Privacy Policy

Thank you for visiting our website. This privacy policy tells you how Serosoft Solution Private Limited and its affiliates (“Academia ERP”), collectively referred to as “Serosoft” use personal information collected at this website (“Sites”) and product and services (“Services”).

Please read this privacy policy before using the “Sites” or “Services” or submitting any personal information. By using the site, you are accepting the practices described in this privacy policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retrospectively.

Scope of this Policy

This policy applies only to information collected and received by us through access and use of the “Services” and/or “Sites” and does not apply to any other information collected by us through other means. Further, this policy does not cover the activities of third parties. It is your responsibility to read and understand this policy. By using our “Services” and/or “Sites”, you are agreeing and consenting to the practices described in this policy. If you do not agree to all of this policy and do not wish to be bound by it, you should not use our “Services” or “Sites”. Please read the following to learn more about how we collect, use and safeguard the information you may provide to us via these “Sites” and/or “Services”. This Privacy Policy may be revised from time to time, so please revisit this page often to remain fully informed of our policies.

This Privacy Policy does not apply to the data we process on behalf of our customers (Customer Data) in our capacity as a processor.

1. What is the Legal Purpose for collecting personal information?
• To fulfill business obligations as per Terms of Usage.
• To store information of the student and their parents for the usage of the application by the educational institute (controller).


2. Who are we, controller and/or processor?
• We are processors, as we store, process, and transmit data as per customer requirements.
• Our customers (educational institutes) are controllers as they determine the purpose of the data processing.
• Data Protection Representative in the EU/UK: - We take the protection of personal data seriously, and, based on the Article 27 of the GDPR, have appointed below Data Protection Representative.
• EU Representative Details:
  
  • Entity: Rickert Rechtsanwaltsgesellschaft mbH
  • Address: Colmantstraße 15, 53115 Bonn, Germany
  • Email: [email protected]
• UK Representative Details:
  • Entity: Rickert Services Ltd UK​
  • Address: PO Box 1487, Peterborough, PE1 9XX, United Kingdom
  • Email: [email protected]


3. What information do we collect?

Via our “Sites” and/or “Services”, Serosoft collects from you:

(i) certain personally identifiable (i.e. non-business) information,
(ii) certain business information, and
(iii) technical and other information

• General Site Visitors - When you browse the non-password protected portions of our “Sites” and/or “Services”, we only collect information tied to your name, email, postal address, phone, and other contact details when you engage in the following activities:
  • Request information;
  • Participate in a survey;
  • Interact with our social media pages;
  • Apply for employment, internship, or other volunteer opportunities;
  • Subscribe to one of our newsletters;
  • Post content where permitted on the Site or our other online locations.
  This information is only used to fulfill your specific request, unless you give us permission to use it in another manner, for example, to add you to one of our mailing lists.


• Registered Customers and Suppliers - At the time you become a registered customer of Serosoft or you register as a supplier on the site, we request that you provide us with certain personal information (including your or a business executive’s name, address, phone number, and email address).


• All Site Users Serosoft uses commonly-used automated information-gathering tools such as cookies. While you are browsing our “Sites” and/or “Services”, we automatically log your browser type, operating system, IP address (a number assigned to your computer when you use the Internet), general data (including your domain name, and the name of the web page from which you entered our site, and your activity while using our site. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
  For the purpose of student enrolment, we collect the following information:
  

  From Student

  • Parent/Guardian information
  • Student information
  • Address
  • Email
  • Phone numbers
  • Physical characteristics - height, weight
  • Photo
  • Bank account/branch

  Users of the organization (e.g. Teachers)

  • Name
  • Email
  • Phone
  • Address
  • Photograph
  • Aadhar


4. How long do we retain this information?

We retain personal information as per the Terms of contracts with our customers, the educational institutes (controller). We secure purge/delete the data in case of contract termination.



5. Where do we transfer this personal information?

We transfer this information as per customer requirements. We currently keep customer data at the following location/s.
Europe – For West Europe region production server, backups are kept at North Europe region see details here:
https://azure.microsoft.com/en-us/global-infrastructure/geographies/#geographies (Europe)
Outside Europe – https://azure.microsoft.com/en-us/global-infrastructure/geographies/#geographies (Central India for both Production and backup and same for South Africa North)

6. How do we fulfill data Subject rights?

   Data subject rights

   • The Right to Information
   • The Right of Access
   • The Right to Rectification
   • The Right to Erasure
   • The Right to Restriction of Processing
   • The Right to Data Portability
   • The Right to Object
   • The Right to Avoid Automated Decision-Making

   When you raise any request to fulfill your rights, we will first establish your identity and will then escalate the request to the entity, which is the source of the data for us.

   We will perform the task as per our customer (controller) direction.

7. Who do we share information with?
   • We do not share your personal information with any third parties.
   • We use the services of cloud service providers, who provide their independent assurance of privacy obligations.
   • To know more about their privacy policies and assurance, please visit –
     
     • https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview (Link to the service provider at West Europe)
     • https://privacy.microsoft.com/en-us/PrivacyStatement
     • https://privacy.microsoft.com/en-ca/data-privacy-notice
     • https://azure.microsoft.com/en-us/privacy-data-management/ 


8. How do we ensure the security of personal information?

Reasonable security controls are in place that includes technical, personnel, and procedural controls to protect against unauthorized access, unauthorized modification, and unavailability.

• Access control
• Authentication
• Authorization
• Encryption
• Backup and Recovery
• Monitoring

We do not use any user data for internal testing, demonstrations, or training purposes. All data provided by users is treated with strict confidentiality and is only used for the purposes explicitly stated in our services. We are committed to safeguarding user privacy and ensuring that no personal or sensitive information is used in any internal simulations or promotional activities.



9. Whom to contact in case of data subject rights, questions, or complaints

Our site permits you to contact us via email. Whenever you send an email via our site, you will be providing us with your name, title, email address, phone number, and any information you choose to include in the text of your message. For example, you may choose to provide your mailing address or other information necessary or helpful for us to address your query or other concern.
Privacy Contact information: [email protected]

10. Necessary cookies

We use necessary cookies on our website to ensure its core functionality and secure operation. These cookies are essential for enabling services such as page navigation, secure login, form submissions, and access to protected areas of the site. Without these cookies, the website cannot function properly.
These cookies do not collect any personally identifiable information and are not used for marketing purposes.
In compliance with the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA), we ensure full transparency in our use of cookies.
Additionally, our platform is SOC 2 compliant, demonstrating our commitment to the highest standards in data security, availability, and privacy.

11. When do we update this policy?

At last annually, or as and when changes are required.
Last reviewed by Management and DPO and updated on 05 January 2025.