Primefocuz - Our Commitment & Privacy Policy
> This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, apps, and services related to *business consulting, **study‑abroad, **job placement, and **global trade* (collectively, the "Services").
> *Important notice:* Nothing in this policy is legal advice. Laws change and may apply differently to your situation. We have drafted this policy to align with India’s *Digital Personal Data Protection Act, 2023 ("DPDP Act")* (as and when brought into force), India’s *Information Technology Act, 2000* and the *SPDI Rules, 2011, and, where applicable based on your location, the **EU/UK GDPR, **California CCPA/CPRA*, and other local laws. If any conflict arises, we will comply with the law that applies to your data.
1) Who we are & scope
This policy applies to the processing of personal data by Prime Focuz as a *data fiduciary/controller* for:
* Visitors to our websites, landing pages, and social media.
* Prospective, current, and past clients (individuals and representatives of organisations) for consulting, study‑abroad, placements, and trade services.
* Job applicants to our own company.
This policy *does not* cover processing by third‑party institutions (e.g., universities, testing bodies, employers, logistics providers, banks) that act as independent controllers/fiduciaries; their privacy policies will apply.
2) Personal data we collect
We may collect the following categories of personal information, depending on the Service:
* *Identity & contact:* name, date of birth, gender (optional), addresses, phone numbers, email, nationalities, passport numbers (for admissions/visa processing), photographs, signatures.
* *Education & professional:* academic history, test scores (IELTS/TOEFL/PTE/GRE/GMAT), resumes/CVs, skills, certifications, portfolios, employment history, references, notice periods, expected salary.
* *Financial:* tuition budgets, scholarship information, bank statements (where required for admissions/visa), income proofs, PAN (where legally required), transaction information for service fees (processed via payment partners).
* *Compliance & KYC:* identity documents, visa details, travel history, police clearance certificates (if required by process), background check results (where permitted by law).
* *Usage & device:* cookies, IP address, device identifiers, approximate location, pages viewed, referring URLs, and interactions with our communications.
* *Marketing preferences & communications:* consents, unsubscribe choices, lead‑source information, call recordings (with notice), chat transcripts.
* *Special categories / Sensitive* (handled with added safeguards and only where lawful/necessary): health information you choose to share for accommodations, biometric identifiers only if mandated by a competent authority or a lawful process (we do *not* collect biometrics for marketing), and other items deemed sensitive under applicable law.
We generally *do not* seek to collect information about minors. For study‑abroad applicants under the age of majority, we will obtain verifiable consent from a parent or legal guardian where required.
---
3) Sources of data
* Directly from you (forms, emails, WhatsApp/phone, events, counsellor interactions).
* From your authorised representatives (parents/guardians, agents, referees).
* From public sources (institution websites, professional networks) where permitted.
* From third parties (testing bodies, universities, employers, recruiters, background check vendors, payment processors) in connection with the Services and on your instructions or with a legal basis.
---
4) Why we process your data (purposes)
* *Service delivery:* advising on universities/courses, admissions application preparation and submission, visa guidance, job search and placement support, employer introductions, business consulting engagements, and global trade facilitation.
* *Client relationship management:* onboarding, support, scheduling, feedback.
* *Compliance & risk:* identity verification, eligibility checks, conflict screening, fraud prevention, sanctions/PEP screening where required, tax/GST compliance, and responding to lawful requests.
* *Payments & billing:* invoicing, receipts, refunds, accounting, and audit.
* *Communications & marketing:* sending service updates, event invites, newsletters, and offers; you can opt out anytime.
* *Improvement & security:* analytics, troubleshooting, quality assurance (including call/chat quality checks), and securing our systems.
---
5) Our legal bases
We process personal data only where we have a lawful basis, which may include:
* *Consent* (e.g., marketing communications; sharing your profile with universities/employers when you ask us to do so).
* *Contractual necessity* (e.g., providing counselling, application handling, placements, consulting deliverables).
* *Legitimate interests* (e.g., improving services, preventing fraud), balanced against your rights.
* *Legal obligation* (e.g., tax, accounting, responding to regulators/courts, record‑keeping).
For EU/UK residents, we rely on GDPR‑consistent bases (Art. 6) and apply additional safeguards for special categories (Art. 9) where applicable.
---
6) Cookies, tracking, and analytics
We use first‑party and permitted third‑party cookies and similar technologies for essential site functionality, analytics, and (where consented) advertising attribution. You can manage preferences via our cookie banner or your browser/device settings. Where required by local law, we will obtain *prior consent* for non‑essential cookies.
---
7) Disclosures and international transfers
We may disclose personal data to:
* *Universities, colleges, testing bodies, credential evaluators*, and visa facilitation partners.
* *Prospective employers, recruiters, job boards*, and background check providers (for placement services and only with your direction/consent where required).
* *Service providers (processors)* such as hosting, CRM/ATS platforms, analytics, email/SMS gateways, cloud storage, payment gateways, verification/KYC vendors, and professional advisers bound by confidentiality and data protection terms.
* *Business partners* involved in joint events or co‑branded programs (with appropriate transparency/consent).
* *Authorities* where required by law or to protect rights, safety, and security.
Because we operate globally, your data may be *transferred internationally. Where your local law requires it, we implement appropriate safeguards (e.g., **EU Standard Contractual Clauses*, UK IDTA/Addendum, or other recognised transfer mechanisms) or rely on adequacy decisions/derogations. For India, we comply with the DPDP Act (as brought into force) and applicable government notifications on cross‑border transfers.
We *do not sell* personal data. We may share limited information with advertising/analytics partners under strict contracts; you can opt out where required by law.
---
8) Data retention
We retain data only for as long as needed for the purposes described or as required by law (e.g., taxation, audit, regulatory requirements). Typical retention periods:
* Client files and admissions/placement records: *up to 7 years* after last interaction, unless a longer legal period applies.
* Marketing leads: *up to 24 months* from last engagement or until you withdraw consent.
* Call recordings and chat transcripts (where applicable): *up to 12 months*, unless required longer for dispute resolution/compliance.
We will delete or anonymise data when no longer necessary.
---
9) Security measures
We employ administrative, technical, and physical safeguards appropriate to the risk, including access controls, encryption in transit, secure development and backup practices, vendor due‑diligence, staff training, and incident response plans. While no system is 100% secure, we take reasonable steps to protect against unauthorised access, alteration, disclosure, or destruction of personal data.
---
10) Your rights
Your privacy rights depend on your location and the applicable law. Subject to exceptions, you may have the right to:
* *Access*: know whether we process your data and obtain a copy.
* *Correction/Rectification*: request updates or corrections.
* *Deletion/Erasure*: ask us to delete your data (e.g., where no longer necessary or upon consent withdrawal).
* *Restriction/Objection*: restrict or object to certain processing, including direct marketing.
* *Data portability*: receive your data in a structured, commonly used format, where applicable.
* *Consent withdrawal*: withdraw consent at any time (this does not affect past lawful processing).
Exercising your rights
Submit a request at \[[privacy@primefocuz.com](mailto:privacy@primefocuz.com)] or write to the Grievance Officer. We will verify your identity and respond within the time required by law. You may authorise an agent to act for you where your local law allows.
11) India‑specific information
* We aim to comply with the *DPDP Act, 2023* (as notified and brought into force by the Government) and other applicable Indian laws. Until all DPDP provisions are in force, we continue to follow the *Information Technology Act, 2000* and the *SPDI Rules, 2011* for reasonable security practices, privacy policy publication, consent for sensitive personal data, purpose/retention limits, and grievance redressal.
* We appoint a *Grievance Officer* and provide contact details above. We endeavour to acknowledge and resolve grievances within timelines prescribed by applicable Indian rules.
* We cooperate with the *Indian Computer Emergency Response Team (CERT‑In)* and other competent authorities as required by law for cybersecurity incident reporting and log retention obligations applicable to our systems and service providers.
12) EU/EEA & UK‑specific information (GDPR/UK GDPR)
If you are in the EU/EEA or the UK, Prime Focuz is the *data controller* when we determine purposes and means of processing. Our legal bases include *consent, **contract, **legitimate interests, and **legal obligation. Where we transfer data outside the EU/UK, we will use appropriate safeguards (e.g., **SCCs/UK Addendum or adequacy). You may lodge a complaint with your local **Data Protection Authority* (DPA) or the UK *Information Commissioner’s Office (ICO)* in addition to contacting us.
---
13) California‑specific information (CCPA/CPRA)
If you are a California resident, you have the rights to *know/access, **correct, **delete, and **opt‑out of sale or sharing* of personal information; to *limit use of sensitive personal information; and to be free from discrimination for exercising your rights. You may designate an authorised agent. We do **not* sell personal information for monetary consideration, and we do not process for cross‑context behavioural advertising unless you have provided the required opt‑in/consent where applicable. We maintain records of rights requests as required by law.
---
14) Children’s data
Our Services are not directed to children below the age required for providing valid consent in their jurisdiction. For applicants under the age of majority applying for higher education, we will obtain consent from a parent/guardian where required and limit processing to what is necessary.
---
15) Third‑party websites and social media
Our website may include links, forms, or widgets from third parties (e.g., payment gateways, test booking portals, social media). Their privacy practices are governed by their own policies. Please review them before providing your information.
---
16) Automated decision‑making
We do not make solely automated decisions that produce legal or similarly significant effects about you. If we introduce such processes, we will provide specific notices and choices as required by law.
---
17) How to contact us
* *Email:* info@primefocuz.com
If you have unresolved concerns, you may have the right to contact your local regulator (e.g., India’s Data Protection Board once operational and notified, an EU DPA/ICO, or the California Attorney General/CPPA).
---
18) Changes to this policy
We may update this policy to reflect changes in law or our practices. Material changes will be notified on our website or by direct communication where appropriate. Please review this page periodically for the latest version.
---
19) Quick reference (summaries)
* We collect and use your information to deliver counselling, consulting, placement, and trade services, and to comply with law.
* We share data with universities, employers, and service providers *only as needed* and under safeguards.
* You can *access, correct, delete, and **object/opt‑out* as your local law allows.
* We *do not sell* your data.
* Contact our *Grievance Officer* for any concerns.
--