Privacy Policy

This Privacy Policy (“Policy”) describes how SMEC Automation Pvt. Ltd. (operating as Growth Partner Program, “we,” “us,” or “our”), having its registered office at 2nd Floor, Kaloor Busstand Complex, Kaloor, Kochi - 682017, Kerala, India (GST: 32AAGCS5821G1ZK), collects, uses, stores, discloses, and protects your personal data when you access or use our Growth Partner Program platform and related services (collectively, the “Platform”). This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), and other applicable laws of India.

01Information We Collect

We collect the following categories of personal data:

a) Information You Provide Directly

• Full name, email address, mobile number, and date of birth
• Bank account details (account number, IFSC code, bank name) for commission payouts
• PAN (Permanent Account Number) for tax compliance under the Income Tax Act, 1961
• Aadhaar number (only when required for KYC verification as mandated by law)
• Address and location details
• Profile photographs
• Referral and prospect information you submit on behalf of potential students

b) Information Collected Automatically

• Device information (browser type, operating system, device model)
• IP address, access timestamps, and session duration
• Cookies and similar tracking technologies for session management and analytics
• Referral link click data and conversion tracking
• Usage patterns and feature interaction data

c) Information from Third Parties

• Authentication data from third-party login providers (if applicable)
• Payment confirmation data from payment gateway providers

02Purpose of Data Collection

Your personal data is collected and processed for the following lawful purposes:

• To create, verify, and manage your Growth Partner account
• To process and track referrals, admissions, and commissions
• To process commission payouts through bank transfers
• To comply with tax obligations under the Income Tax Act, 1961 (TDS deductions, Form 16A issuance)
• To communicate with you regarding your account, referrals, payouts, and programme updates
• To improve the Platform’s functionality, performance, and user experience
• To prevent fraud, unauthorized access, and misuse of the Platform
• To comply with applicable Indian laws, regulations, and legal processes

03Lawful Basis for Processing (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, we process your personal data based on the following grounds:

• Consent: You provide express consent at the time of registration and through continued use of the Platform
• Contractual Necessity: Processing necessary for the performance of the affiliate agreement between you and Growth Partner Program
• Legal Obligation: Processing necessary for compliance with Indian tax laws, anti-money laundering regulations, and other applicable laws
• Legitimate Use: Processing for legitimate purposes as permitted under the DPDP Act

04Data Storage and Security

• Your data is stored on secure cloud servers with encryption at rest and in transit (AES-256 and TLS 1.2+)
• We implement reasonable security practices and procedures as mandated under Rule 8 of the IT Rules, 2011
• Access to personal data is restricted to authorized personnel on a need-to-know basis
• Sensitive financial data (bank details, PAN) is stored in encrypted form and is never exposed in plain text via the Platform interface
• Regular security audits and vulnerability assessments are conducted
• Data may be stored on servers located in India or in jurisdictions that provide adequate data protection, in compliance with the DPDP Act, 2023

05Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

• Payment processors: For processing commission payouts (e.g., Razorpay, bank transfer partners)
• Cloud service providers: For hosting, storage, and infrastructure services
• Tax authorities: As required under the Income Tax Act, 1961 and GST laws
• Law enforcement: When required by court order, legal process, or to comply with applicable Indian law
• The Institute: Your referral and performance data is shared with the educational institute you are partnered with

06Your Rights under the DPDP Act, 2023

As a Data Principal, you have the following rights:

• Right to Access: You may request a summary of your personal data being processed and the processing activities
• Right to Correction and Erasure: You may request correction of inaccurate data or erasure of data no longer necessary for the purpose it was collected
• Right to Grievance Redressal: You may raise grievances with our Grievance Officer (details below)
• Right to Nominate: You may nominate another individual to exercise your rights in case of death or incapacity
• Right to Withdraw Consent: You may withdraw consent at any time; however, withdrawal may affect your ability to use certain features of the Platform

07Data Retention

• Personal data is retained for as long as your account is active or as needed to provide services
• Financial records (commission payouts, TDS certificates) are retained for a minimum of 8 years as required under the Income Tax Act, 1961
• Upon account deletion, non-essential personal data is anonymized or deleted within 90 days, unless retention is required by law
• Referral and admission records that are linked to the institute’s business records are retained in anonymized form

08Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Session management and authentication
• Functional cookies: Remembering your preferences and settings
• Analytics cookies: Understanding usage patterns to improve the Platform
• Referral tracking cookies: Tracking referral link clicks and conversions

You may manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

09Children’s Data

The Platform is not intended for use by individuals below the age of 18 years. We do not knowingly collect personal data from children. If we become aware that a child’s data has been collected without verifiable parental consent, we shall delete such data promptly in accordance with the DPDP Act, 2023.

10Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the details of the Grievance Officer are:

11Changes to this Policy

We reserve the right to update this Privacy Policy at any time. Any material changes will be notified to you via email or through a prominent notice on the Platform. Your continued use of the Platform after such modifications constitutes acceptance of the updated Policy.