Privacy Policy
1. Introduction
MOYO Innovations (‘Company’, ‘we’, ‘us’, ‘our’) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, share, and protect information about individuals (‘Data Principals’ / ‘you’) who visit our website (https://moyoinnovations.com/), engage with our services, enrol in our Academy programmes, or use our MOYO Suite products.
This Policy is prepared in compliance with:
- Digital Personal Data Protection Act 2023 (DPDP Act) and DPDP Rules 2025 (India)
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011
- Information Technology Act 2000 (India)
- Consumer Protection Act 2019 and E-Commerce Rules 2020 (India)
- General Data Protection Regulation (EU) 2016/679 (GDPR)
- UK General Data Protection Regulation (UK GDPR)
- California Consumer Privacy Act 2018 as amended by CPRA 2020 (CCPA/CPRA)
- Singapore Personal Data Protection Act 2012 (PDPA)
- Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
2. Identity of the Data Fiduciary
|
Detail |
Information |
|
Data Fiduciary / Controller |
MOYO Innovations |
|
Registered Address |
Featherlite The Address, 200 Feet Radial Rd, Iswarya Nagar, Raja Joseph Colony, Pallavaram, Chennai – 600 044, Tamil Nadu, India |
|
|
contact@moyoinnovations.com |
|
Phone |
+91 98409 06066 / +91 88072 35704 |
|
Grievance Officer |
[INSERT NAME] – See Section 17 |
|
CIN / Registration |
[ASSUMPTION REQUIRED – Insert company registration number] |
3. Personal Data We Collect
We collect the following categories of personal data, depending on how you interact with us:
|
Category |
Specific Data |
Collection Source |
|
Identity Data |
First name, last name, gender (where provided) |
Contact forms, Academy enrolment |
|
Contact Data |
Email address, phone number (with country code), postal address |
Contact forms, consultations, Academy |
|
Professional Data |
Company name, job title, industry, business requirements |
Consultation forms, service engagements |
|
Educational / Training Data |
Course selection, academic background, placement details, assessment results |
MOYO Academy enrolment |
|
Financial / Billing Data |
Invoice details, payment confirmation, GST number (B2B) |
MOYO Suite Billing, Academy fees |
|
Technical Data |
IP address, browser type, device type, OS, session duration, pages visited |
Server logs, analytics tools |
|
Communication Data |
Messages sent via contact form, WhatsApp, email correspondence |
Contact forms, WhatsApp |
|
Marketing Data |
Email subscription preference, response to campaigns |
Newsletter signup, email campaigns |
|
Sensitive Personal Data (SPDI) |
Financial information processed via payment gateway (not stored by us) |
Academy payment process |
|
HR / Workforce Data |
CV/resume, employment history, references (for job applicants and workforce solutions clients) |
Careers page, HR service engagements |
We do NOT collect: national identification numbers (Aadhaar, PAN) directly on the public website. We do NOT knowingly collect biometric data. Assumption Required: confirm whether Academy enrolment collects ID proof.
4. How We Use Your Personal Data
|
Purpose of Processing |
Categories of Data Used |
|
Responding to contact form enquiries and consultation requests |
Identity, Contact, Professional, Communication |
|
Providing technology services, enterprise support, branding, and digital marketing engagements |
Identity, Contact, Professional, Communication |
|
Processing Academy course enrolments and managing student progress |
Identity, Contact, Educational/Training, Financial |
|
Delivering HR consulting and workforce placement services |
Identity, Contact, Professional, HR/Workforce |
|
Operating and improving MOYO Suite (CRM, Billing, Finance) |
Identity, Contact, Technical, Financial |
|
Sending service-related communications and updates |
Identity, Contact, Communication |
|
Sending marketing communications (only with your consent) |
Identity, Contact, Marketing |
|
Managing career applications submitted via the Careers page |
Identity, Contact, HR/Workforce |
|
Compliance with legal and regulatory obligations |
All categories as required |
|
Website analytics and improvement of user experience |
Technical |
|
Fraud detection and security |
Technical, Identity |
5. Legal Basis for Processing
|
Processing Activity |
Legal Basis |
|
Responding to enquiries / consultations |
Consent (DPDP Act s.6); Legitimate Interest (GDPR Art.6(1)(f)) |
|
Service delivery under a contract |
Contract performance (GDPR Art.6(1)(b)); Consent (DPDP Act s.6) |
|
Academy enrolment and training delivery |
Contract performance; Consent |
|
Sending marketing communications |
Explicit Consent (all frameworks) |
|
Website analytics |
Consent (GDPR/DPDP); Legitimate Interest (where anonymised) |
|
Legal compliance and obligations |
Legal obligation (GDPR Art.6(1)(c)); DPDP Act s.7(b) |
|
HR and recruitment services |
Consent of data subjects; Legitimate Interest |
6. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this Policy, or as required by applicable law. Indicative retention periods are:
|
Data Category |
Retention Period |
|
Contact form enquiries (non-converting) |
12 months from date of enquiry |
|
Client engagement records |
7 years from end of engagement (as required by Indian accounting law) |
|
Academy student records |
7 years from course completion (potential regulatory audit requirements) |
|
HR and workforce placement records |
3 years post-placement, or as agreed with client |
|
Financial / billing records |
8 years (Income Tax Act 1961 requirements) |
|
Marketing consent records |
Until consent is withdrawn + 3 years for evidence purposes |
|
Website analytics data |
26 months (Google Analytics default; or as configured) |
|
Job application data (unsuccessful) |
12 months from application date |
At the end of the applicable retention period, data will be securely deleted or anonymised.
7. Data Sharing and Disclosure
We do not sell your personal data. We may share data with:
|
Recipient Category |
Purpose and Safeguards |
|
Cloud / Hosting Service Providers |
Website hosting, data storage – bound by data processing agreements |
|
Payment Gateway (Assumption Required – e.g., Razorpay/PayU) |
Processing Academy fees and service payments – PCI-DSS compliant |
|
Email Marketing Platform (Assumption Required) |
Newsletter and marketing communications – DPA in place |
|
CRM / Analytics Tools |
Service delivery and analytics – configured per applicable law |
|
Placement Partners and Hiring Companies |
Academy student placement (with student consent) |
|
Professional Advisors |
Legal, accounting, audit – bound by confidentiality obligations |
|
Regulatory / Law Enforcement Authorities |
Where required by law or court order |
All third-party processors are required to handle data in accordance with applicable law and are bound by contractual obligations.
8. International Data Transfers
MOYO Innovations is based in India. If you interact with us from outside India, your data will be transferred to and processed in India. Where we transfer data internationally (e.g., to cloud services hosted outside India), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission – for EU/UK data subjects
- Binding Corporate Rules or equivalent mechanisms – where applicable
- Transfers to countries with adequate data protection laws – as assessed by applicable regulatory frameworks
- Compliance with DPDP Act cross-border transfer provisions as notified by the Government of India
- Singapore PDPA – transfers only to countries with comparable data protection standards
- Australia Privacy Act – transfers only with recipient bound by comparable obligations
Assumption Required: Confirm specific countries/regions where hosting and third-party services process data.
9. Your Rights
Depending on your jurisdiction, you have the following rights:
|
Right |
Description |
Applicable Framework |
|
Right to Information |
Know what data we hold and how it is processed |
DPDP Act s.12, GDPR Art.15 |
|
Right to Correction |
Correct inaccurate or incomplete personal data |
DPDP Act s.13, GDPR Art.16 |
|
Right to Erasure |
Request deletion of your personal data |
DPDP Act s.13, GDPR Art.17 |
|
Right to Restriction |
Restrict processing in certain circumstances |
GDPR Art.18 |
|
Right to Portability |
Receive your data in a structured, machine-readable format |
GDPR Art.20 |
|
Right to Object |
Object to processing based on legitimate interests or direct marketing |
GDPR Art.21 |
|
Right to Nominate |
Nominate a person to exercise rights on your behalf after death |
DPDP Act s.14 |
|
Right to Withdraw Consent |
Withdraw consent at any time without detriment |
DPDP Act s.6(4), GDPR Art.7(3) |
|
Right not to be Profiled |
Not be subject to solely automated decision-making with significant effects |
GDPR Art.22 |
|
Right to Know – CCPA |
Know what personal information is collected and how it is used |
CCPA/CPRA s.1798.100 |
|
Right to Delete – CCPA |
Request deletion of personal information |
CCPA/CPRA s.1798.105 |
|
Right to Opt-Out of Sale – CCPA |
Opt out of the sale or sharing of personal information |
CCPA/CPRA s.1798.120 |
|
Access and Correction – PDPA |
Access and correct personal data |
Singapore PDPA s.21-22 |
To exercise any of these rights, please contact our Grievance Officer (see Section 17). We will respond within the timeframes required by applicable law (generally 30 days under GDPR; 30 days under DPDP Act).
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. Please see our full Cookie Policy at https://moyoinnovations.com/cookie-policy/ for detailed information. In summary:
|
Cookie Type |
Purpose |
|
Strictly Necessary Cookies |
WordPress session management; security; form functionality – no consent required |
|
Preference / Functionality Cookies |
Remembering language and display preferences |
|
Analytics Cookies |
Understanding how visitors use our website (requires consent) |
|
Marketing / Advertising Cookies |
Targeting and retargeting advertisements (requires consent) |
|
Third-Party Cookies |
YouTube video embeds (Google); Facebook social plugins; LinkedIn widgets |
We will not place non-essential cookies on your device without your prior consent. You can manage your cookie preferences at any time using the Cookie Settings link in our website footer.
11. Children’s Privacy
MOYO Innovations’ website and general services are not directed at children under 18 years of age. However, MOYO Academy offers training programmes that may be enrolled in by individuals aged 16-17 years. In such cases:
- We require verifiable parental or guardian consent before processing any personal data of individuals under 18, in accordance with Section 9 of the DPDP Act 2023.
- Parents or guardians may contact us to review, correct, or delete personal data relating to minors in our care.
- We do not knowingly engage in targeted advertising directed at minors.
If you believe we have inadvertently collected data from a minor without parental consent, please contact us immediately at contact@moyoinnovations.com.
12. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Encrypted data transmission (SSL/TLS)
- Access controls and role-based permissions
- Regular security assessments and vulnerability testing
- Staff training on data protection and information security
- Secure data storage with backup and recovery procedures
Notwithstanding the above, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security.
13. Data Breach Notification
In the event of a personal data breach, we will:
- Assess the risk to individuals affected
- Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, where required under the DPDP Act 2023
- Notify affected Data Principals without undue delay, where the breach is likely to result in high risk to their rights and freedoms (GDPR Article 34)
- Take immediate remedial action to contain and mitigate the breach
- Document all breaches in our internal data breach register
14. Third-Party Links
Our website contains links to third-party websites, social media platforms (Facebook, Instagram, LinkedIn), and embedded content (YouTube). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or, where appropriate, by email. The ‘Last Updated’ date at the top of this page will reflect the date of the most recent revision. Continued use of our website or services following notice of changes constitutes your acceptance of the updated Policy.
16. Do Not Sell My Personal Information (CCPA – California Residents)
We do not sell personal information as defined under the California Consumer Privacy Act (CCPA). If this position changes in future, California residents will have the right to opt out. For any CCPA-related enquiries, please contact: contact@moyoinnovations.com
17. Grievance Officer (DPDP Act & IT Act)
|
Grievance Officer Details In accordance with Section 13 of the DPDP Act 2023, Rule [X] of the DPDP Rules 2025, and Rule 5(9) of the IT (SPDI) Rules 2011, MOYO Innovations has designated a Grievance Officer:
|
18. Contact Us
For any questions, concerns, or to exercise your data rights, please contact:
MOYO Innovations | Featherlite The Address, 200 Feet Radial Rd, Pallavaram, Chennai – 600 044, Tamil Nadu, India
Email: contact@moyoinnovations.com | Phone: +91 98409 06066 | WhatsApp: +91 88072 35704