1. Introduction & Scope
1.1 This Privacy Policy (“Policy”) sets out how GVISION AND CAREERS (OPC) PRIVATE LIMITED (operating under the brand name “Global Vision and Careers”) (“we”, “us”, “our”) collects, processes, uses, discloses, retains, protects, and deletes digital personal data from users (“you”, “your”, “User”) of the website https://globalvisionandcareers.com/, its sub-domains, applications, and related services (collectively, the “Platform”).
1.2 We respect your privacy and are committed to protecting your personal data in accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”), and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.
1.3 This Policy applies to all persons whose digital personal data we process, irrespective of their country of residence, when such processing is related to offering services to Indian residents or is otherwise within the scope of these laws.
2. Definitions
Unless the context otherwise requires, the following definitions apply:
- “Personal Data” / “Digital Personal Data” means any data about an individual who is identifiable by or in relation to such data, collected or processed in digital form.
- “Sensitive Personal Data” (if applicable) refers to data revealing race, caste, religious beliefs, biometric data, health data, etc.
- “Data Principal” means the individual to whom the Personal Data relates (i.e., you).
- “Data Fiduciary” means the entity (us) that determines the purpose and means of processing your Personal Data.
- “Data Processor” means a third party that processes Personal Data on our behalf under contract.
- “Consent” means a free, specific, informed, unconditional, and unambiguous agreement to process your Personal Data, given by a clear affirmative action.
- “Processing” means any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
- “Third-Party Services / Third Parties” means external entities (universities, employers, embassies, payment gateways, analytics providers, partners) with whom we may share your Personal Data.
3. What Data We Collect
We collect and process the following categories of Personal Data, depending on your use of the Platform or our Services:
3.1 Identity & Contact Data
- Name, date of birth, gender, father’s / guardian’s name
- Email address, postal address, phone number
3.2 Academic & Employment Data
- Education records, transcripts, test scores, certificates
- Employment history, resume, references, professional qualifications
3.3 Document / Identity Data
- Passport, visa documents, national ID, photograph, proof of address
3.4 Financial Data
- Bank account details, payment transaction records, fee receipts
3.5 Platform Usage & Technical Data
- IP address, device identifiers, browser type, operating system, logs, analytics data
- Cookies and tracking data (see our Cookie Policy)
3.6 Communication Data
- Email and message correspondence, feedback, queries
3.7 Optional / Voluntary Data
- Demographic information, preferences, or survey responses
We will not collect more Personal Data than is reasonably necessary for the purposes for which it is collected (data minimization principle under DPDP / GDPR).
4. Purposes & Legal Bases for Processing
We process your Personal Data for the following primary purposes, with legal bases under applicable law:
| Purpose | Legal Basis (India DPDP) | Legal Basis (GDPR, if applicable) |
| Managing your enquiries, applications, counselling & visa services | Consent / Contract performance | Consent / Contractual necessity |
| Communication (updates, notices, support) | Consent / Legitimate interest | Consent / Legitimate interest |
| Payment processing, invoicing, refunds | Contractual necessity / Legal Obligation | Contractual necessity |
| Analytics, site improvement, marketing (opt-in) | Consent / Legitimate interest where permissible | Consent / Legitimate interest (if balanced) |
| Sharing with universities, embassies, employers, processors | Consent / Contractual necessity | Consent / Performance of contract |
| Fraud detection, security, compliance & auditing | Legitimate interest / Legal obligation | Legitimate interest / Compliance with legal obligation |
You will always be informed at or before the time of collection of the specific purpose(s) for which your data is collected, and only data relevant and necessary to that purpose will be collected.
5. Consent & Withdrawal
5.1 Where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.
5.2 The mechanism to withdraw consent will be as easy as giving it (e.g. via the privacy settings panel, email request, or account settings). (DPO INDIA)
5.3 Upon withdrawal, we will stop processing the relevant Personal Data, except where continued processing is required by law or for legitimate purposes (e.g. record-keeping, compliance, dispute resolution).
6. Sharing, Disclosure & International Transfers
6.1 We may share your Personal Data with the following categories of recipients:
- Universities, colleges, institutions (for admissions processing)
- Employers or placement partners
- Visa / immigration authorities or embassies
- Third-party service providers (e.g. payment gateways, analytics, cloud hosting, processors)
- Legal, regulatory, or governmental authorities as required
6.2 Any third party that receives your Personal Data from us will be bound by appropriate contractual obligations to protect the data and use it only for specified purposes.
6.3 Cross-Border Transfers
Your Personal Data may be transferred outside India (or outside the EU/EEA, where applicable). We will do so only if:
- The destination jurisdiction ensures an adequate level of protection recognized under applicable law (if under DPDP / future rules);
- Or by entering intoappropriate safeguards, such as Standard Contractual Clauses (SCCs) (where GDPR applies) or contractual assurances;
- And only after informing you of risks and obtaining necessary consent, where required. (Latham & Watkins)
7. Data Retention & Deletion
7.1 We will retain your Personal Data only as long as necessary for the purposes for which it was collected, or longer if required by law, contractual obligations, or for legitimate business purposes (e.g. compliance, audit, dispute resolution).
7.2 Indicative retention periods (subject to adjustment based on service type and legal requirements):
- Academic & Service files: up to 5 years after service completion
- Visa / immigration documents: up to 7 years
- Financial and tax records: as required by India’s tax law (commonly 8 years)
- User account & login data: as long as account is active + archive period
- Analytics / logs: minimal retention (e.g. 1–3 years)
7.3 After expiry of retention periods or in case of deletion request, we will either anonymize or securely delete your Personal Data, unless otherwise required to be maintained for legal or regulatory obligations.
8. Your Rights
Under DPDP Act (India) and GDPR (where applicable), you have the following rights as a Data Principal:
- Right of Access: Request a copy of your Personal Data we hold
- Right to Correction: Request rectification of inaccurate or incomplete data
- Right to Erasure / Deletion: Request deletion of your Personal Data (subject to legal or contractual exceptions)
- Right to Portability: Request transfer of your data to another entity, where technically feasible
- Right to Object / Restrict Processing: Object to or limit processing of your data (especially marketing / profiling)
- Right to Withdraw Consent: Revoke your consent at any time
- Right to Complain: Lodge a complaint with our Grievance Officer or a data protection authority
Requests should be directed to our Grievance Officer (see Section 13). We will respond within the timelines required by law.
9. Security & Data Protection
9.1 We implement reasonable technical, organizational, and administrative measures to protect Personal Data from unauthorized access, loss, disclosure, alteration, or destruction. These may include encryption, access control, network security, regular audits, and secure software practices.
9.2 In the event of a personal data breach, we will notify affected individuals and the relevant authority in accordance with applicable law. (EY)
9.3 Any third-party processors engaged by us must adhere to equivalent data protection standards.
10. Children / Minors & Parental Consent
If you are under 18 years of age, you may access or use the Platform only with the consent and supervision of a parent or legal guardian. We will only process your Personal Data in compliance with applicable child protection norms, including obtaining verifiable parental consent where required.
11. Cookies & Tracking
We use cookies, web beacons, and tracking technologies to collect certain technical, usage, and analytics data. Please refer to our Cookie Policy for full details on how cookies are used, user choices, and how you can manage or disable them.
12. Changes to This Policy
We may update this Policy periodically to reflect changes in law, business practices, or Platform technology. We will publish the revised version on the Platform with the updated effective date. Users will be notified in advance (where practicable). Continued use after changes implies acceptance.
13. Grievance Officer & Contact
In accordance with DPDP Act and IT Rules, we have appointed a Grievance Officer to address any concerns or requests relating to your Personal Data:
Grievance Officer
GVISION AND CAREERS (OPC) PRIVATE LIMITED
Brand Name: Global Vision and Careers
Email: info@globalvisionandcareers.com
You may submit access, correction, deletion, or complaint requests to the Grievance Officer. We will acknowledge receipt (typically within 48 hours) and endeavor to resolve the matter within a reasonable period (e.g. 15–30 working days).
14. Miscellaneous
- Severability: If any provision in this Policy is declared invalid or unenforceable, remaining provisions remain valid.
- No Waiver: A failure to enforce any right is not a waiver, unless in writing.
- Third-Party Beneficiaries: This Policy is for your benefit and does not confer rights on third parties, except where expressly stated.
- Governing Law &Jurisdiction: This Policy is governed by Indian law and any disputes will be subject to the courts of Hyderabad, Telangana.
ANNEXURE – DATA RETENTION AND DELETION FRAMEWORK
(To be read with the Privacy Policy of Global Vision and Careers)
1. OBJECT AND LEGAL BASIS
1.1 This Annexure sets out the principles, timelines, and procedures adopted by GVISION AND CAREERS (OPC) PRIVATE LIMITED (operating under the brand name “Global Vision and Careers”) (“Company”, “We”, “Us”, or “Our”) for the retention, archival, and deletion of personal data collected from Users, Clients, Employees, and Partners.
1.2 The Framework is prepared in compliance with the Digital Personal Data Protection Act, 2023, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and, where applicable, the EU General Data Protection Regulation (GDPR) and related international standards.
2. RETENTION PRINCIPLES
2.1 Personal data shall be retainedonly for as long as necessary to fulfil the purpose for which it was collected, or for such longer period as required under law or contract.
2.2 Data shall not be retained indefinitely and shall be securely deleted, anonymised, or archived upon expiry of the retention period.
2.3 Extended retention shall apply only where:
(a) statutory obligations (tax, accounting, regulatory) require it;
(b) ongoing legal claims, audits, or investigations necessitate preservation; or
(c) written contractual terms expressly mandate longer storage.
2.4 The Company periodically reviews retained data to ensure compliance with the principle of data minimisation and purpose limitation.
3. RETENTION SCHEDULE
| Category of Data | Purpose of Processing | Retention Period | Mode of Disposal / Deletion |
| Client Identification & Registration Data (name, contact, ID proof) | Account creation, verification, service onboarding | Duration of active engagement + 2 years | Secure deletion from active databases; anonymisation of residual logs |
| Educational, Employment & Visa Documents | Service execution, processing of applications and submissions | Until completion of service / expiry of contractual term | Secure deletion or anonymisation; physical records shredded |
| Financial & Transaction Data (payment records, invoices) | Billing, taxation, audit compliance | 8 years (as per GST Act 2017 & Income Tax Act 1961) | Encrypted archival; auto-deletion after statutory period |
| Communications & Support Logs (emails, chat, call summaries) | Customer support, service tracking | 2 years from last correspondence | Periodic purge from servers; anonymised summaries retained for analytics |
| Consent Records & Policy Acknowledgements | Compliance verification and audit trail | 5 years or until withdrawal of consent | Secure retention; deletion upon withdrawal or policy revision |
| Employee / Vendor Records | HR and contractual administration | Duration of engagement + 7 years | Archived with restricted access; secure deletion post period |
4. SECURE STORAGE AND ACCESS CONTROL
4.1 All retained data is stored in encrypted systems with role-based access.
4.2 Backups are maintained in secure cloud or on-premise repositories with data localisation as required under Indian law.
4.3 Access to archived data is permitted only to authorised compliance or audit personnel.
5. DELETION AND ANONYMISATION PROCEDURE
5.1 Upon expiry of the relevant retention period, data shall be:
(a) Permanently deleted from all active and backup systems using certified deletion tools; or
(b) Anonymised or pseudonymised so that the individual cannot be identified.
5.2 Physical files, if any, shall be destroyed through certified shredding or incineration.
5.3 Deletion activities are logged internally for audit verification.
6. EXCEPTIONS AND LEGAL HOLDS
6.1 The Company may suspend scheduled deletion if data is required for:
(a) ongoing legal proceedings or regulatory investigations;
(b) defence of legal claims; or
(c) enforcement of contractual rights.
6.2 Upon resolution, such data shall be deleted without undue delay.
7. DATA SUBJECT RIGHTS
7.1 Any individual may request:
(a) confirmation of whether their data is retained;
(b) details of the retention period applicable to their data; or
(c) deletion of their personal data upon withdrawal of consent or closure of account, subject to legal or contractual obligations.
7.2 Requests may be made by email to the Grievance Officer at info@globalvisionandcareers.com.
8. PERIODIC REVIEW AND AUDIT
8.1 The Company shall review this Framework and its implementation at least once every 12 months, or earlier if required by law or business process changes.
8.2 Any modification shall be approved by management and reflected in the updated Privacy Policy with a revised effective date.
9. CONTACT INFORMATION
For any queries or requests relating to data retention or deletion, please contact:
GVISION AND CAREERS (OPC) PRIVATE LIMITED
Brand Name: Global Vision and Careers
Email: info@globalvisionandcareers.com
