Settings gear spinning
Legal Document

Privacy Policy

How The Art Code collects, uses, and protects your personal data across our platform and services.

TAC School of Modern Learning Pvt. Ltd. Hyderabad, India DPDPA 2023 Compliant
Section 01

Introduction and Scope

1.1

This Privacy Policy ("Policy") describes how TAC School of Modern Learning Private Limited, operating as The Art Code ("TAC", "we", "our", "us"), collects, uses, stores, discloses, transfers, and protects your personal data in connection with your use of the TAC Platform and all related Services.

1.2 — Compliance Framework

This Policy is issued in compliance with:

  • 1.2.1Section 43A and Section 72A of the Information Technology Act, 2000;
  • 1.2.2The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules");
  • 1.2.3The Digital Personal Data Protection Act, 2023 and the rules framed thereunder; and
  • 1.2.4The Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020.
1.3

This Policy applies to all personal data processed by TAC in connection with users' access and use of the TAC Platform, including data collected through the website (www.theartcode.org), mobile applications, webinar registrations, bootcamp enrolments, offline course admissions, and institutional partnerships.

1.4

By using any TAC Service, you signify your consent to the collection and processing of your personal data as described in this Policy. If you do not consent to any part of this Policy, you must not use our Services. For users under eighteen (18) years of age, parental or guardian consent is mandatory.

Section 02

Data Controller

2.1 — The data controller responsible for your personal data is:

FieldDetails
NameTAC School of Modern Learning Private Limited (The Art Code)
AddressMadhapur, Hyderabad – 500081, Telangana, India
Data Privacy Emaillegal@theartcode.org
Support Emailsupport@theartcode.org
Section 03

Categories of Personal Data Collected

3.1 — Data Provided Directly by You

  • aRegistration data: Full legal name, email address, mobile telephone number, city and state of residence, date of birth (for age verification), and optionally a profile photograph.
  • bEducational and professional data: Educational qualifications, current occupation, career goals, skills and areas of interest, and portfolio work submitted through the Platform.
  • cFinancial and billing data: Billing address, GSTIN (where provided for B2B invoicing), and payment-related metadata such as transaction IDs, payment confirmation status, and subscription history. TAC does not store full card numbers, CVVs, net banking passwords, or UPI PINs — these are handled exclusively by JODO.
  • dCommunication data: Content of messages, queries, complaints, and feedback submitted through support channels, community forums, or any TAC communication interface.
  • eUser-generated content: Projects, assignments, portfolio submissions, testimonials, and community posts submitted to or through the Platform.

3.2 — Data Collected Automatically

  • aDevice and technical data: IP address, device type and model, operating system version, browser type and version, screen resolution, and unique device identifiers.
  • bUsage and engagement data: Pages visited, content accessed and viewed, watch duration per video, search queries on the Platform, course progress and completion status, login timestamps, and session duration.
  • cLocation data: Approximate geographic location derived from IP address (city/state level only). TAC does not collect precise GPS coordinates unless explicitly provided by you.
  • dCookie data: As described in Section 9 of this Policy.

3.3 — Data Received from Third Parties

  • aSocial login providers: If you choose to register or log in via Google or another third-party authentication service, TAC receives your name and email address from that provider.
  • bJODO: TAC receives payment confirmation status, transaction identifiers, and mandate status from JODO in connection with subscription billing and auto-pay management.
  • cCollege and institutional partners: Where you are enrolled in the DM Online programme through an institutional MoU, TAC may receive your name, contact details, student ID, and enrolment information from the partner institution.
  • dPublicly available data: TAC may supplement your profile data with information available in public registers or professional networks where relevant.
Section 04

Purposes and Legal Bases for Processing

PurposeData Categories UsedLegal Basis
Account creation and authenticationName, email, phone, DOBContractual necessity
Subscription management and auto-pay via JODOEmail, phone, transaction IDs, mandate statusContractual necessity
Content delivery and progress trackingUsage data, course progress, device dataContractual necessity
Customer support and grievance resolutionName, email, communication data, order historyContractual necessity; Legal obligation
GST invoicing and financial complianceName, address, GSTIN, transaction dataLegal obligation (GST Act, 2017)
Marketing and re-engagement communicationsEmail, phone, usage patterns, locationConsent (withdrawable at any time)
Platform analytics and product improvementAnonymised and aggregated usage dataLegitimate interest
Placement and career supportProfile, portfolio, course completion dataConsent (explicit, per student)
Fraud detection and platform securityIP address, device data, transaction patternsLegitimate interest; Legal obligation
Compliance with court orders or regulatory demandsAll categories as requiredLegal obligation
Section 05

Disclosure of Personal Data

🔒 5.1 — TAC does not sell, rent, or trade your personal data to any third party for their independent commercial or marketing purposes. Personal data is disclosed only in the circumstances set out below.

5.2 — Data Processors (Service Providers)

TAC shares personal data with the following categories of third-party data processors who process data on TAC's behalf and under TAC's instructions:

  • 5.2.1JODO (Jodo Financial Solutions Pvt. Ltd., www.jodo.in): Processes payment data and manages subscription mandates (eNACH and UPI AutoPay).
  • 5.2.2Cloud hosting providers (e.g., Amazon Web Services India or equivalent): Provide secure data hosting and storage infrastructure.
  • 5.2.3Video streaming and CDN providers: Deliver video content to users with minimal latency.
  • 5.2.4Email and messaging service providers: Send transactional communications (billing reminders, receipts, platform notifications) and marketing communications.
  • 5.2.5WhatsApp Business API providers: Send automated notifications regarding subscriptions and course schedules.
  • 5.2.6Analytics platforms (e.g., Google Analytics): Receive anonymised, aggregated usage data for platform improvement purposes.

5.3 — Business Partners (Limited)

  • 5.3.1College partners (DM Online programme): TAC shares student enrolment data (name, contact details, student ID) with the specific institution that enrolled the student under the relevant MoU.
  • 5.3.2Corporate placement partners: Student profiles and portfolio data are shared with prospective employers only with the explicit prior written consent of the student.
  • 5.3.3SAT DROP industry speakers: Minimal identifying data (attendance list) may be shared with confirmed event speakers for session delivery purposes.

5.4 — Legal Disclosures

TAC may disclose your personal data to government bodies, regulatory authorities, courts, tribunals, law enforcement agencies, or other public bodies where required or authorised by Applicable Law, including under court orders, government directions, or regulatory compliance obligations.

5.5 — Business Transfers

In the event of a merger, acquisition, demerger, or sale of all or substantially all of TAC's business or assets, your personal data may be transferred to the acquiring or succeeding entity. TAC will provide you with not less than fourteen (14) days' advance notice by email before any such transfer is completed. The transferee will be required to maintain data protection standards equivalent to or more stringent than this Policy.

Section 06

Cross-Border Data Transfers

6.1 — TAC stores all personal data on servers located within the territory of India wherever practicable. Where data is processed or stored by third-party service providers outside India, TAC ensures that such transfers are made only to jurisdictions with adequate data protection frameworks or under contractual arrangements that impose equivalent data protection obligations on the recipient.

Section 07

Data Retention

Data CategoryRetention PeriodBasis
Active account and profile dataDuration of account + 6 months post-closureContractual necessity
Payment and transaction records7 years from date of transactionGST Act / tax compliance
GST invoices and billing records7 yearsCGST Act, 2017 — Section 36
Course completion and certificatesIndefinitelyVerification and legitimate interest
Support and communication records3 years from date of communicationConsumer grievance obligations
Marketing preference recordsDuration of consent + 3 yearsProof of consent — DPDPA 2023
Section 08

Security Measures

8.1 — TAC implements the following technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction:

  • 8.1.1TLS/SSL encryption for all data transmitted between your device and the TAC Platform;
  • 8.1.2Encryption at rest for all sensitive personal data stored on TAC's servers;
  • 8.1.3Role-based access controls limiting access to personal data to only those TAC personnel who require it for their specific job functions;
  • 8.1.4Multi-factor authentication for all internal administrative systems;
  • 8.1.5Regular security vulnerability assessments and penetration testing;
  • 8.1.6Incident response and data breach protocols as required by the Digital Personal Data Protection Act, 2023; and
  • 8.1.7Data minimisation practices ensuring only data necessary for the stated purpose is collected.
⚠️ 8.2 — TAC will notify you within seventy-two (72) hours of becoming aware of any personal data breach that is likely to result in a risk to your rights, freedoms, or safety, as required by Section 8(6) of the Digital Personal Data Protection Act, 2023. Such notification will be made to your registered email address.
Section 09

Cookie Policy

Cookie TypeSpecific PurposeDurationOpt-Out
Essential / Strictly Necessary Login session management, CSRF protection, core platform functionality. Cannot be disabled without impairing service delivery. Session Not available
Functional / Preference Remembers playback settings, language preferences, notification preferences, and UI customisations. 1 year Via cookie settings
Analytics Tracks user navigation patterns and content engagement using anonymised data to improve the Platform (Google Analytics with IP anonymisation). 2 years Via cookie settings
Marketing / Targeting Meta Pixel and Google Ads tracking for retargeting campaigns and ad performance measurement. Connects your Platform activity to ad serving systems. 90 days Via cookie settings
Section 10

Your Rights as a Data Principal

10.1 — Under the Digital Personal Data Protection Act, 2023 and other Applicable Law, you have the following rights in respect of your personal data:

🔍
Right to Access
Request a summary of the personal data TAC holds about you and the purposes for which it is processed.
✏️
Right to Correction
Request that any inaccurate, incomplete, or outdated personal data be corrected or completed.
🗑️
Right to Erasure
Request deletion of your personal data where it is no longer necessary, subject to legal retention obligations.
↩️
Right to Withdraw Consent
Withdraw consent for processing at any time. Withdrawal does not affect validity of prior processing.
📦
Right to Data Portability
Request a copy of your data in a structured, machine-readable format.
⚖️
Right to Grievance Redressal
File a complaint with TAC's Grievance Officer, or with the Data Protection Board of India.
👤
Right to Nominate
Nominate another individual to exercise your rights in the event of your death or incapacity.
📧 10.2 — To exercise any of the above rights, send a written request to legal@theartcode.org with the subject line "Data Rights Request — [Your Name]". TAC will acknowledge your request within three (3) Working Days and respond substantively within fifteen (15) Working Days.
Section 11

Third-Party Links and Platforms

11.1 — The TAC Platform may contain links to third-party websites, social media platforms, or other services. TAC is not responsible for the privacy practices, terms of service, or data collection practices of such third parties. You access those platforms at your own risk and are advised to review their privacy policies independently.

Section 12

Children's Privacy

12.1 — TAC does not knowingly collect or process personal data from individuals under the age of thirteen (13) years. If TAC becomes aware that personal data has been inadvertently collected from a child under 13, it will be deleted promptly. Users between 13 and 18 must register with verified parental consent. Where consent is given on behalf of a child, the parent or guardian assumes all obligations under this Policy in respect of the child's data.

Section 13

Amendments

13.1 — This Policy may be amended from time to time to reflect changes in Applicable Law, data processing practices, or TAC's business. Material amendments will be communicated by email and by notice on the Platform at least fourteen (14) days before they take effect. The 'Effective Date' at the top of this Policy reflects the most recent revision.

✉️ legal@theartcode.org 💬 support@theartcode.org