1. Introduction

This Privacy Policy explains how ZOEYS WORKASSIST PRIVATE LIMITED collects, receives, stores, uses, processes, shares, protects, retains, deletes and otherwise handles personal data when individuals access or use workassist.in and the Workassist Training platform.

This Privacy Policy is intended to comply with the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, applicable rules and related Indian privacy and cybersecurity requirements.

For personal data processed through the Platform, the Company generally acts as a Data Fiduciary because it determines the purpose and means of processing personal data. Certain Training Providers, corporate clients, payment gateways, LMS providers, cloud providers, analytics providers and vendors may act as Data Processors, independent fiduciaries or authorised recipients depending on their role.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where consent is required, we will seek consent through clear affirmative action and you may withdraw consent in accordance with this Policy.

2. Scope

This Privacy Policy applies to website visitors, learners, professionals, students, parents/guardians, trainers, Training Providers, corporate clients, client administrators, employees of corporate clients, vendors, speakers, mentors, reviewers, community members, support users and other individuals whose personal data is processed through or in connection with the Platform.

This Policy applies to digital personal data and to personal data collected offline that is later digitised, including data collected during offline workshops, classroom sessions, events, corporate programmes, attendance processes, support calls or registration drives.

This Policy does not apply to third-party websites, services, payment pages, webinar platforms, social media platforms or external tools that operate under their own privacy terms, except to the extent we control processing through them.

3. Categories of personal data collected

We may collect identity data, including name, username, photograph, age range, date of birth where needed, gender where voluntarily provided, identity verification details, student or employee identifier and parent/guardian details where applicable.

We may collect contact data, including email address, mobile number, WhatsApp number, postal address, city, state, country, emergency contact where relevant for offline events and communication preferences.

We may collect professional and educational data, including qualification, institution, employer, designation, industry, years of experience, resume/CV, LinkedIn profile, portfolio, certifications, learning goals, skill interests and corporate nomination data.

We may collect account and authentication data, including username, password hash, login records, device identifiers, security questions, multi-factor authentication records, account settings, access permissions and consent preferences.

We may collect transaction and billing data, including payment status, invoices, receipts, refunds, chargebacks, billing name, GSTIN, PAN where required for trainers or vendors, bank details for payouts, tax information, coupon usage and payment gateway references. We generally do not store complete card numbers or sensitive payment credentials unless permitted and required under applicable payment security standards.

We may collect training and learning data, including enrolments, attendance, course progress, assessment results, assignment submissions, feedback, chat participation, certificates, badge status, project work, mentor notes, session interactions, learning analytics and completion records.

We may collect communications data, including emails, support tickets, call notes, chat messages, survey responses, grievance submissions, review content, testimonial content, forum posts and communication metadata.

We may collect technical and usage data, including IP address, browser type, operating system, device type, device IDs, approximate location, pages viewed, clicks, referrers, timestamps, cookies, session IDs, analytics events, error logs and fraud/security signals.

We may collect audio, video, image and recording data where sessions, webinars, meetings, workshops, feedback calls, interviews, testimonials or support interactions are recorded or photographed.

We may collect special or sensitive-like data only where necessary and lawful, such as disability accommodation requests, dietary requirements for offline events, medical emergency information for certain events, identity proof for examination integrity or background verification information for trainers. We will minimise such collection and apply appropriate safeguards.

4. Sources of personal data

We collect personal data directly from you when you register, purchase, attend, submit assignments, communicate with us, give feedback, apply as a trainer, join a corporate programme, request support or use the Platform.

We may receive personal data from corporate clients, employers, colleges, universities, institutions, training partners, parents/guardians, referral partners, payment processors, verification providers, social login providers, webinar tools, LMS systems, analytics providers and publicly available professional sources.

We collect certain data automatically through cookies, device technologies, server logs, analytics tags, tracking pixels and similar technologies in accordance with the Cookie and Tracking Technologies Policy.

5. Purposes of processing

We process personal data to provide, administer, manage and improve the Platform, including account creation, enrolment, attendance, training delivery, content access, learner support, trainer communication, certificate issuance, assessment administration, payment processing, refund handling, complaint resolution and user authentication.

We process personal data to communicate with users about registrations, reminders, schedule changes, live session links, learning materials, assessments, certificates, refunds, invoices, support issues, grievances, policy changes, security alerts and service updates.

We process personal data to operate the marketplace, including trainer onboarding, listing management, programme ranking, revenue sharing, tax reporting, training provider coordination, quality review, complaint handling and payout administration.

We process personal data for corporate training administration, including nomination, attendance, progress reports, completion reports, assessment results, feedback summaries, compliance training records and client communication, subject to applicable agreements.

We process personal data for legal, tax, audit, accounting, regulatory, cybersecurity, fraud prevention, dispute resolution, record keeping, insurance and enforcement purposes.

We process personal data to improve the Platform, including analytics, user experience, content quality, product development, recommendation systems, bug fixes, performance monitoring, trainer quality assurance and learning effectiveness analysis.

We process personal data for marketing and promotional purposes, including newsletters, course recommendations, event invitations, discounts, webinars, remarketing, testimonials and success stories, only where permitted by law and subject to opt-out or consent requirements.

We may process anonymised, aggregated or de-identified data for reporting, research, benchmarking, product development, business analysis, quality control and public insights, provided it does not identify an individual.

6. Consent and legitimate uses

Where processing is based on consent, consent will be sought through clear, specific, informed, unconditional and unambiguous affirmative action. We will not rely on pre-ticked boxes for optional consent.

Our consent notices will identify the personal data or categories of personal data, the specific purposes of processing, the mechanism to withdraw consent, the mechanism to exercise rights and the grievance contact.

You may withdraw consent at any time through account settings, unsubscribe links, privacy preference tools or by contacting contact@workassist.in. Withdrawal of consent will not affect processing already completed before withdrawal. If consent is withdrawn for data required to provide a service, access to that service may be restricted or discontinued.

We may also process personal data for uses permitted under Applicable Law, including voluntary provision of data for a specified purpose, compliance with law, court orders, employment-related processing where applicable, medical emergency processing, disaster or public order-related processing where applicable and other lawful uses recognised by law.

7. Children's data and student safeguards

Our general services are intended for individuals aged 18 or above. Where we offer programmes to children or individuals under 18, we may require verifiable parental or guardian consent before processing their personal data.

We will not knowingly undertake tracking, behavioural monitoring or targeted advertising directed at children where prohibited by Applicable Law.

We may implement additional safeguards for minors, including age gates, parental consent forms, restricted chat features, verified trainer access, moderated sessions, recording disclosures, limited data sharing, controlled community access and enhanced complaint mechanisms.

Parents or lawful guardians may contact us at contact@workassist.in to request access, correction, deletion, withdrawal of consent or restriction of a child's data, subject to verification and legal requirements.

8. Sharing of personal data

We may share personal data internally with authorised teams, including operations, training delivery, customer support, technology, finance, compliance, marketing, legal, security and management teams on a need-to-know basis.

We may share necessary participant data with Training Providers for programme delivery, attendance, communication, assignments, assessment, certification and support. Training Providers are contractually required to use such data only for authorised purposes.

We may share personal data with corporate clients where a programme is sponsored, paid for, administered or required by that corporate client. This may include attendance, progress, completion, assessment, certificate status and feedback data, as agreed with the client and disclosed to participants.

We may share data with service providers, including cloud hosting providers, payment gateways, payment aggregators, LMS providers, video-conferencing tools, email/SMS/WhatsApp providers, analytics providers, helpdesk tools, CRM systems, identity verification providers, tax/accounting tools, security vendors and certificate verification tools.

We may disclose personal data to courts, regulators, law enforcement agencies, government authorities, tax authorities, CERT-In, consumer forums, Data Protection Board or other authorities where required by law, order, direction, investigation or legal process.

We may share data in connection with mergers, acquisitions, investments, restructuring, sale of business, transfer of assets, insolvency or due diligence, subject to confidentiality and legal safeguards.

9. International transfers

Personal data may be stored or processed outside India where we use global cloud, LMS, communication, analytics, security, payment or support providers.

Where cross-border transfers occur, we will comply with applicable Indian law, contractual safeguards, vendor due diligence and any restrictions notified by the Government of India.

10. Recordings and photographs

Sessions may be recorded for training delivery, learner revision, quality assurance, security, evidence of attendance, dispute resolution, trainer review, accessibility, corporate reporting or creation of learning resources.

Recordings may include name, voice, image, video, chat, screen sharing, Q&A, participant interactions, attendance and trainer content. Users may disable their camera where permitted, except where identity verification, examination integrity or participation rules require otherwise.

Recordings may be shared with enrolled participants, trainers, corporate clients, support teams or authorised reviewers as necessary. We will not use identifiable learner images or testimonials for public marketing without appropriate consent.

11. Security safeguards

We implement reasonable security safeguards, which may include encryption in transit, access controls, password hashing, multi-factor authentication where available, secure hosting, role-based permissions, logging, monitoring, backups, vulnerability management, vendor contracts, employee confidentiality obligations and incident response procedures.

Access to personal data is limited to authorised personnel, trainers, partners and vendors who need access for legitimate purposes.

Users are responsible for using secure passwords, protecting devices, avoiding shared accounts and notifying us promptly of suspected compromise.

12. Personal data breach

If we become aware of a personal data breach, we will take reasonable steps to contain, investigate, assess, remediate, document and notify affected individuals and authorities where required by Applicable Law.

Users and Training Providers must promptly report suspected data breaches, unauthorised access, lost devices, accidental sharing, phishing, malware or participant data misuse to contact@workassist.in.

13. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including service delivery, certification verification, legal compliance, tax records, audit, dispute resolution, fraud prevention, security, contractual obligations and legitimate business needs.

Indicative retention periods are:

• Account data: account duration plus up to 3 years after closure, unless longer retention is required.
• Payment and invoice records: 8 years or as required by tax and accounting law.
• Certificate and completion records: up to 10 years or longer where needed for verification, unless deletion is legally required.
• Attendance and assessment records: 3 to 7 years depending on programme type and client requirements.
• Support and grievance records: 3 to 7 years depending on dispute risk and legal obligations.
• Marketing leads: until opt-out, withdrawal, inactivity or the applicable internal deletion cycle.
• Recordings: the programme access period plus up to 3 years, unless the recording is used in a paid content library or is required for evidence, compliance or dispute resolution.
• Security logs: 180 days or longer where required for cybersecurity, investigation, legal compliance or platform integrity.

We may retain anonymised or aggregated data indefinitely where individuals are not identifiable.

When retention is no longer necessary, we will delete, anonymise, archive or securely restrict data in accordance with internal retention procedures.

14. Your rights

Subject to Applicable Law, you may have the right to obtain information about processing, access personal data, correct inaccurate data, complete incomplete data, update data, request erasure, withdraw consent, nominate another person to exercise rights in case of death or incapacity and seek grievance redressal.

To exercise rights, contact contact@workassist.in with your name, registered email/phone, request details and verification information. We may refuse or limit requests where permitted by law, including where retention is required for legal claims, tax records, fraud prevention, security, certification integrity or contractual obligations.

We may require identity verification before acting on a request. We will respond within timelines prescribed by Applicable Law.

15. Marketing choices

You may opt out of marketing communications by using unsubscribe links, updating preferences or contacting us. Transactional and service communications may continue even after marketing opt-out.

If you opt out of targeted advertising or reject marketing cookies, you may still see non-personalised advertising or service-related messages.

16. Cookies and tracking

We use cookies and similar technologies as described in the Cookie and Tracking Technologies Policy.

Non-essential cookies may be subject to consent and preference controls depending on applicable law and Platform configuration.

17. Grievance officer and contact

18. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on the Platform with the effective date.

Where a material change requires fresh consent or notice under Applicable Law, we will take appropriate steps.