collect and use it and/or as may be required to comply with applicable laws, to establish, exercise, or defend our legal rights.
The users can exercise their rights enumerated herein. Also, if in case required to extend the period of retention of such data, we shall obtain your consent for the same. Further, we may also dispose the data prior to completion of the period of retention, if the purpose for which it was collected is exhausted.
External Links on our website
For your convenience we may provide links to sites operated by organizations other than Centum("Third Party Sites") that we believe may be of interest to you. We do not disclose your Personal Data to these Third-Party Sites unless we have a lawful basis on which to do so. We do not endorse and are not responsible for the privacy practices of these Third-Party Sites. If you choose to click on a link to one of these Third-Party Sites, you should review the privacy policy posted on the other websites to understand how that Third-Party website collects and uses your Personal Data.
Centum uses YouTube API Services to play YouTube videos. When a YouTube video is played, the app communicates directly with the content provider (YouTube) and not with Centum. Users of the app should be aware of the Google Privacy Policy available at https://policies.google.com/privacy, which states how YouTube treats user data. Centum does not have any record of the videos watched or any other user related YouTube API data.
We take no responsibility for the content or practices of any third-party services in the Third Party Sites.
We encourage you to carefully review the terms of services/use of any third-party services or Third Party Sites you access.
Use of this website and our Terms of Service
This website is the property of the Centum. Our Terms of Use (also known as “Terms of Service” or “Terms and Conditions”) and this Privacy Policy collectively govern the use of the website and the services offered by Centum. This Privacy Policy shall form a part of the Terms by way of reference. By using this website and the information offered herein, you indicate your acceptance of these Terms of Use.
Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Company shall notify the relevant supervisory authority without undue delay after becoming aware of such breach and may provide the information in phases where necessary.
Where the personal data breach is likely to result in a high risk to the rights and freedoms of affected individuals, the Company shall communicate the breach to such individuals without undue delay. If the nature or severity of the breach so warrants, the Company may also issue a public notification without undue delay, in accordance with applicable laws and regulatory requirements.
Data Controller/ Company Details
The "Data Controller" (i.e., Centum) means the entity that will make the decisions about how your data is used and that is responsible for deciding how it holds personal information about you.
Data Protection Officer
The company, in accordance with the applicable laws, and all applicable rules made thereunder, has appointed a Data Protection Officer; who can be reached at the details below:
Contact Name: DPO Centum
Email Address: dpo.centum@centum.ind.in