1. About Us & This Policy
Prime Learning is operated by Miyo Global Private Limited. This Policy explains how we handle your data across our edtech platform.
Prime Learning is the education and training platform operated by Miyo Global Private Limited('we', 'us', 'our', 'Prime Learning'), a company incorporated under the Companies Act, 2013 (CIN: U10202TS2026PTC212596), having its registered office at K.Y.R. Heights, 1st Floor, Plot No. 4338A & 433/B, Vivekananda Nagar, Allapur, Hitech City Road, Kondapur, Serilingampally, Hyderabad - 500084, Telangana, India.
This Privacy Policy ('Policy') explains how Prime Learning collects, uses, stores, discloses, and protects personal data of all individuals who interact with our platform, website, mobile application, courses, and services (collectively, the 'Platform'). It also explains your rights regarding your personal data and how to exercise them under the DPDPA, 2023.
By accessing or using the Prime Learning Platform, registering as a learner, Learning Partner, course provider, guest mentor, or institutional partner, or by otherwise providing your personal data to us, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree with any part of this Policy, please do not access or use the Prime Learning Platform.
2. Who This Policy Applies To
Applies to all registered learners, instructors (Learning Partners), content aggregators, guest mentors, university partners, and visitors.
This Policy applies to all individuals whose personal data we process:
| User Category | Description |
|---|---|
| Learners / Students | Individuals who register, enrol, access courses, or purchase content on the Platform. |
| Learning Partners | Trainers and educators who deliver courses on the Platform, whether as individuals or through their companies. |
| Course Aggregators | Individuals or entities who list and host their existing courses on the Platform. |
| Guest Mentors | Industry professionals who deliver pro bono guest lectures as part of courses. |
| Institutional Partners | Academic institutions and their representatives who partner with Prime Learning. |
| Website Visitors | Any individual who visits our website or contacts us, even without registering. |
| Job Applicants | Individuals who apply for positions at Prime Learning / Miyo Global Private Limited. |
3. What Personal Data We Collect
We collect identity, registration, learning metrics, financial TDS data (for instructors), technical footprints, and audio-visual recordings.
We collect personal data in the following categories, depending on the nature of your interaction with us:
3.1 Identity and Contact Data
- Full name, date of birth, gender
- Email address, mobile phone number, postal address
- Profile photograph (where provided)
- Professional designation, organisation, and biography (for Learning Partners and Guest Mentors)
- PAN (Permanent Account Number) for tax and statutory compliance purposes
3.2 Account and Registration Data
- Username, password (stored in encrypted form), and account preferences
- Course enrolment history, certificates issued, and completion records
- Assessment scores, progress data, and learning analytics
- Communications with Prime Learning through the Platform
3.3 Payment and Financial Data
- Transaction records, invoice history, and payment confirmations
- For Learning Partners and Course Aggregators: bank account details, GST number, PAN number, and TDS information — collected solely for revenue share payments and statutory compliance
3.4 Technical and Usage Data
- IP address, browser type and version, operating system, device type and identifier
- Pages visited, time spent on pages, click-stream data, and referral URLs
- Session data, login timestamps, and Platform feature usage patterns
- Error logs and crash reports (used solely for Platform diagnostics and improvement)
3.5 Communications Data
- Email correspondence with Prime Learning and support ticket logs
- Feedback, ratings, and reviews submitted on the Platform
- Chat messages or Q&A interactions during live sessions
3.6 Audio-Visual Data (Guest Mentors)
Video and audio recordings of guest lecture sessions, collected with express prior written consent as documented in the Guest Mentor Engagement Letter. Used strictly for purposes stated therein.
3.7 Data We Do NOT Collect
Prime Learning does not intentionally collect or process sensitive categories: caste, religion, political opinion, sexual orientation, biometric data, or health/medical data, unless specifically required by applicable law and with your express, informed consent.
3.8 Data Collected From Third Parties
- Basic profile information (Google, LinkedIn) if you register or log in using third-party SSO integrations.
- Publicly available professional info where you are featured as a Learning Partner or Guest Mentor.
- Transaction status information from payment gateway partners.
4. How and Why We Use Your Personal Data
Used for account management, course delivery, certificate issuance, learning analytics, revenue share, and statutory compliance. We never sell your data.
We use personal data only for specific, defined purposes and not beyond what is described in this document.
| Purpose | Data Categories Used | Applies To |
|---|---|---|
| Account Management | Identity, contact, account credentials | All registered users |
| Course & Content Delivery | Identity, enrolment, progress history | Learners, Learning Partners |
| Processing Payouts & Finance | Payment, financial details, PAN/GST | Learners, Learning Partners, Course Aggregators |
| Certificate Issuance | Identity, assessment grades, course logs | Learners |
| Promotions & Marketing | Contact data, usage settings | All users (Opt-out active) |
| Co-branded Programmes | Identity, enrolment, completion results | University partners, enrolled students |
| Hiring & Careers | CV, portfolio, qualifications, identity | Job applicants |
Prime Learning does not sell, rent, trade, or commercially exploit your personal data to any third party for their advertising purposes. Your data is not our product.
5. Legal Basis for Processing
We rely on Consent, Contract Performance, Legal Obligations (like TDS/GST), and Legitimate Interests under the DPDPA, 2023.
Under the Digital Personal Data Protection Act, 2023, we rely on the following statutory lawful bases to process your personal data:
Consent
Where you have given clear, informed, and specific consent — for example, for optional marketing, recording Guest Mentor sessions, or non-essential cookie tracking. Consent can be withdrawn easily.
Contract Performance
Where processing is necessary to deliver our educational services — for example, completing enrolments, rendering video courses, and paying revenue shares to Learning Partners.
Legal Obligation
Where processing is required to comply with applicable statutory law — for example, TDS deduction and filing, DPDPA disclosures, and responding to valid law enforcement warrants.
Legitimate Interests
For our legitimate operational business security and service enhancement interests, provided they do not override your basic rights (e.g., detecting fraud, preventing DDoS, debugging software).
8. Data Retention
Stored only as long as necessary. Learner progress is retained for the account duration plus 3 years; tax and transaction history is kept for 8 years.
We retain personal data only for as long as necessary to fulfill our service delivery or comply with statutory requirements:
| Data Category | Retention Period | Statutory Basis |
|---|---|---|
| Learner Account & Progress | Duration of active account + 3 years after deletion request | Contract performance, audit mitigation |
| Certificates Issued | 7 years after issuance | Verification integrity, record keeping |
| Financial & Payment Transactions | 8 years | Income Tax Act, 1961 | GST Act, 2017 |
| Learning Partner Contracts | Duration of partnership + 8 years | Corporate compliance, TDS requirements |
| Marketing & Newsletters | Until user opt-out or 3 years of complete inactivity | Consent basis |
9. Your Rights Under DPDPA and Applicable Law
You hold the right to Access, Correction, Erasure, Consent Withdrawal, Redressal, Nomination, Portability, and Object under Indian law.
Under the Digital Personal Data Protection Act, 2023 (DPDPA) and governing Indian legislation, you possess powerful data rights:
| Statutory Right | Description | Exercise Channel |
|---|---|---|
| Right to Access | Receive a summary of personal data processed, specific categories, and external sharing entities. | Written request to DPO |
| Right to Correction | Request update of outdated, incomplete, or inaccurate records on our Platform database. | Written request or Settings |
| Right to Erasure | Request full erasure of records where consent is withdrawn or processing is unlawful. | Written request to DPO |
| Withdraw Consent | Withdraw consent at any time (does not affect historical lawful processing). | Email or profile dashboard |
| Right to Redressal | Submit grievances to our dedicated Grievance Officer. Escalate to DPBI if unresolved. | Contact Grievance Officer |
| Right to Nominate | Nominate a legal representative to act on your behalf in case of death or incapacity. | Written request to DPO |
How to exercise your rights: Submit a written request to our Grievance Officer (Section 15). We will acknowledge receipt within 72 hours and respond substantively within 30 days. Exercising your rights will not result in any penalty or adverse consequence.
10. Data Security
Protected via TLS/SSL, hashing, role-based access, and regular vulnerability audits. We have a robust breach response plan aligned with MeitY.
We implement robust technical and organizational measures to defend your data against unauthorized access, theft, loss, or disclosure:
10.1 Security Measures We Implement
- Encryption of data in transit using industry-standard TLS 1.3 / SSL protocols.
- Encryption of sensitive data at rest (passwords stored using one-way bcrypt hashing).
- Role-based access controls (RBAC) limiting database access on a strict need-to-know basis.
- Regular security assessments, firewall penetration testing, and platform audits.
- Multi-factor authentication (MFA) required for all platform administrator control panels.
- Secure cloud infrastructure with high-level physical and logical perimeter security.
10.2 Data Breach Response
In the event of a personal data breach likely to impact your rights or credentials, we will:
- Notify affected users promptly via registered email and platform banners (in accordance with DPDPA guidelines).
- Report the incident to the Data Protection Board of India and regulatory authorities.
- Activate standard containment, diagnostic, and remediation patches immediately.
11. Children's Privacy
Intended for adults (18+). We do not knowingly collect minor data without parent/guardian consent in compliance with DPDPA, 2023.
The Prime Learning Platform is primarily designed for use by adults and working professionals. We do not knowingly collect, process, or store personal data of children under the age of eighteen (18) years without the verifiable prior consent of a parent or lawful guardian, as required under the Digital Personal Data Protection Act, 2023.
If you are a Minor, please do not create an account or provide personal data without your parent or guardian's knowledge and consent. If you suspect a minor has registered without consent, contact our Grievance Officer immediately; we will promptly purge the account data.
* In cases where training is delivered to institutions , the partner institution is responsible for verifying parental consents before onboarding students.
12. Third-Party Links and Platforms
We link to third-party portals (Zoom, Razorpay, etc.). Their data policies govern transactions on their platforms; please read them carefully.
The Platform may link to external websites, apps, videoconferencing applications, and merchant checkout screens (e.g., Stripe, Zoom, Razorpay) not controlled by Prime Learning. This Privacy Policy does not apply to their data practices.
We recommend reading the privacy notices of any third-party link before providing credentials. We bear no liability or responsibility for data security on third-party domains.
13. Cross-Border Data Transfers
Primary processing occurs on secure servers in India. Any cross-border data transfer complies with DPDPA, 2023 government mandates.
Prime Learning operates primarily within the Republic of India and processes user data on secure cloud instances localized in India. However, some of our third-party infrastructure processors (like analytics, CRM, or CDN layers) may route metadata internationally.
Where data is routed outside India, we guarantee that such transfers comply strictly with the DPDPA, 2023, including standard contract clauses and government blacklist filters. By using the platform, you acknowledge and agree to these secure international transfers.
14. Changes to this Privacy Policy
We may update this policy periodically. Material changes will be highlighted on the platform and sent via registered email.
We may revise this Privacy Policy periodically to match technological additions, legal evolutions, or platform updates. Any material changes will be announced by:
- Posting a clear, prominent update notification banner on the Platform.
- Sending a direct newsletter notification to your registered email address.
- Updating the revision timestamp at the top header of this page.
Your continued use of the platform after updates indicates consent to the revised practices. If you disagree, you may close your account and request erasure under DPDPA guidelines.
15. Grievance Officer and Contact Details
Dedicated DPO based in Hyderabad. Grievance responses are acknowledged within 72 hours and substantively resolved within 30 days.
In compliance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to address questions, concerns, and complaints regarding your personal data:
| Corporate Role | Compliance Coordinates |
|---|---|
| Grievance Officer | Compliance Desk Officer, PAET Ltd Group |
| Corporate Entity | Miyo Global Private Limited (Prime Learning) |
| Official Email | learning@primelearning.ae |
| Postal HQ Address | Prime Learning / Miyo Global Private Limited, K.Y.R. Heights, 1st Floor, Plot No. 4338A & 433/B, Vivekananda Nagar, Allapur, Hitech City Road, Kondapur, Serilingampally, Hyderabad – 500084, Telangana, India |
| Acknowledge Window | Within seventy-two (72) hours of receipt |
| Resolution Timeline | Within thirty (30) days of receipt of written grievance |
Data Protection Board of India (DPBI)
If you are not satisfied with our response to your grievance, you have the right to escalate your complaint to the Data Protection Board of India, once it is constituted and operational under the DPDPA, 2023. Details will be made available on the MeitY website once the Board is operational.