Privacy Policy

Last updated: 22 June 2025

Welcome to University Insights!

This privacy policy outlines the rules and regulations for the use of the University Insights Website, located at https://universityinsights.in/

1. Introduction & Scope

University Insights (“we”, “our”, “us”) is committed to safeguarding the personal data of every student, parent, guardian, and visitor who interacts with our services. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the options available to you.

This Policy applies to all processing carried out by Unisights Global Private Limited through: (a) our public websites located at universityinsights.in and unisightsglobal.com, together with any sub‑domains; (b) our mobile‑optimised site and any future mobile applications; and (c) our offline activities such as walk‑in counselling, education fairs, telephone consultations, and document‑collection services.

We process personal data in accordance with all applicable data‑protection laws, including, where relevant, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Digital Personal Data Protection Act, 2023 (India), and any other country‑specific regulations that apply to the users we serve. Where laws differ, we apply the strictest requirement that protects your rights.

By accessing or using our services, you acknowledge that you have read and understood this Policy. If you do not agree with any part of it, please discontinue use of our services.

2. Data Controller & Contact Information

The Data Controller responsible for your personal data under this Privacy Policy is:

Unisights Global Private Limited
(Brand name “University Insights”)
CIN: U85500UP2025PTC215382
PAN: AADCU7365G
GSTIN: 09AADCU7365G1ZZ

Registered Office
2401, 24th Floor, E‑Square, Supertech, Plot C‑2, Sector 96,
Noida, Gautam Buddha Nagar, Uttar Pradesh 201303, India.

Grievance Officer / Data Protection Officer
Mr Kashif Khan (Director)
Email: [email protected]
Phone: +91 98703 49912
Office hours: Monday – Friday, 10:00 – 18:00 IST

You may contact the Grievance Officer at the details above regarding any questions, requests, or complaints about this Privacy Policy or our data‑handling practices.

3. Definitions

For clarity in this Privacy Policy, the following terms have the meanings set out below:

Term Meaning
“Personal Data” Any information that relates to an identified or identifiable natural person, such as name, e‑mail, phone number, passport details, or online identifiers.
“Sensitive Personal Data” Personal Data revealing racial or ethnic origin, religious beliefs, health information, or any other data classified as “special category” under GDPR or “sensitive personal data” under India’s DPDP Act.
“Processing” Any operation performed on Personal Data, whether automated or not, including collection, recording, storage, alteration, retrieval, use, disclosure, or deletion.
“Controller” / “Data Controller” The natural or legal person that determines the purposes and means of Processing Personal Data. In this Policy, Unisights Global Private Limited is the Controller.
“Processor” A natural or legal person that Processes Personal Data on behalf of the Controller (e.g., cloud‑hosting provider).
“Cookies” Small text files placed on a user’s device by a website to store preferences and enable certain functionalities.
“Consent” Any freely given, specific, informed, and unambiguous indication of a user’s wishes by which they signify agreement to the Processing of their Personal Data.
“GDPR” Regulation (EU) 2016/679, the General Data Protection Regulation of the European Union.
“DPDP Act” India’s Digital Personal Data Protection Act, 2023.
“Child” An individual under 13 years of age for the purposes of this Policy.

4. Personal Data We Collect

We collect only the data required to deliver our counselling and application‑processing services efficiently and in line with legal requirements. The information falls into the categories below. Unless otherwise specified, we store each category for no longer than 90 days from the last point of interaction, after which it is securely deleted or anonymised (see Section 11 for details).

Category Typical examples When collected
Identity Data Full name, date of birth, gender, nationality When you fill out enquiry or application forms, verify identity, or attend offline counselling.
Contact Data E‑mail address, mobile/landline number, postal address, WhatsApp ID (optional) Web forms, live chat, phone calls, education fairs.
Academic & Career Data Class 10/12 marksheets, NEET scorecard, résumé/CV, language‑proficiency scores During profile evaluation and university short‑listing.
Government‑ID & Travel Data Passport copy, PAN/Aadhaar (for Indian residents), visa scan When preparing admission and visa documents.
Financial Data Limited card/bank information (only the last four digits and transaction ID), payment receipts, invoice details When you pay counselling fees or transfer university application fees via our payment gateway.
Marketing Preferences Opt‑in status for newsletters, SMS, WhatsApp broadcasts Via consent check‑boxes or double‑opt‑in e‑mails/SMS.
Technical & Usage Data IP address, device type, browser version, referring URL, anonymised clickstream Collected automatically through cookies, Google Analytics 4, and similar tools when you browse our sites.

We do not intentionally collect or solicit Sensitive Personal Data such as health information or religious beliefs, except where a university requires such details (e.g., vaccination records) and only with your explicit consent.

If you choose to decline providing certain Personal Data, we may be unable to deliver part or all of our services—such as university application submission—because that information is mandatory.

5. How We Collect Personal Data

We obtain Personal Data from a variety of sources to provide our counselling, admissions, and support services. We always aim to collect information directly from you whenever possible and to keep data collection to the minimum necessary.

Collection channel What happens Typical data captured
Direct interactions You complete enquiry or application forms on our website, visit our office, speak with us by phone/WhatsApp, or meet us at education fairs. Identity, Contact, Academic, Government‑ID, Financial, Marketing‑Preference data.
Automated technologies When you browse our sites, cookies, pixels, and similar tools record limited technical information so we can secure the site, measure engagement, and show remarketing ads. Technical & Usage Data; pseudonymised cookie IDs.
Partner universities & service providers With your written consent, we request status updates or verification details from universities, language‑test bodies, insurance companies, and payment gateways. Confirmation of application status, fee‑payment confirmation, visa approval letters.
Public or third‑party sources Less commonly, we may validate information using publicly available registers (e.g., NEET score portals) or social‑login APIs (Google / Facebook) when you choose that option. Verified identity tokens, scores, or publicly available profile details.

We do not buy marketing lists, scrape social media, or use covert data‑collection methods. All automated tracking is disclosed in Section 8 (Cookies & Tracking Technologies) and can be controlled through our cookie banner.

If you contact us via social platforms (Facebook, Instagram, LinkedIn), we may receive your public profile name and contact details according to that platform’s privacy settings. Such data is processed under this Policy once imported into our CRM.

6. Legal Bases for Processing

Under the GDPR, the DPDP Act, and comparable regulations, we must identify a specific legal basis for each use of Personal Data. We rely on one or more of the following grounds:

Purpose of processing Legal basis & explanation
Counselling & admissions Contractual necessity – Processing is required to take steps at your request prior to entering into a services agreement and to fulfil that agreement (e.g., submitting an application to a university).
Marketing e‑mails, SMS & WhatsApp updates Consent – We send these communications only if you have expressly opted‑in and may withdraw consent at any time (see Section 14).
Website analytics & optimisation Legitimate interest – We have a business interest in understanding site performance and improving user experience, balanced against minimal privacy impact through aggregated or pseudonymised data.
Regulatory compliance & record‑keeping Legal obligation – We may need to retain invoices, visa documents, or statutory registers to comply with tax laws, anti‑money‑laundering rules, and other legal requirements.

If we intend to use Personal Data for a purpose that is incompatible with those listed above, we will notify you and, where required, collect fresh consent.

7. How We Use Personal Data

We use the Personal Data described in Sections 4–6 strictly for the purposes outlined below and only when we have a valid legal basis to do so. We do not sell or rent your information.

Purpose Typical activities Legal basis (see Section 6)
Counselling & admissions Assess your academic profile, suggest suitable universities, prepare and submit application forms, schedule interviews, coordinate visa documentation. Contractual necessity
Account & relationship management Create or update your CRM record, respond to questions, schedule counselling sessions, send service notifications. Contractual necessity; Legitimate interest
Payment processing Issue invoices, process online card payments, generate receipts, track outstanding balances. Contractual necessity; Legal obligation
Service updates & transactional messages Send e‑mails/SMS/WhatsApp messages about application status, document requirements, exam reminders, travel briefings. Contractual necessity
Marketing communications Send newsletters, scholarship alerts, and promotional offers. You can opt‑out at any time. Consent
Analytics & site optimisation Analyse aggregated traffic patterns, A/B‑test new web pages, measure campaign effectiveness. Legitimate interest
Personalisation & remarketing Show tailored content or ads on Google and social platforms based on your on‑site behaviour. Profiling is limited to cookie IDs and may be disabled via our cookie banner. Consent (EU) / Legitimate interest (India & others)
Security & fraud prevention Monitor logs for suspicious activity, enforce access controls, perform identity verification to prevent impersonation. Legitimate interest; Legal obligation
Legal & regulatory compliance Maintain statutory records, respond to lawful requests from authorities, and enforce our terms and conditions. Legal obligation

We do not engage in automated decision‑making that produces legal or similarly significant effects without human involvement. Profiling used for remarketing is limited to non‑intrusive, pseudonymised cookie and device identifiers; it does not extend to academic or financial evaluations.

If we need to use your data for a new purpose that is incompatible with the above, we will update this Policy and, where legally required, obtain your explicit consent before proceeding.

8. Cookies & Tracking Technologies

We use cookies, pixels, and similar tracking technologies (“cookies”) to ensure our sites work securely, to understand how visitors engage with our content, and—where you have consented—to tailor ads for services that may interest you.

8.1 What are cookies?

Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device and store certain information about your preferences or past actions.

8.2 Types of cookies we use

Type Purpose Examples Lifespan*
Strictly‑necessary Enable core functionality such as page navigation, form submission, and security. The website cannot function properly without these cookies. __cf_bm(Cloudflare), csrf_token Session only
Analytics / performance Help us understand how visitors interact with our pages so we can improve content and site speed. Data is aggregated and pseudonymised. _ga_ga_*_gid(Google Analytics 4) 1 day – 90 days
Advertising / remarketing Record your on‑site activity so we can show relevant ads for our counselling services on Google, Facebook, and partner sites. _gcl_au(Google Ads), _fbp(Meta Pixel) 30 days – 90 days
Preference Remember choices such as language, cookie‑banner settings, or chat‑widget state. cookie_consenttawk_uuid_* 30 days

*Lifespan denotes the maximum period before a cookie is automatically removed by your browser; we have configured all cookies to expire within 90 days or less.

8.3 Managing or withdrawing consent

On your first visit, a banner allows you to accept all cookiesreject non‑essential cookies, or customise settings. You can change your preference at any time by clicking the “Cookie Settings” link in the site footer.

Alternatively, you may:

Blocking some cookies may limit functionality—for example, the counsellor chat widget or enquiry forms may not work correctly.

8.4 Third‑party cookies

Some cookies are set by third‑party services we embed, such as YouTube video players or live‑chat widgets. Those providers are responsible for their own cookies and privacy practices. We encourage you to read their policies.

9. Sharing & Disclosure of Personal Data

We share Personal Data only when necessary to deliver our services, fulfil legal obligations, or protect our legitimate interests. Whenever we share information, we ensure appropriate contractual and technical safeguards are in place, and we never sell your data to third parties.

Recipient category Typical recipients Purpose of disclosure Safeguards applied
Partner universities & colleges Accredited medical universities in Uzbekistan, Russia, Egypt, Iran, Nepal, etc. Submit applications, confirm seat availability, issue Letters of Acceptance (LOA), coordinate tuition‑fee invoicing. Data‑sharing agreements referencing Standard Contractual Clauses (see Section 10); transfer limited to required documents.
Service providers (Processors) Hosting: AWS Asia‑Pacific (Mumbai).
Payment gateway:Razorpay (India) / Stripe (US, if applicable).
Email delivery: SendGrid.
CRM & marketing: Zoho CRM, Google Workspace, Google Ads, Google Analytics, Meta Business Suite. Cloud hosting, payment processing, e‑mail/SMS delivery, CRM management, analytics, remarketing. Data‑Processing Agreements (DPAs) requiring confidentiality, security controls, and data‑return/deletion clauses.
Professional advisers Auditors, accountants, legal counsel Financial audit, tax filing, dispute resolution, contract drafting. Confidentiality clauses in engagement letters.
Government & regulatory authorities Indian DPBI (once constituted), police, courts, embassies/visa centres Respond to lawful requests, comply with subpoenas/court orders, facilitate visa processing. Disclosure only on valid legal basis; records maintained for audit trail.
Security & fraud‑prevention partners Payment‑risk monitoring tools, fraud‑detection APIs Detect and prevent fraudulent payments or identity theft. Limited data (transaction ID, device fingerprint) shared under strict purpose limitation.
Corporate transactions Potential acquirers, investors, or merger partners Due‑diligence review in the event of restructuring, merger, or asset sale. Data shared under Non‑Disclosure Agreements and, where feasible, anonymised or aggregated.

We may also publish aggregated, anonymised statistics (e.g., number of students placed per country) that do not identify any individual.

If a recipient is located outside your jurisdiction, we put in place additional transfer safeguards as described in Section 10 (International Data Transfers).

10. International Data Transfers

We primarily store and process Personal Data on servers located in India (AWS Asia‑Pacific – Mumbai region). However, certain trusted third‑party service providers operate from or store data in other jurisdictions, including the European Economic Area (EEA) and the United States. Whenever your information is transferred across borders, we ensure that an equivalent level of protection travels with it.

10.1 Transfer mechanisms we rely on

Scenario Legal mechanism Additional safeguards
Transfers to the EEA/UK Not applicable, as India is regarded as a third country under GDPR; if an EEA‑based provider receives data, we sign the EU Commission’s Standard Contractual Clauses (SCCs 2021/914). Data minimisation; encryption in transit; pseudonymisation where feasible.
Transfers to the United States or other non‑adequate countries SCCs supplemented by a Transfer Impact Assessment (TIA) per EDPB guidelines. Encryption at rest and in transit; limited access on a need‑to‑know basis; regular vendor audits.
Intra‑group transfers(between universityinsights.in and future subsidiaries) Intra‑group Data‑Sharing Agreement based on SCCs. Same technical and organisational measures as above.

10.2 Hosting & caching

Primary hosting: AWS Mumbai (India).
Static asset CDN: Cloudflare, which may cache encrypted assets on edge servers worldwide. Cloudflare is certified under ISO/IEC 27001 and incorporates SCCs for EU data.

10.3 Your rights & copies of safeguards

You may request a copy of the Standard Contractual Clauses or other transfer safeguards by contacting our Grievance Officer (see Section 2). For security reasons, some text may be redacted.

11. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes set out in this Policy or to comply with legal, accounting, or reporting requirements. In line with your instruction, we apply a universal retention period of 90 days from the date of your last interaction with us, unless a shorter or longer period is required by law.

Data category Typical examples Standard retention period
Identity & Contact Data Name, e‑mail, phone, address 90 days after last interaction
Academic & Career Data Marksheets, NEET scorecard, CV 90 days after last interaction
Government‑ID & Travel Data Passport, PAN/Aadhaar, visa scans 90 days after last interaction
Financial Data Card/bank identifiers, invoices, receipts 90 days after last interaction (Note: Invoices may be kept longer if required by Indian tax law; if that occurs, they are stored offline and encrypted.)
Marketing Preferences Opt‑in/opt‑out records 90 days after opt‑out or last interaction
Technical & Usage Data IP address, device info, cookie IDs 90 days from collection

Criteria used to set retention periods

  • Service necessity: We keep information while actively counselling you and up to 90 days afterwards to accommodate follow‑up queries or re‑engagement.

  • Legal compliance: If specific data (e.g., invoices) must be retained beyond 90 days to satisfy statutory obligations, we do so securely and delete it once the obligation expires.

  • Dispute resolution: Data needed to establish or defend legal claims may be preserved until the claim is resolved.

When the retention period expires, we either permanently delete the data or irreversibly anonymise it so that it can no longer be linked to an individual.

12. Data Security Measures

We apply a layered security programme combining technical, physical, and organisational controls designed to protect Personal Data against unauthorised access, alteration, disclosure, or destruction.

12.1 Technical controls

  • TLS 1.3 encryption – All data in transit between your browser and our servers is secured with 256‑bit SSL/TLS certificates issued by Let’s Encrypt or DigiCert.

  • Encryption at rest – Databases and file‑store volumes are encrypted using AWS KMS AES‑256. Back‑ups inherit the same encryption.

  • Access control & least privilege – Production systems reside in VPCs with strict security‑group rules. IAM roles enforce the principle of least privilege and all administrator actions require MFA.

  • Logging & monitoring – AWS CloudTrail, GuardDuty, and CloudWatch capture security‑related events. Suspicious activity triggers real‑time alerts to our security dashboard (Grafana/Loki).

  • Regular vulnerability scans – We run quarterly AWS Inspector scans and external OWASP Top‑10 penetration tests; critical findings are patched within 72 hours.

12.2 Organisational controls

  • Staff training – All employees undergo annual security and privacy awareness training, including phishing simulations and GDPR/DPDP compliance modules.

  • Background checks – Before onboarding, we verify education counsellors and developers through ID and reference checks.

  • Access reviews – User‑access rights are reviewed every 90 days or upon role change; dormant accounts are disabled after 30 days of inactivity.

  • Confidentiality agreements – Every staff member and contractor signs an NDA covering Personal‑Data handling and continues to be bound post‑employment.

12.3 Physical & network security

  • ISO 27001‑certified data centres – Our AWS Mumbai region data centres implement 24 × 7 on‑site security, CCTV, biometric access, and redundant power.

  • Firewalls & WAF – AWS Shield Standard and Cloudflare Enterprise WAF mitigate DDoS attacks and block malicious traffic patterns.

  • Secure development lifecycle (SDLC) – Code changes are peer‑reviewed, scanned for vulnerabilities (Snyk), and deployed via CI/CD pipelines with automated tests.

12.4 Incident response & breach notification

  • We maintain a documented Incident Response Plan with defined roles, a severity‑matrix, and a 24‑hour on‑call team.

  • If a data breach is likely to result in risk to individuals’ rights and freedoms, we will notify the affected users and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR and DPDP rules.

12.5 Data deletion & disposal

  • Personal‑Data files scheduled for deletion (see Section 11) are securely wiped using NIST SP 800‑88 standards or cryptographic erase.

  • Paper documents are shredded on‑site using cross‑cut shredders and disposed of via certified recycling vendors.

13. Your Data‑Protection Rights

Depending on your jurisdiction, you may have some or all of the rights listed below. We honour these rights regardless of where you are located, subject to limited legal exceptions (e.g., when disclosure would adversely affect the rights and freedoms of others).

Right What it means How to exercise
Access Obtain confirmation of whether we process your Personal Data and receive a copy of that data. E‑mail [email protected] with subject line “Data Access Request.” We may ask for proof of identity (e.g., scanned ID) before releasing data.
Rectification Request correction of inaccurate or incomplete Personal Data. Contact us with the corrected information and supporting evidence.
Erasure (“Right to be Forgotten”) Ask us to delete your Personal Data when it is no longer needed, if you withdraw consent, or if processing is unlawful. Submit a deletion request via e‑mail; we will confirm completion once data is erased or anonymised.
Restriction Request a temporary halt to processing while accuracy is verified or an objection is resolved. State the reason for restriction; we will flag the data and cease processing except for storage.
Portability Receive a machine‑readable copy of your Personal Data that you provided to us and/or have it transmitted to another controller. Specify the data you want ported and the destination controller’s contact details.
Objection Object to processing based on legitimate interest or direct marketing. Opt‑out links are provided in every marketing e‑mail/SMS; for other objections, e‑mail us.
Withdraw consent Withdraw any consent you have previously given (e.g., marketing, cookies). Use the “unsubscribe” or “Cookie Settings” links or write to us.
Automated decision‑making Obtain human intervention and contest a decision based solely on automated processing that significantly affects you. We currently make no such decisions, but you can contact us if you believe otherwise.
Complain to a supervisory authority Lodge a complaint with the competent data‑protection authority if you believe we mishandled your data. EU residents may contact their local DPA; Indian residents may contact the forthcoming Data Protection Board of India. We encourage you to contact us first.

Response timeline

We will acknowledge your request within 72 hours and aim to fulfil it within one calendar month. Complex requests or multiple simultaneous requests may take up to two additional months; if so, we will notify you of the delay and the reasons.

If we refuse a request (e.g., due to statutory exemptions), we will explain our reasons and inform you of your right to escalate.

14. Marketing Communications

We share scholarship alerts, university updates, visa deadlines, and other useful information only after you give us permission and always in line with laws such as the GDPR e‑Privacy Directive, India’s TCCCPR 2020, and the CAN‑SPAM Act.

14.1 How we obtain consent

  • Web forms: Every enquiry or download form includes an unticked checkbox explaining what marketing you will receive.

  • Double opt‑in: E‑mail subscribers must click a confirmation link before being added to a list.

  • Offline events: Written or digital consent is captured at education fairs and walk‑in counselling.

14.2 Channels we use

  • E‑mail newsletters from [email protected]

  • SMS and WhatsApp broadcasts sent through TRAI‑registered headers/templates

  • Browser/app push notifications (only if you opt‑in)

  • Phone calls by our in‑house counsellors (never outsourced agents)

14.3 Frequency and personalisation

We limit promotional e‑mails to no more than four per month and SMS/WhatsApp to two per month. Content may be personalised based on your stated interests or site activity but we never use intrusive profiling.

14.4 How to unsubscribe or manage preferences

  • Click “Unsubscribe” in any e‑mail for instant removal.

  • Reply STOP to any SMS or WhatsApp message.

  • E‑mail [email protected] with subject “Opt‑out” and list the channels you wish to stop.

  • Use the Cookie Settings panel to withdraw consent for advertising cookies.

Opt‑out requests are processed within 24 hours for e‑mail and 72 hours for SMS/WhatsApp.

14.5 Service messages remain unaffected

Transactional messages—such as application status updates, payment receipts, or exam reminders—continue even if you opt‑out of marketing because they are necessary to perform our contract with you.

14.6 Record keeping

We store a hashed record of your consent or opt‑out status for 90 days after your last interaction, after which it is anonymised or deleted as described in Section 11.

15. Children’s Privacy

Our services are directed primarily to individuals aged 13 years and older. We do not knowingly collect Personal Data from children under 13. If we become aware that a child under this age has provided us with information without verified parental or guardian consent, we will promptly delete such data.

15.1 Parental consent

  • When a prospective student is under 13, we require a parent or legal guardian to complete and sign any enquiry or application forms on the child’s behalf.

  • We may request documentary proof of guardianship before processing any Personal Data.

15.2 Parents’ and guardians’ rights

Parents or guardians may:

  1. Review the child’s Personal Data held by us.

  2. Request deletion of the child’s Personal Data.

  3. Withdraw consent previously given for processing.

To exercise these rights, please e‑mail [email protected] or call +91 98703 49912 with evidence of your relationship to the child. We will respond within 72 hours and complete verified deletion requests within 30 days.

15.3 Educational counselling for minors aged 13–17

For students aged 13–17, we permit the teenager to attend counselling sessions but require a parent or guardian to:

  • Provide written consent before any application submission or payment.

  • Be copied (C‑c’ed) on all e‑mail communications relating to admission offers, fee invoices, or visa procedures.

If at any point we learn that we have processed a child’s data in a manner inconsistent with this section, we will take immediate steps to rectify the issue, including notifying the parent or guardian and, where required, the relevant supervisory authority.

16. Third‑Party Links & Services

Our website and communications may contain links to external websites, mobile applications, or integrated services that are not operated or controlled by University Insights. Examples include:

  • YouTube videos embedded in blog posts.

  • Social‑media sharing buttons and login options (e.g., Google, Facebook).

  • Payment‑gateway pop‑ups (Razorpay/Stripe).

  • University portals or embassy visa‑application pages.

We provide these links only for convenience and informational purposes. The inclusion of a link does not imply endorsement of the third‑party site or service. Because we do not control these third parties, we cannot guarantee the security or privacy of any information you provide to them.

Your responsibilities:

  1. Review third‑party policies – Before submitting any Personal Data on an external site, read its privacy policy and terms of service to understand how your information will be handled.

  2. Check permissions – When using a social‑login option (e.g., “Sign in with Google”) you can review and restrict the permissions requested.

  3. Report concerns – If you believe a linked site is unsafe or misusing data, please notify us at [email protected].

We are not responsible for the content, security, or privacy practices of third‑party sites. Your use of such sites is at your own risk and will be governed by the site’s own terms and policies.

17. Changes to This Privacy Policy

We may update or amend this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for any other reason that we deem necessary.

17.1 How we will notify you

Change type Example Notification method
Minor editorial change Correcting a typo, re‑ordering headings, clarifying wording without affecting your rights or our obligations. Updated “Last updated” date at the top of this document.
Material change Introducing a new category of Personal Data, adding a new purpose such as scholarship‑matching AI profiling, or changing the lawful basis for processing. (1) Banner or pop‑up on the homepage for at least 30 days; (2) E‑mail notice to all active contacts; (3) In‑app notice in the student portal (if applicable).
Change requiring fresh consent Implementing a new marketing channel (e.g., push notifications) or enabling previously uncollected cookies. (1) E‑mail and in‑site banner explaining the change; (2) New consent request or opt‑in checkbox.

17.2 Effective date of changes

All changes become effective on the date indicated in the “Last updated” line at the top of the Policy, unless a later date is specified. Continued use of our services after the effective date constitutes acceptance of the revised Policy.

If you do not agree to any future changes, you should cease using our services and may request deletion of your Personal Data as described in Section 13.

18. How to Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your rights, please reach out using any of the channels below:

Contact method Details
E‑mail (preferred) [email protected]
Phone +91 98703 49912 (Monday – Friday, 10:00 – 18:00 IST)
Postal Grievance Officer / Data Protection Officer
Unisights Global Private Limited (University Insights)
2401, 24th Floor, E‑Square, Supertech, Plot C‑2, Sector 96,
Noida, Gautam Buddha Nagar, Uttar Pradesh 201303, India
In‑person You may visit our Noida office by prior appointment.

When contacting us, please provide enough information to identify yourself and the nature of your request (e.g., “Access Request” or “Marketing Opt‑out”) so we can respond promptly.

19. Complaints & Dispute Resolution

We are committed to resolving privacy concerns quickly and transparently.

  1. Internal escalation – If you are dissatisfied with our initial response, you may escalate the matter to our Managing Director at [email protected]. We aim to resolve escalated complaints within 30 days.

  2. External redress

    • India: Once operational, you may lodge a complaint with the Data Protection Board of India (DPBI) under the Digital Personal Data Protection Act, 2023.

    • European Union / EEA: If you are located in the EU/EEA, you have the right to complain to your local Data Protection Authority (DPA) about our data‑processing activities. Contact details for DPAs are available at https://edpb.europa.eu.

    • United Kingdom: UK residents may contact the Information Commissioner’s Office (ICO)(https://ico.org.uk).

    • Other jurisdictions: You may have similar rights to approach your regional privacy regulator.

  3. Alternative dispute resolution (ADR) – If direct resolution proves impossible, we are open to engaging an independent, industry‑recognised ADR provider. Any ADR will be conducted in English and under Indian law, unless otherwise required by mandatory local law.

  4. Judicial remedy – You retain the right to seek judicial redress before the competent courts of India or, where applicable, your country of residence.

We encourage you to contact us first so we have an opportunity to address your concerns before you approach a supervisory authority or court.

For any query please refer to Contact Us Page, for anything about us, what we are and what we do, please refer to About Us Page.