1. Introduction

This Privacy Policy (“Policy”) describes how Dott Connect Private Limited, together with its affiliates, subsidiaries, and group companies (collectively, “DCPL”, “Dott”, “we”, “us”, or “our”), collects, uses, stores, discloses, transfers, and otherwise processes Personal Information through its websites, applications, software platforms, and related online and offline services (collectively, the “Platform”).

DCPL operates multiple talent management and development platforms, including:

• 360° Feedback Platform – for collecting, analysing, and delivering multi-rater feedback insights
• Employee Engagement & Experience Survey Platform – for measuring engagement, culture, and workplace experience
• Elyevate Learning Platform (ELA) – for delivering online leadership development programs, training courses, coaching, and capability-building journeys

This Policy applies to individuals who access, use, visit, interact with, or otherwise engage with the Platform, including but not limited to:

• website visitors;
• users participating in 360° feedback programs;
• users participating in engagement, culture, or experience surveys;
• learners accessing ELA;
• client representatives, administrators, and authorized users; and
• any individuals whose Personal Information we receive in connection with our Services

(collectively, “Users”, “you”, or “your”). This Policy should be read together with our Terms of Service, and where applicable, any Data Processing Addendum, order form, or enterprise agreement entered into with a client organization.

2. Personal Information We Collect

For the purposes of this Policy, “Personal Information” means any information relating to an identified or identifiable natural person, or any similar concept under applicable data protection law.

The categories of Personal Information that we collect depend on the nature of your interaction with the Platform, the Services you use, and whether you are interacting with us as an individual user or through an organization.

 2.1 Information You Provide Directly

We may collect Personal Information that you provide directly, including:

• name, email address, password, phone number, country, city, and organization details when you create an account or register;
• professional information such as job title, department, seniority level, role, work experience, and organizational context;
• information submitted through forms, registrations, surveys, assessments, assignments, support requests, or event participation;
• communications and correspondence when you interact with us, our support teams, coaches, facilitators, or other authorized users of the Platform.

2.2 Information Collected in 360° Feedback Programs

When you participate in, administer, or are assessed through the 360° Feedback Platform, we may collect:

• self-assessment responses;
• feedback responses submitted by managers, peers, direct reports, and other stakeholders;
• competency ratings, behavioural ratings, comments, and qualitative observations;
• metadata related to participation, including timestamps, completion status, reminder status, and respondent group classification.

Where a 360° feedback program is sponsored or administered by an organization, such information is generally collected and processed on behalf of that organization, and access to such information is governed by the applicable program configuration, organizational permissions, and confidentiality settings.

 2.3 Information Collected in Engagement and Experience Surveys

When you participate in engagement, culture, pulse, or workplace experience surveys, we may collect:

• survey responses concerning engagement, workplace experience, manager or leadership perception, culture, wellbeing, or related organizational themes;
• demographic, organizational, or segmentation data, where configured by the relevant client organization, such as department, level, tenure, function, or geography;
• identifiable, aggregated, anonymised, or pseudonymised responses depending on the design of the program.

We take reasonable measures to preserve confidentiality and aggregation where anonymity or minimum reporting thresholds are intended.

 2.4 Information Collected in ELA

When you access or use ELA, we may collect:

• learner profile information;
• course enrolment data;
• learning activity data, including module progress, completion status, time spent, attendance, and interactions;
• assessment responses, quiz results, assignments, reflections, and participation records;
• participation in coaching sessions, live sessions, workshops, forums, or group discussions;
• feedback relating to learning content, facilitators, and program experience.

This information is used to administer learning delivery, track participation and completion, support coaching and assessment workflows, and improve learning effectiveness.

 2.5 Automatically Collected Information

When you access or use the Platform, we may automatically collect certain technical and usage information, including:

• IP address;
• browser type and version;
• device identifiers;
• operating system;
• pages viewed, links clicked, session duration, and navigation patterns;
• referral URLs;
• date and time of access; and
• approximate location derived from IP address or device settings, where permitted.

 2.6 Sensitive Personal Information

In limited circumstances, and only where permitted by applicable law or specifically required for a program, we may collect certain categories of sensitive or special category personal data, such as:

• demographic information, including gender or age group;
• diversity-related information, where voluntarily provided or lawfully configured by a client organization;
• accessibility-related information, where relevant to learning participation or accommodation requests.

Where required by law, such information shall be collected and processed only with appropriate notice, lawful basis, and consent, and shall be subject to enhanced safeguards.

 2.7 Information from Third-Party Integrations

Where the Platform is integrated with third-party systems or services, we may receive limited information from such systems, including:

• authentication or identity data from single sign-on providers or identity providers;
• profile data from HR systems or enterprise directories;
• limited account or usage information from integrated enterprise tools.

Such data is collected subject to the permissions, configurations, and privacy practices applicable to those third-party systems.

 2.8 Communication Monitoring

To the extent permitted by law, we may monitor, review, record, or retain communications involving the Platform or our support operations for legitimate business purposes, including:

• quality assurance;
• service improvement;
• fraud detection and prevention;
• internal policy enforcement; and
• legal and regulatory compliance.

 2.9 Data Shared Across DCPL Platforms

Where permitted by applicable law and relevant contractual arrangements, Personal Information may be used across DCPL-operated platforms for limited and legitimate purposes such as:

• service delivery;
• analytics and reporting continuity;
• integrated learning and development experiences; and
• platform administration and support.

Any such sharing shall remain subject to applicable confidentiality obligations, client instructions, and data protection requirements.

2.10 Affiliate Services

Where you access services offered by a DCPL affiliate or group company, Personal Information may be shared with that entity to the extent necessary to provide the relevant service. In such cases, the privacy policy and contractual terms applicable to that affiliate service may also apply.

3. How We Use Personal Information

We process Personal Information only where we have a valid legal basis to do so and only for legitimate, specified, and proportionate purposes.

We may use Personal Information for the following purposes:

 3.1 Service Delivery

To provide and administer the Services, including:

• conducting and managing 360° feedback programs;
• conducting engagement, culture, and experience surveys;
• generating reports, analytics, dashboards, and insights;
• delivering ELA courses, assessments, coaching, and related learning experiences;
• enabling user access, authentication, and account management.

 3.2 Platform Operations and Support

To operate, maintain, secure, troubleshoot, and support the Platform, including:

• user assistance and customer support;
• technical diagnosis and issue resolution;
• account recovery and service continuity;
• fraud prevention and misuse detection.

3.3 Platform Improvement and Analytics

To improve our products, content, features, analytics, workflows, and user experience, including by:

• understanding usage patterns;
• improving survey, assessment, and reporting quality;
• enhancing learning paths and engagement flows;
• conducting internal testing, benchmarking, and product development.

 3.4 Research and Product Development

To conduct internal research, trend analysis, and service development, provided that where feasible and appropriate, such use is based on aggregated, anonymised, or de-identified information.

 3.5 Marketing and Communications

To send marketing, service information, thought leadership, product updates, event invitations, or related communications, where permitted by law. You may opt out of non-essential marketing communications at any time.

 3.6 Security, Verification, and Compliance

To:

• verify identity and access rights;
• prevent fraud, abuse, unauthorized access, and security incidents;
• investigate suspected misuse of the Platform;
• comply with legal, regulatory, audit, and compliance requirements.

 3.7 Legal Rights and Claims

To establish, exercise, defend, or enforce legal rights, contractual rights, or claims, and to obtain professional advice in relation to the same.

3.8 Confidentiality-Sensitive Processing

In the context of 360° feedback and engagement survey programs, we may process data in aggregated, anonymised, or role-restricted formats to preserve confidentiality, protect participants, and comply with the design of the relevant program.

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our websites and digital interfaces to support functionality, authentication, security, analytics, and user experience.

A cookie is a small text file stored on your device that helps us recognize your browser or device and remember certain information.

4.1 Purposes of Cookies

We may use cookies and similar technologies to:

• maintain session continuity;
• enable secure login and authentication;
• understand how users interact with the Platform;
• improve functionality, navigation, and performance;
• support analytics and product optimization;
• remember user preferences.

 4.2 Information Collected Through Cookies

Cookies and similar tools may collect:

• IP address;
• device and browser information;
• operating system;
• date and time of access;
• pages viewed and clickstream behavior;
• session identifiers and usage patterns.

 4.3 Cookie Controls

Most browsers allow you to manage cookies through browser settings, including blocking or deleting cookies. If you disable cookies, some parts of the Platform may not function properly.

Where required by law, we will request consent for non-essential cookies.

For further information, please refer to our Cookie Policy.

5. Legal Bases for Processing

Depending on the nature of the processing and the applicable law, we rely on one or more of the following legal bases:

 5.1 Consent

We may process Personal Information on the basis of your consent where required by law, including in connection with certain optional features, voluntary submissions, or sensitive data.

Where consent is relied upon, you may withdraw it at any time, subject to legal or contractual limitations.

 5.2 Performance of a Contract

We process Personal Information where necessary to enter into, perform, administer, or enforce a contract, including providing access to the Platform and delivering Services to users or client organizations.

 5.3 Compliance with Legal Obligations

We may process Personal Information to comply with legal, regulatory, judicial, or statutory obligations, including records retention, lawful disclosures, and compliance procedures.

 5.4 Legitimate Interests

We may process Personal Information where necessary for our legitimate interests, including:

• providing and improving the Services;
• securing the Platform;
• preventing fraud and abuse;
• conducting internal analytics and service development;
• supporting client administration and reporting,

provided that such interests are not overridden by your rights and freedoms under applicable law.

6. Information Sharing and Disclosure

DCPL does not sell Personal Information. We disclose Personal Information only as described in this Policy, pursuant to applicable law, or where otherwise authorized or instructed.

 6.1 Affiliates and Group Companies

We may share Personal Information with our affiliates, subsidiaries, and group companies for internal administrative, operational, support, security, compliance, and service improvement purposes, subject to appropriate confidentiality and data protection safeguards.

 6.2 Client Organizations

Where the Services are provided to or through an organization, including 360° feedback programs, engagement surveys, or ELA-based learning programs:

• the relevant organization typically acts as the data controller or equivalent decision-maker; and
• DCPL acts as a processor or service provider, as applicable.

Personal Information, reports, survey outputs, learning records, and related materials may be shared with that organization in accordance with:

• the relevant contract;
• applicable program configuration;
• role-based permissions; and
• applicable law.

 6.3 Legal and Regulatory Disclosures

We may disclose Personal Information to courts, regulators, law enforcement agencies, governmental authorities, or other authorized parties where necessary to:

• comply with law or legal process;
• protect rights, safety, or property;
• investigate fraud, abuse, or security incidents;
• defend legal claims or enforce our rights.

 6.4 Business Transfers

We may disclose Personal Information in connection with a merger, acquisition, reorganization, financing, restructuring, due diligence process, or sale of assets, subject to appropriate confidentiality protections.

 6.5 Service Providers and Sub-Processors

We may engage third-party vendors, contractors, or sub-processors to provide services such as hosting, infrastructure, analytics, communications, authentication, security, maintenance, and customer support.

Such parties are required to process Personal Information only on our instructions or as otherwise lawfully permitted, and to implement appropriate security and confidentiality measures.

 6.6 Advertising and Analytics Partners

We may work with advertising, analytics, or measurement providers to support marketing and platform analytics. We do not share directly identifiable Personal Information with such providers for advertising unless lawfully permitted and appropriately disclosed. Certain third parties may independently infer attributes based on device-level or interaction data.

 6.7 Cross-Border Transfers

Personal Information may be transferred to and processed in countries other than the country in which it was collected. Where such transfers occur, we implement appropriate safeguards as required by applicable law.

 6.8 Google API Data

Where we receive or process information through Google APIs, such use shall comply with the Google API Services User Data Policy, including applicable Limited Use requirements.

7. Third-Party Websites and Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by DCPL. We are not responsible for the privacy, security, content, or practices of such third parties. Your use of such third-party services is governed by their respective terms and privacy policies.

8. Children

The Platform is not intended for use by individuals below eighteen (18) years of age, or such higher age as may be required under applicable law, unless lawfully authorized and supervised by a parent, guardian, institution, or organization, as applicable.

We do not knowingly collect Personal Information from children without appropriate authorization and lawful basis.

9. Retention of Personal Information

We retain Personal Information only for as long as necessary for the purposes set out in this Policy, including to:

• provide the Services;
• comply with contractual requirements;
• comply with legal, regulatory, tax, accounting, and audit obligations;
• resolve disputes and enforce agreements.

Retention periods may vary depending on the nature of the Service, the type of data, client instructions, and applicable law.

For example:

• 360° feedback and engagement survey data may be retained in accordance with client instructions, reporting needs, and contractual requirements;
• ELA records may be retained to support learning continuity, completion history, certifications, and program administration.

Upon expiry of the applicable retention period, Personal Information may be deleted, anonymised, archived, or securely destroyed in accordance with applicable law and internal retention practices.

10. Your Rights

Subject to applicable law, you may have rights in relation to your Personal Information, including the right to:

• access your Personal Information;
• correct or update inaccurate data;
• request deletion or erasure;
• restrict or object to certain processing;
• request portability, where applicable;
• withdraw consent, where processing is based on consent.

Where your Personal Information is processed on behalf of a client organization, you may need to direct your request to that organization, which acts as the controller of such data. DCPL will provide reasonable assistance to such organization as required by applicable law.

We may request proof of identity before fulfilling a request and may refuse or limit requests where permitted by law, including where requests are manifestly unfounded, excessive, or would adversely affect the rights of others.

11. Confidentiality and Security

We implement appropriate technical, organizational, physical, and administrative safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, loss, misuse, or destruction.

Such safeguards may include:

• encryption in transit and at rest, where appropriate;
• access controls and role-based permissions;
• logging, monitoring, and incident response measures;
• vendor and sub-processor due diligence;
• secure development, maintenance, and infrastructure practices.

While we take reasonable measures to protect Personal Information, no method of transmission or storage is completely secure, and we do not warrant absolute security.

12. Social Media

DCPL may operate official pages, channels, or accounts on social media platforms. Any content or information submitted on such platforms is subject to the terms, policies, and practices of the relevant platform provider. Users should avoid sharing sensitive Personal Information through public or social media channels.

13. Changes to this Policy

We reserve the right to amend, update, or modify this Policy at any time, in our sole discretion. Any such changes shall become effective upon posting the revised Policy on the Platform, unless a different effective date is specified or required by applicable law.

Your continued access to or use of the Platform after the effective date of the revised Policy shall constitute your acknowledgment and acceptance of such changes, to the fullest extent permitted by applicable law.

14. Disclaimer

DCPL does not store payment card details or sensitive banking credentials unless expressly stated otherwise for a particular service and lawfully handled through authorized payment mechanisms.

To the fullest extent permitted by law, DCPL shall not be liable for unauthorized access, disclosure, or loss not attributable to its breach of applicable obligations, nor for indirect, incidental, special, or consequential damages arising from use of the Platform.

15. Contact Us

For questions, complaints, or requests relating to this Policy or the processing of Personal Information, please contact:

Grievance Officer / Privacy Contact
Dott Connect Private Limited
India
Email: privacy@dottinc.com