Parewa Labs Pvt Ltd (“ Parewa Labs”, “Programiz PRO”, “we,” “us,” or “our”) is a company providing an online learning proprietary platform called Programiz PRO, accessible at: https://programiz.pro (“E-Learning Platform” or “Website”). The E-Learning Platform hosts a variety of self-paced and on-demand courses within the fields of Computer Programming.
We are registered in Nepal, with a corporate address: Gyaneshwor, Pashupati Road, Kathmandu 44605. We manage the Website and all the services provided therein (“Service”).
The following terms “controller”, “processor”, “data subject”, “processing activity/ies”, “pseudonymisation”, “cross-border processing of personal data”, “supervisory authority” used in this document shall have the same meaning as in the GDPR unless relevant to a different law or regulation.
3. Information we collect
Personal data, or personal information, means any information about an individual, as described in Article 2 above. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- identifying data includes your full name, addresses and date of birth;
- contact data includes you and your company's name, physical address, email address, and telephone numbers;
- transaction data includes details about payments to and from you and other details of services you have purchased from us;
- technical data includes internet protocol address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about the visits, including the full Uniform Resource Locators (URL), clickstream to, through and from this Website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages, Website interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the Website, and any phone number used to call our customer service number.
- profile data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
- usage data includes information about how you use our Website and Service, such as app launches within our Service, including browsing history, search history, product interaction, crash data, performance and other diagnostic data, and other usage data;
- fraud prevention information includes data used to help identify and prevent fraud, including a device trust score;
- marketing and communications data includes your preferences in receiving marketing from us and your communication preferences;
- other information you provide to us includes details such as the content of your communications with us
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
When you sign-in via a third party (Google, Facebook, Linkedin), we do not store any of your passwords.
You are not required to provide the requested personal data. However, if you choose not to do so, we will not be able to provide you with our products or services or respond to requests you may have.
Thus, where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
4. How we collect information
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your personal data by using our live chat, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our Service;
- create a User Account on our Website;
- subscribe to our Service or publications;
- request marketing to be sent to you; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our Website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
- Third parties, which includes, but is not limited to Company's sub-contractors in technical, payment services, advertising networks, search information providers, credit reference agencies, or other third parties who may provide information, for the purpose of fulfilling the Service or to comply with legal requirements. Examples of the personal data we receive about you from various third parties include:
- technical data from analytics providers and search information providers.
- contact and transaction data from providers of technical, payment and delivery services.
5. How we store and use your information
We use the gathered personal data to provide you with our Service and to ensure our legitimate interests. More specifically, we will use your personal data for the following purposes:
Providing our E-Learning Platform and Service
When you ask for information about the Service (for example, when you request a demo or ask us to send you offers or price information), we will use your contact information to respond to your request.
Provide Information; Respond to Requests
We use User Account-related data provided by Users in connection with the sign-up, use, or support of the User Account (such as usernames, email address and billing information) to provide you with access to the Service, contact you regarding your use of the Service, or to notify you of important changes to the Service. Such use is necessary for the performance of the contract between you and us.
Sending Marketing Communications
Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email, or contact you by phone, if you consent to us doing so at the time you provide us with your personal data.
When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you.
In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at firstname.lastname@example.org
Please note that if you opt-out from marketing communications, we may still contact you regarding issues related to our Service and to respond to your requests.
For our Legitimate Business Interests
We use data relating to your use of and interaction with the Service for certain legitimate business interests, which are the following:
- to personalize and improve your access to and use of the Service (including to increase our Service's functionality, product features, and user-friendliness);
- to conduct analytics and report on industry trends on content usage and performance;
- to meet our corporate and social responsibility objectives;
- for internal business/technical operations, including troubleshooting, data analysis, testing, to prevent fraud or criminal activity, misuses of our products or services and ensure the security of our IT systems, architecture, and networks.
This use of your personal data is necessary for our legitimate interests in understanding how our services are being used by you and to improve your experience on it.
Algorithms and profiling
We do not use algorithms or profiling to make any decision that would significantly affect you without the opportunity for human review.
Any information stored on Programiz PRO, or any third-party service that we use, is encrypted and kept securely on the cloud. Access to such information, even at Parewa Labs, is done through the best practices while keeping privacy and security of the information.
Cookies are typically stored on your computer's hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Website, analyse trends and administer our Service.
The information collected from cookies allows us to determine such things as which parts of our Website are most visited and what difficulties our users may experience in accessing our Website.
With this knowledge, we can improve the quality of your experience by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties.
We may use one or more third-party service providers, to assist us in better understanding the use of our Website. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Website.
Our service provider(s) will analyze this information and provide us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Website and the Service and how to better serve those interests.
The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using our Service. Our service provider(s) is/are contractually restricted from using the information they receive from our Website for any other purpose than to assist us.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features of our Website.
7. How we disclose your information
We do not disclose or sell your information to third parties or other websites without your consent, except to those necessary to deliver services for us and except as required by law. These third parties and their functions are listed below.
Employees, Service Providers, Business Partners, and Others
We will disclose your personal data to our employees as necessary to deliver the Service, and we may use certain third party companies and individuals to help us provide, support, analyse, and improve the Service (such as providers of data storage services, maintenance services, payment processing, database management, digital business services, providers of analytics services who help us understand how you use and interact with the Service, providers of digital advertising services, providers of CRM, marketing, and sales software solutions). These third parties may have access to your personal data for the purpose of performing these tasks on our behalf and pursuant to our instructions.
Where we make use of third party service providers to help us provide the Service to you, including for the purposes of retrieving or delivering information, records, notifications or other messages to you or any users or for hosting or providing any component of our Service, we require such third parties to maintain the confidentiality of any personal data we provide to them for these purposes. Third-party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with applicable law.
Such third parties may be situated outside of your country and you consent to your personal data and that of any data subjects you provide to us being transferred cross-border so that we can provide the Service to you. In this regard, we engage only with reputed third-party service providers who have security and privacy policies and procedures providing at least the same level of protection as we do ourselves. You warrant that you have all necessary permissions to give us the above consent.
We may also share non-personal or non-identifiable information, including website visitor information and account usage data with third-party analytics service providers. Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
Compliance with Laws and Law Enforcement Requests
We will notify you either by sending you an email or posting a notice on our Website. We will also notify you of choices you may have regarding the information.
8. How we delete your information
If you are a registered User, you may review, update or correct the personal data in your User Account. If you would like to delete your User Account, please contact us as indicated below. If your personal data has been shared outside of our Service by other Users or any third parties and not directly by us, we cannot change or delete this personal data out of our control.
If you wish to delete your User Account, please contact us at email@example.com and raise a formal request. We also provide you with tools to delete your User Account if you want to delete the account yourself. Please note that we may retain, use or disclose your information as necessary to comply with our legal obligations, to resolve disputes or enforce our agreements, and legitimate business interest (such as for analytics purposes, safety, and security).
9. Security measures
The security of your information is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
Taking into account relevant developments in technology including telecommunications and web services, technical limitations associated with different telecommunications protocols, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall in relation to the personal data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
We use a variety of security measures to ensure the confidentiality of your personal data, and to protect your personal data from loss, theft, unauthorized access, misuse, alteration or destructure.
No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal data. You are responsible for keeping your User Account passcode, membership numbers and pin numbers safe and secure. Do not share those with anyone. If there is unauthorised use or any other breach of security involving your information, you must notify us as soon as possible.
10. Section applicable to EU Data Subjects
This section applies solely to data subjects as defined by the General Data Protection Regulation (“GDPR”) (“EU data subjects”). For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, and Switzerland. Reference to the EU also includes the UK in the case when the scope of GDPR is equivalent to the scope of data protection in the UK (the UK-GDPR).
Programiz PRO is the data controller for processing of your personal data, but we also act as a data processor for personal data that we process on behalf of our Users.
The data controller and the processor have signed and comply with the Standard Contractual Clauses for data transfers between EU and non-EU countries.
Subject to applicable EU law, you have the following rights in relation to your personal data:
- Right to be informed: You have the right to concise, transparent, intelligible and easily accessible information regarding the processing of your personal data.
- Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification (updating your information): If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we share your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we share your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
- if we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing or
- if we are processing your personal data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
- Right to lodge a complaint with the data protection authority: You have the right to make a complaint at any time to your local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the local data protection authority so please contact us in the first instance. You may exercise your rights by contacting us as indicated under the “Contact Us” section below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.
Legal Basis for Processing personal data and Legitimate Interest
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. If you are an EU resident, we will only process your personal data when one (or more) of the following requirements is met:
- When we have your consent to do so. If consent is the legal basis for the processing of your personal data, you may withdraw your consent at any time.
- When processing is necessary for the performance of the contract to which you are a party to (e.g. for providing the services you requested).
- To comply with our legal obligations.
- When it is necessary to protect your vital interests or those of other individuals.
- When processing is necessary for the performance of a task carried out in the public interest.
Security and Breach
Security measures: Appropriate technical and organizational measures are implemented to ensure that, by default, the only personal data processed are those, which are necessary for each specific purpose of processing. This applies to the quantity, the extent of the processing, the period of storage and the accessibility of the collected personal data. With such measures, we try to ensure that personal data are not made accessible to an indefinite number of persons without your intervention.
In case of a personal data breach: If a personal data breach occurs we shall without undue delay, where feasible, not later than 72 hours after having become aware of it, notify the supervisory authority. This does not apply when the personal data breach is unlikely to resolve in risk to your rights and freedoms. In case of a risk to your rights and freedoms due to a personal data breach, we shall also inform you without undue delay.
This does not apply to situations where we have implemented appropriate technical and organizational protection measures that were applied to the personal data affected by the breach or if our subsequent measures ensure that the risk is no longer likely to materialize. It also does not apply when it would involve disproportionate effort. In the described cases we shall inform you through public communication or similar way in an equally effective manner.
11. Rights of the individuals residing outside the EU
12. Your California privacy rights
The California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) require us to disclose the categories of Personal Information (as defined in the acts) we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above. We are also required to communicate information about rights California residents have under California law. You may exercise the following rights:
- Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.
- Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
- Right to Delete. You may submit a verifiable request to close your Account and we will delete Personal Information about you that we have collected.
- Right to request that a business that sells a consumer's personal data, does not sell the consumer's personal data.
Under California's “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses.
If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2021 will receive information regarding 2020 sharing activities).
If you would like to exercise any of these rights or if you would like to receive any further information about these rights, please contact us at any time at firstname.lastname@example.org.
To obtain this information, contact us specifying that you want a “Request for California Privacy Information” on the subject line and in the body of your message. You must include sufficient information regarding your identification as the data subject and a detailed request with the declaration, under the penalty of perjury, that you are exercising your rights for lawful purposes.
We will do our best to respond to your valid request (one that meets the described criteria) within 45 days of receiving it. Please be aware that only the required information will be included in our response.
13. Personal data of minors
We do not intentionally collect identifiable information from anyone who is a minor under the law of any applicable jurisdiction. If it is discovered that we have unintentionally collected personally identifiable information from a minor, we will delete that information immediately. Please notify us if you know of any minors using our Website and the Service so we can take action to prevent access to our Website and Service.
14. Third-party Links
Our Website may contain certain links to third-party websites (“Third-party Links”) that are not run by us. These include, but are not limited to Facebook, Twitter, Linkedin, Youtube and others.
If you do not provide us with a current email address, you should regularly review this policy to ensure that you are informed of any changes.
16. Contact Us