1. Introduction

Dr.M.G.R. Educational and Research Institute (“we,” “our,” or “us”) is committed to safeguarding the privacy and security of personal and business information belonging to our users, clients, and stakeholders.

This Privacy Policy explains how we collect, use, store, protect, and share information when you:

• Use our website and digital platforms
• Engage with our services
• Use our Android mobile application

By accessing or using our services, you acknowledge and agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal details:

• Name, job title, and company name
• Email address, phone number, mailing address
• Business-related information (industry, company size)
• Payment and billing details
• Login credentials and authentication information

2.2 Technical Information

When you visit our website or use our services, we may automatically collect:

• IP address and approximate location
• Browser type, version, and device details
• Pages viewed, time spent on pages, and access timestamps
• Referring website links
• Cookies and tracking technologies

2.3 Business Data

As part of our services, we may process:

• Proprietary business information shared by clients
• System configurations, logs, and technical specifications
• Project-related files, documents, and communications
• Performance metrics and analytics

2.4 Information Collected Through Android Mobile App

Our Android mobile application may request access to certain device features and information. These permissions are used solely to provide and improve the app’s functionality and related services. We do not access, collect, or store this information beyond what is necessary for the stated purpose, unless explicitly submitted or uploaded by you.

Permission	Purpose
Camera	To capture images or scan QR codes for features such as ID capture, document upload, profile pictures, or other in-app services that require photo input.
Storage / Files Access (Photos, Media, Files)	To allow you to upload or download documents, images, or other files as part of the services provided by the app. The app only accesses files you explicitly choose.
Microphone (if applicable)	To support features that may require voice input or audio recording (for example, voice notes). It is never used without your knowledge.
Location (if applicable)	To provide location-based features where required (for example, location-tagged attendance or site-specific services). Location access will be requested only when needed.
Notifications	To send you important alerts related to your account, activity updates, schedules, reminders, or other relevant information. You can manage notifications via your device settings.
Device Information and Logs	To collect limited technical data (such as device model, operating system, app version, and crash logs) for troubleshooting, security, and performance optimization.

We do not collect biometric data or any sensitive personal data through the mobile app unless explicitly required for a specific feature and clearly communicated to you with separate consent.

You may revoke these permissions at any time via your device settings; however, certain features of the app may become unavailable if specific permissions are disabled.

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To operate, maintain, and improve our solutions and mobile app
• Communication: To respond to your enquiries and send important service-related messages
• Business Operations: To manage billing, accounts, and contractual relationships
• Compliance: To fulfill legal, regulatory, or contractual obligations
• Security: To detect, prevent, and investigate fraud or unauthorized access
• Analytics: To analyze usage trends, app performance, and improve user experience
• Marketing (Optional): To send promotional or informational content with your consent

4. Data Security

We implement strict security practices to protect your information.

4.1 Technical Safeguards

• Encryption for data in transit (TLS/SSL) and at rest
• Strong authentication and role-based access controls
• Firewalls, intrusion detection, and continuous security monitoring
• Secure cloud infrastructure with regular security updates
• Automated backups with disaster recovery mechanisms

4.2 Administrative Safeguards

• Mandatory employee security and privacy training
• Least-privilege access and approval-based access policies
• Formal security, privacy, and incident response procedures
• Regular security audits and vulnerability assessments

4.3 Physical Safeguards

• Secure data centers with restricted physical access
• Environmental and operational monitoring systems
• Secure disposal or destruction of physical storage media

5. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Retention periods are determined based on:

• Type and sensitivity of the data
• Legal or regulatory requirements
• Business operational needs
• Potential disputes, claims, or audits

After the retention period, data is securely deleted or irreversibly anonymized.

6. Data Sharing and Disclosure

We do not sell or rent your personal information. We share information only in the following cases:

6.1 Service Providers

We may share information with trusted third-party vendors (such as cloud hosting providers, payment processors, SMS gateways, and analytics platforms) who assist in operating and supporting our services. These providers are contractually required to protect your data and use it only for the agreed purposes.

6.2 Business Partners

With your explicit consent, we may share information with trusted technology or academic partners where necessary to deliver integrated solutions or joint services.

6.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of our institution, users, or the public.

6.4 Business Transfers

In the event of a merger, reorganization, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same or equivalent privacy protections.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request corrections or updates to inaccurate or incomplete data
• Request deletion of your data (where permitted by law)
• Object to or restrict certain types of data processing
• Request data portability in a structured, commonly used format
• Withdraw consent for marketing or other optional processing at any time

To exercise these rights, please contact us using the details provided in the Contact Us section below. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember user preferences and settings
• Analyze site traffic and usage patterns
• Improve website functionality and performance
• Provide a more personalized browsing experience

You can manage or disable cookies via your browser settings. However, some features of the website may not function properly if certain cookies are disabled.

9. International Data Transfers

Your information may be processed and stored in countries other than your country of residence. Where such transfers occur, we ensure that adequate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) or similar approved mechanisms
• Compliance with applicable data protection laws and regulations
• Regular security and compliance checks of our international partners

10. Children’s Privacy

Our services and mobile applications are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data from a minor has been collected without appropriate consent, we will take steps to delete such data promptly.

11. Compliance and Standards

We comply with relevant global and local standards, including:

• General Data Protection Regulation (GDPR), where applicable
• Indian data protection and privacy laws
• Industry regulations and academic standards, as applicable
• ISO 27001 or equivalent information security best practices

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Investigate the incident without undue delay
• Notify affected users and relevant authorities, where required
• Provide details regarding the nature of the breach and the data impacted
• Inform you of the steps we are taking and recommended measures you can take

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our operations.

When we make changes, we will:

• Update the “Last Updated” date at the top of this page
• Post the revised policy on our website
• Notify registered users by email for any material changes, where appropriate