Last Updated: 09-07-2026
Effective For: Olatus Systems Private Limited ("Company," "we," "us," or "our")
Jurisdiction: India (with global accessibility)
Compliance Framework: Digital Personal Data Protection Act, 2023 (India) | General Data Protection Regulation (EU) 2016/679


📋 TABLE OF CONTENTS

  1. Introduction & Scope
  2. Key Definitions
  3. Who We Are: Data Fiduciary & Controller Information
  4. Lawful Basis for Processing
  5. Categories of Personal Data We Collect
  6. How and Why We Use Your Data
  7. Data Sharing & Third-Party Disclosures
  8. International Data Transfers
  9. Data Retention & Deletion
  10. Your Rights: DPDP Act & GDPR
  11. Consent Management & Withdrawal
  12. Cookies, Tracking & Analytics
  13. Children's Privacy
  14. Security Measures
  15. Data Breach Notification
  16. Automated Decision-Making & Profiling
  17. Grievance Redressal & Contact
  18. Changes to This Policy
  19. Appendix: Data Processing Summary

1. INTRODUCTION & SCOPE

1.1 Welcome

Thank you for trusting Olatus Systems Private Limited with your personal data. This Privacy Policy ("Policy") explains how we collect, use, store, protect, and share your personal information when you interact with our integrated platform, including:

✅ eCommerce store (physical & digital products)
✅ Learning Management System (LMS) & online courses
✅ Community forum, blog, and user-generated content features
✅ Membership subscriptions & recurring access plans
✅ Mobile application and related services
(collectively, the "Services")

This Policy is designed to comply with:

  • 🇮🇳 Digital Personal Data Protection Act, 2023 (DPDP Act) and associated rules
  • 🇪🇺 General Data Protection Regulation (GDPR) 2016/679 (for EU/EEA users)
  • 🌐 Other applicable data protection laws in jurisdictions where we operate

Where conflicts arise between legal frameworks, we apply the standard offering the highest level of protection to you.

By accessing or using our Services, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree, please discontinue use immediately.

🔹 For Minors (Under 18): Use of our Services requires verifiable parental/guardian consent. Please review Section 13 for details.


2. KEY DEFINITIONS

Term DPDP Act Definition GDPR Equivalent Our Usage
Personal Data Any data about an individual who is identifiable by or in relation to such data Personal data: any information relating to an identified or identifiable natural person Names, contact details, purchase history, learning progress, forum posts, device identifiers
Data Principal The individual to whom the personal data relates Data Subject You, the user of our Services
Data Fiduciary Any person who alone or with others determines the purpose and means of processing personal data Data Controller Olatus Systems Private Limited
Data Processor Any person who processes personal data on behalf of a Data Fiduciary Data Processor Payment gateways, cloud hosts, analytics providers, courier partners
Consent Freely given, specific, informed, unconditional, and unambiguous indication of agreement Freely given, specific, informed, and unambiguous indication by clear affirmative action Your opt-in during registration, checkout, or preference settings
Processing Any operation performed on personal data (collection, storage, use, sharing, deletion, etc.) Any operation performed on personal data All activities involving your data within our Services
Significant Data Fiduciary A Data Fiduciary notified by the Government based on volume/sensitivity of data Not directly applicable We assess our status annually; if designated, additional obligations apply

3. WHO WE ARE: DATA FIDUCIARY & CONTROLLER INFORMATION

Olatus Systems Private Limited
House No: 346, 1st Floor, Police Station, Zoo-Narengi Rd, opp. Barista Cafe and Geetanagar, Ambikagirinagar
Guwahati, Assam, 781024, India
📧 Privacy Contact: support@olelectronics.com
📞 Phone: +91 69001 05606
🌐 Website: www.olelectronics.com

3.1 Data Protection Officer (DPO) / Grievance Officer

As required under DPDP Act and GDPR (where applicable), we have designated:

Grievance Officer (DPDP Act)
Name: [Officer Name]
Email: support@olelectronics.com
Response Time: Within 15 days of receipt

Data Protection Officer (GDPR – if applicable)
Name: [DPO Name]
Email: support@olelectronics.com
Contact for EU/EEA users regarding GDPR rights

If you are in the EU/EEA and believe we are not a GDPR controller for your processing, please contact our DPO for clarification.

3.2 Representative for EU/EEA Users (GDPR Art. 27)

If we do not have an establishment in the EU but process data of EU residents, our appointed representative is:

[Representative Name/Entity]
[Address in EU]
Email: support@olelectronics.com

(If not applicable, this section will state: "Not applicable: Olatus Systems Private Limited has an establishment in the EU / does not target EU residents.")


4. LAWFUL BASIS FOR PROCESSING

We process your personal data only when we have a valid legal basis. Below is our mapping of processing activities to lawful bases:

Processing Activity DPDP Act Basis GDPR Legal Basis Explanation
Account registration & authentication Consent / Legitimate Use Consent (Art. 6(1)(a)) / Contract (Art. 6(1)(b)) Necessary to create and manage your Account
Order processing & fulfillment Consent / Contractual necessity Contract (Art. 6(1)(b)) Required to deliver products/services you purchase
Payment processing Consent / Legal obligation Contract (Art. 6(1)(b)) / Legal obligation (Art. 6(1)(c)) To complete transactions and comply with financial regulations
Course enrollment & LMS access Consent / Contract Contract (Art. 6(1)(b)) To provide educational services you subscribed to
Community participation (forum/blog) Consent Consent (Art. 6(1)(a)) / Legitimate interests (Art. 6(1)(f)) To enable user interaction and content sharing
Personalization & recommendations Consent / Legitimate Use Legitimate interests (Art. 6(1)(f)) To improve user experience and content relevance
Marketing communications Explicit Consent Consent (Art. 6(1)(a)) Only sent if you opt-in; easy opt-out always available
Security, fraud prevention & compliance Legitimate Use / Legal obligation Legitimate interests (Art. 6(1)(f)) / Legal obligation (Art. 6(1)(c)) To protect our Services, users, and comply with law
Analytics & service improvement Consent / Legitimate Use Legitimate interests (Art. 6(1)(f)) / Consent (Art. 6(1)(a)) Aggregated, anonymized data used to enhance functionality
Legal claims & dispute resolution Legal obligation Legal obligation (Art. 6(1)(c)) / Legitimate interests (Art. 6(1)(f)) To defend rights, comply with court orders, or resolve disputes

🔹 Special Category Data: We do not intentionally collect sensitive personal data (e.g., health, biometrics, religious beliefs) unless explicitly required for a specific Service (e.g., accessibility accommodations). Such processing requires explicit consent and additional safeguards.


5. CATEGORIES OF PERSONAL DATA WE COLLECT

We collect data directly from you, automatically via technology, and from third parties. Below is a comprehensive inventory:

5.1 Data You Provide Directly

Category Examples When Collected Purpose
Identity & Contact Full name, email, phone, mailing address, profile photo Registration, checkout, support requests Account creation, order fulfillment, communication
Authentication Password (hashed), security questions, 2FA details Account setup, login Secure access to your Account
Transaction Data Order history, payment method (tokenized), billing address, GSTIN Checkout, subscription management Process payments, issue invoices, manage refunds
Learning Data (LMS) Course enrollments, progress, quiz scores, certificates, forum posts in courses Course access, assessments Deliver education, track completion, issue credentials
Community Content Forum posts, blog comments, reviews, uploaded files, profile bio Forum/blog participation Enable community interaction, moderate content
Preferences Language, currency, notification settings, cookie preferences Account settings, cookie banner Personalize experience, respect communication choices
Support Communications Help tickets, chat logs, email correspondence Customer support interactions Resolve issues, improve service quality
Verification Documents Government ID, address proof (for high-value orders or age verification) KYC checks, fraud prevention Comply with legal requirements, prevent fraud

5.2 Data Collected Automatically

Category Examples Technology Used Purpose
Device & Technical IP address, browser type, OS, device model, unique identifiers Server logs, analytics SDKs Security, compatibility, troubleshooting
Usage & Behavioral Pages visited, time spent, click patterns, course completion rates Cookies, pixels, session recording (opt-in) Improve UX, personalize content, detect abuse
Location Data Approximate location (IP-based) or precise location (with permission) Geolocation APIs, IP geolocation Localize content, calculate shipping, comply with regional laws
Cookie & Tracking Data Session IDs, preference cookies, advertising identifiers First-party & third-party cookies, local storage Maintain sessions, remember preferences, measure ad performance

5.3 Data from Third Parties

Source Data Received Purpose
Payment Processors Transaction confirmation, fraud scores, tokenized payment references Complete purchases, prevent fraud
Social Login Providers (Google, Facebook, etc.) Name, email, profile picture (as permitted by you) Simplify registration, enable social features
Courier & Logistics Partners Delivery status, address validation, proof of delivery Fulfill orders, resolve shipping issues
Analytics & Marketing Partners Aggregated behavior, campaign attribution (with consent) Measure performance, optimize marketing
Identity Verification Services KYC validation results (not raw documents) Comply with anti-fraud regulations

⚠️ We do not sell your personal data to third parties for monetary consideration. Data shared with processors is strictly for Service delivery under contractual safeguards.


6. HOW AND WHY WE USE YOUR DATA

We process your personal data only for specified, explicit, and legitimate purposes:

6.1 Core Service Delivery

✅ Create, manage, and secure your Account
✅ Process orders, deliver products (physical/digital), and manage subscriptions
✅ Provide access to courses, track progress, and issue certificates
✅ Enable community features: forum discussions, blog comments, reviews
✅ Respond to support requests and resolve technical issues

6.2 Personalization & Experience Enhancement

✅ Recommend products, courses, or content based on your interests
✅ Remember preferences (language, currency, notifications)
✅ Customize dashboards and learning paths
✅ Send relevant, non-marketing service updates (e.g., course reminders, order status)

✅ Send transactional emails: order confirmations, password resets, policy updates
✅ Deliver marketing communications only if you opt-in: newsletters, promotions, new course alerts
✅ Provide survey invitations to improve our Services (optional participation)

✅ Detect, prevent, and investigate fraud, abuse, or security incidents
✅ Verify identity for high-risk transactions or age-restricted content
✅ Comply with tax, accounting, consumer protection, and data protection laws
✅ Respond to lawful requests from public authorities (with legal validation)

6.5 Analytics & Service Improvement

✅ Analyze aggregated, anonymized usage patterns to improve platform performance
✅ Conduct A/B testing on features (with opt-out where required)
✅ Measure course effectiveness and content engagement (in anonymized form)

🔹 No Automated Profiling for Significant Decisions: We do not use your data for automated decision-making that produces legal or similarly significant effects (e.g., credit scoring, employment decisions) without your explicit consent and right to human intervention.


7. DATA SHARING & THIRD-PARTY DISCLOSURES

We share your data only in the following circumstances, with appropriate safeguards:

7.1 Service Providers (Data Processors)

We engage trusted third parties to perform specific functions under strict data processing agreements (DPAs) compliant with DPDP Act and GDPR:

Category Examples Data Shared Safeguards
Payment Processing Razorpay, Stripe, PayPal Tokenized payment references, transaction amount, billing email PCI-DSS compliance; no raw card data stored by us
Cloud Infrastructure AWS, Google Cloud, Azure Encrypted user data, logs, backups ISO 27001 certification; data residency options
Email & Communication SendGrid, Mailgun, AWS SES Email address, name, transactional content Encryption in transit; opt-out mechanisms
Analytics & UX Google Analytics (GA4), Hotjar (opt-in), Mixpanel Aggregated behavior, device info, session recordings (anonymized) IP anonymization; data retention limits; DPA in place
Courier & Logistics Delhivery, Blue Dart, India Post Name, shipping address, phone, order details Purpose-limited use; no marketing use
Customer Support Zendesk, Freshdesk Support tickets, chat logs, account info (for context) Access controls; audit logs; retention policies
Identity Verification Signzy, Karza (India); Onfido (global) Name, ID number, document images (encrypted) Minimal data collection; secure deletion post-verification

We may disclose personal data if required by law or to:

  • Comply with a court order, subpoena, or lawful government request
  • Protect the rights, property, or safety of Olatus Systems Private Limited, our users, or the public
  • Enforce our Terms of Service or investigate potential violations
  • Respond to emergencies involving risk of death or serious bodily injury

We challenge overly broad requests and notify you (unless legally prohibited) when permissible.

7.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets:

  • Your personal data may be transferred as a business asset
  • The acquiring entity must agree to honor this Privacy Policy
  • You will be notified via email or prominent notice if material changes to data use occur

We may share data for purposes not listed above only with your prior, specific, and informed consent, which you may withdraw at any time.

🚫 We do NOT:

  • Sell personal data to data brokers or advertising networks
  • Share data with third parties for their independent marketing purposes
  • Disclose community content publicly beyond the intended audience (e.g., forum posts visible to community members)

8. INTERNATIONAL DATA TRANSFERS

8.1 Primary Data Location

  • Your personal data is primarily stored and processed in India on secure, compliant infrastructure.
  • Certain technical operations (e.g., global CDN, analytics) may involve transient processing in other jurisdictions.

8.2 Transfers Outside India (DPDP Act Compliance)

Where personal data is transferred outside India:
✅ We ensure the recipient country has been notified by the Indian Government as having adequate data protection standards, OR
✅ We implement prescribed safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the Data Protection Board of India
  • Binding Corporate Rules (BCRs) for intra-group transfers
  • Explicit consent for specific transfers (where permissible)

8.3 Transfers Outside EU/EEA (GDPR Compliance)

For EU/EEA users, transfers outside the European Economic Area rely on:
Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
Standard Contractual Clauses (SCCs): EU-approved clauses with supplementary measures
Derogations: Explicit consent, contract necessity, or important reasons of public interest (used sparingly)

8.4 Your Right to Know

You may request details about international transfers involving your data by contacting support@olelectronics.com.


9. DATA RETENTION & DELETION

We retain personal data only as long as necessary for the purposes outlined in this Policy, or as required by law.

9.1 Retention Periods by Data Category

Data Category Retention Period Legal Basis / Reason
Account Identity & Contact Duration of Account + 3 years after last activity Contractual necessity; legitimate interest in re-engagement
Transaction & Order Records 8 years from transaction date Indian GST/Income Tax Act requirements
Payment References (Tokenized) 13 months (PCI-DSS requirement) Payment card industry security standards
LMS Progress & Certificates Lifetime of course access + 2 years Contractual obligation; user request for records
Forum/Blog Contributions Indefinitely (unless deleted by user or moderator) Legitimate interest in community archive; user control
Support Tickets 3 years from resolution Legitimate interest in service improvement; legal defense
Marketing Consent Records Until consent withdrawn + 1 year Proof of consent per DPDP Act/GDPR accountability
Security Logs (IP, login attempts) 12 months Legitimate interest in fraud prevention and security
Analytics (Aggregated/Anonymized) Indefinitely (non-personal) Legitimate interest in service improvement

9.2 Deletion & Erasure Procedures

You may request deletion of your personal data at any time:

  1. Self-Service: Delete your Account via Account Settings → "Delete Account" (triggers automated erasure workflow)
  2. Manual Request: Email support@olelectronics.com with subject "Data Erasure Request" and verification details
  3. Verification: We will confirm your identity before processing to prevent unauthorized deletion

9.3 Exceptions to Deletion

We may retain certain data despite a deletion request where:

  • Required by law (e.g., tax records, fraud investigation)
  • Necessary for establishment, exercise, or defense of legal claims
  • For archiving purposes in the public interest, scientific/historical research, or statistical purposes (with safeguards)
  • The data has been anonymized and can no longer identify you

🔹 Right to Be Forgotten (GDPR): EU/EEA users may request erasure under Article 17. We assess requests case-by-case, balancing your rights against our legitimate interests or legal obligations.


10. YOUR RIGHTS: DPDP ACT & GDPR

You have enforceable rights regarding your personal data. Below is a consolidated overview:

10.1 Rights Under DPDP Act, 2023 (India)

Right Description How to Exercise
Right to Access Obtain confirmation whether we process your data and access to such data Email support@olelectronics.com with "Access Request" + ID verification
Right to Correction Request correction of inaccurate or incomplete personal data Use Account Settings → "Edit Profile" or email correction request
Right to Erasure Request deletion of personal data when no longer necessary or consent withdrawn Account deletion feature or email "Erasure Request"
Right to Grievance Redressal Lodge a complaint with our Grievance Officer regarding data processing Contact support@olelectronics.com; escalation to Data Protection Board of India if unresolved
Right to Nominate Nominate another individual to exercise your rights in case of death or incapacity Submit written nomination to support@olelectronics.com with verification

10.2 Rights Under GDPR (EU/EEA Users)

Right Description How to Exercise
Right of Access (Art. 15) Receive a copy of your personal data and processing details Submit "GDPR Access Request" to support@olelectronics.com
Right to Rectification (Art. 16) Have inaccurate data corrected without undue delay Account Settings or email correction request
Right to Erasure / "Right to Be Forgotten" (Art. 17) Request deletion under specific conditions (e.g., consent withdrawn, data no longer necessary) Email "GDPR Erasure Request" with justification
Right to Restriction (Art. 18) Limit processing while accuracy is verified or objection is assessed Email "Restriction Request" specifying grounds
Right to Data Portability (Art. 20) Receive your data in a structured, machine-readable format and transmit to another controller Request "Data Portability Export" in JSON/CSV format
Right to Object (Art. 21) Object to processing based on legitimate interests or direct marketing Use unsubscribe links or email "Objection Request"
Rights re: Automated Decision-Making (Art. 22) Not be subject to decisions based solely on automated processing producing legal/significant effects Contact support@olelectronics.com to request human review

10.3 Exercising Your Rights: Process & Timeline

  1. Submit Request: Email support@olelectronics.com with:

    • Subject line: "[Right Type] Request" (e.g., "Access Request", "Erasure Request")
    • Full name, registered email, and Account ID (if applicable)
    • Specific details of your request
    • Copy of government-issued ID for verification (secure upload link provided upon request)
  2. Verification: We will verify your identity within 3 Business Days to prevent unauthorized access.

  3. Response Timeline:

    • DPDP Act: We respond within 15 days (extendable by 15 days with notice)
    • GDPR: We respond within 30 days (extendable by 60 days for complex requests)
  4. No Fee: Requests are free unless manifestly unfounded or excessive (we will justify any fee).

  5. Appeals: If unsatisfied with our response:

    • India: Escalate to the Data Protection Board of India (dpb.gov.in)
    • EU/EEA: Lodge a complaint with your national Data Protection Authority (list: edpb.europa.eu)

  • Explicit Opt-In: Clear, granular consent prompts for marketing, cookies, and special-category data
  • Granular Choices: Separate toggles for email newsletters, SMS alerts, personalized ads, and analytics
  • Plain Language: Consent requests describe purpose, data types, and withdrawal method in simple terms
  • No Pre-Ticked Boxes: Consent is never assumed; affirmative action is required

You may withdraw consent at any time, free of charge:

  • Marketing Emails: Click "Unsubscribe" in any promotional email
  • Cookie Preferences: Update settings via our Cookie Consent Manager (footer link)
  • Account Preferences: Manage communication settings in Account → Preferences
  • Global Withdrawal: Email support@olelectronics.com with "Withdraw Consent" + specific processing activities

⚠️ Effect of Withdrawal:

  • Withdrawing consent may limit access to certain features (e.g., personalized recommendations)
  • It does not affect the lawfulness of processing based on consent before withdrawal
  • Contractual services (e.g., order fulfillment) continue based on contractual necessity, not consent

We maintain auditable records of:

  • When and how consent was obtained
  • The specific purposes consent covered
  • Any subsequent withdrawals or updates
    Available for inspection by regulators and provided to you upon request.

12. COOKIES, TRACKING & ANALYTICS

12.1 What Are Cookies & Similar Technologies?

Cookies, pixels, local storage, and SDKs help us:

  • Maintain your login session and preferences
  • Analyze how you use our Services to improve functionality
  • Measure marketing campaign effectiveness (with consent)
  • Prevent fraud and enhance security
Category Purpose Duration Consent Required?
Strictly Necessary Enable core functions: login, cart, security, load balancing Session to 1 year ❌ No (legitimate interest)
Preference / Functional Remember language, currency, accessibility settings 1–2 years ❌ No (contractual necessity)
Analytics / Performance Measure traffic, user behavior, feature usage (aggregated) 13–26 months ✅ Yes (DPDP/GDPR)
Marketing / Targeting Personalize ads, retargeting, campaign attribution 13–24 months ✅ Yes (explicit opt-in)
Social Media Plugins Enable sharing, embedded content (e.g., YouTube, Twitter) Varies by provider ✅ Yes (when activated)

12.3 Managing Cookies

  • Browser Settings: Block/delete cookies via browser preferences (may limit functionality)
  • Cookie Consent Manager: Access via footer link "Cookie Preferences" to granularly control categories
  • Opt-Out of Analytics:
  • Do Not Track (DNT): We respect DNT signals where technically feasible

12.4 Analytics & Privacy by Design

  • IP Anonymization: Enabled for all analytics tools (last octet masked)
  • Data Minimization: Only essential events tracked; no keystroke logging or screen recording without explicit opt-in
  • Aggregation: Reports use aggregated, non-identifiable data for decision-making
  • Retention Limits: Raw analytics data auto-deleted after 14 months (GA4 default)

🔹 Third-Party Cookies: We minimize reliance on third-party cookies. Where used (e.g., payment fraud detection), processors are contractually bound to DPDP/GDPR-compliant practices.


13. CHILDREN'S PRIVACY

13.1 Age Restrictions

  • Our Services are not directed to children under 18.
  • We do not knowingly collect personal data from children under 18 without verifiable parental consent.

If a minor (13–17) wishes to use our Services:

  1. Parent/guardian registers the Account and provides consent via:
    • Signed consent form (uploaded securely), OR
    • Verified email confirmation + government ID match
  2. Parent receives dashboard access to monitor activity, manage preferences, and request data deletion
  3. Minor's data is flagged in our systems for enhanced protection and limited processing

13.3 Under 13: Zero Tolerance

  • If we discover personal data from a child under 13 was collected without verified parental consent:
    1. We immediately delete the data
    2. Disable the Account
    3. Notify the parent/guardian if contact information was provided
  • Parents may contact support@olelectronics.com to request review or deletion.

13.4 Educational Content Safeguards

  • LMS courses for minors use age-appropriate content and avoid behavioral profiling
  • Forum moderation includes enhanced filters for youth safety
  • No targeted advertising to users identified as minors

14. SECURITY MEASURES

We implement technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

14.1 Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
Access Controls: Role-based access, multi-factor authentication (MFA) for staff, principle of least privilege
Secure Development: OWASP-aligned practices, regular penetration testing, code reviews
Monitoring & Logging: Real-time threat detection, audit trails for data access, SIEM integration
Backup & Recovery: Encrypted, geographically redundant backups; tested disaster recovery plans

14.2 Organizational Safeguards

Staff Training: Mandatory data protection training for all employees and contractors
Data Processing Agreements (DPAs): Legally binding contracts with all processors requiring DPDP/GDPR compliance
Privacy by Design: Data protection impact assessments (DPIAs) for new features involving high-risk processing
Incident Response: Dedicated team and playbook for data breach containment, investigation, and notification

14.3 Limitations

⚠️ No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. You are responsible for safeguarding your password and device.


15. DATA BREACH NOTIFICATION

15.1 Our Commitment

In the event of a personal data breach likely to result in risk to your rights and freedoms:

DPDP Act: We will notify the Data Protection Board of India and affected Data Principals within 72 hours of becoming aware, as required.
GDPR: We will notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay if high risk exists.

15.2 What We Include in Notifications

  • Nature of the breach and categories of data/individuals affected
  • Likely consequences and measures taken/proposed to address the breach
  • Contact details of our Grievance Officer/DPO for further information
  • Recommendations for individuals to mitigate potential adverse effects

15.3 Your Role

If you suspect unauthorized access to your Account:

  1. Immediately change your password and enable MFA
  2. Review Account activity for suspicious actions
  3. Contact support@olelectronics.com with details
  4. Monitor financial statements if payment data was involved

16. AUTOMATED DECISION-MAKING & PROFILING

16.1 Our Approach

We use limited automated processing to enhance your experience:

  • Personalized Recommendations: Based on your browsing/purchase history (opt-out available)
  • Fraud Detection: Automated risk scoring for transactions (human review for high-risk flags)
  • Course Suggestions: Algorithmic matching of learning goals to content (transparent logic)

16.2 Your Rights

You have the right to:
Opt Out: Disable personalized recommendations in Account → Preferences
Request Human Intervention: For decisions significantly affecting you (e.g., account suspension), email support@olelectronics.com
Understand Logic: Request a plain-language explanation of automated decision criteria

🚫 We do NOT use:

  • Automated profiling for credit scoring, employment decisions, or insurance underwriting
  • Emotion recognition or biometric identification in public spaces
  • Social scoring systems

17. GRIEVANCE REDRESSAL & CONTACT

17.1 Primary Contacts

Purpose Contact Response Time
General Privacy Inquiries support@olelectronics.com 3 Business Days
Exercising Data Rights support@olelectronics.com (subject: "[Right] Request") 15 Days (DPDP) / 30 Days (GDPR)
Grievance Officer (DPDP Act) support@olelectronics.com 15 Days
Data Protection Officer (GDPR) support@olelectronics.com 30 Days
Security Incidents support@olelectronics.com Immediate acknowledgment
Support & Account Help support@olelectronics.com 1 Business Day

17.2 Escalation Path (If Unresolved)

  1. Internal Review: Contact Grievance Officer/DPO with reference to initial request
  2. Regulatory Complaint:
  3. Judicial Remedy: You retain the right to seek legal remedy in competent courts.

17.3 Physical Address for Notices

Olatus Systems Private Limited
Attn: Grievance Officer / Data Protection Officer
House No: 346, 1st Floor, Police Station, Zoo-Narengi Rd, opp. Barista Cafe and Geetanagar, Ambikagirinagar
Guwahati, Assam, 781024, India

For secure document submission, we provide an encrypted upload portal upon request.


18. CHANGES TO THIS POLICY

18.1 Updates & Notification

  • We may update this Policy to reflect legal changes, new Services, or operational improvements.
  • Material changes (e.g., new data uses, reduced rights) will be communicated via:
    • Email to your registered address
    • Prominent in-app/website notice at least 7 days before effective date
    • Updated "Last Updated" date at the top of this Policy

18.2 Your Continued Use

  • If you continue using our Services after changes take effect, you accept the revised Policy.
  • If you disagree with material changes, you may:
    • Deactivate your Account before the effective date
    • Contact us to discuss alternatives or data export

18.3 Historical Versions

Archived versions of this Policy are available upon request at support@olelectronics.com.


19. APPENDIX: DATA PROCESSING SUMMARY

19.1 Quick Reference: Data Flows by Service

Service Data Collected Primary Purpose Legal Basis Retention
eCommerce Name, address, payment token, order history Fulfill orders, prevent fraud Contract, Legal obligation 8 years (tax)
Digital Products Email, download logs, license keys Deliver access, prevent piracy Contract, Consent Duration of license + 2 years
LMS / Courses Progress, assessments, certificates, forum posts Deliver education, issue credentials Contract, Consent Lifetime access + 2 years
Forum / Blog Username, posts, comments, reports Enable community, moderate content Consent, Legitimate interest Indefinite (user-deletable)
Memberships Subscription status, access logs, billing Manage recurring access, personalize Contract, Consent Duration of membership + 3 years
Mobile App Device ID, crash logs, location (opt-in) Ensure functionality, improve UX Consent, Legitimate interest 12–24 months
Marketing Email, preferences, engagement metrics Send relevant promotions (opt-in only) Explicit Consent Until withdrawal + 1 year

19.2 Third-Party Processor Register (Excerpt)

Full register available at [privacy.olelectronics.com/processors]

Processor Role Location Safeguards
Razorpay Payment processing India PCI-DSS, DPDP-compliant DPA
AWS Cloud hosting India (Mumbai) ISO 27001, SOC 2, DPA
Google Analytics (GA4) Web analytics Global (EU-US DPF certified) IP anonymization, SCCs, 14-month retention
Delhivery Logistics India Purpose-limited DPA, data minimization
SendGrid Transactional email USA (EU-US DPF) Encryption, DPA, opt-out enforcement

Main Menu