Policy
Welcome to the GUS Global Services Gallery, where we invite you to embark on a visual journey through our world of international education excellence. Our gallery is a collection of moments, experiences, and achievements that reflect our commitment to providing top-notch educational services and fostering global collaboration.
INTRODUCTION
GUS Global Services India Private Limited (hereinafter referred to as “GGS,” “we,” “us,” or “our”) has issued this Privacy Notice to affirm our commitment to protecting Personal Data. This Privacy Notice explains how we collect, use, disclose, and safeguard Personal Data when you access or use our websites, mobile sites, platforms, products, services, offers, promotions, or otherwise interact with us through events, awareness sessions, or visit our experience centers and Campuses (collectively, the “Services”).
This privacy notice is provided in a layered format so you can click through to a specific privacy policy.
GGS is part of the Global University Systems group and provides shared services, academic support, technology platforms, admissions and recruitment support, student lifecycle management, alumni engagement, and other operational services to higher education institutions, universities, and learning partners in India and globally.
By using our Services, you acknowledge that your Personal Data is processed by GGS as a Data Fiduciary in accordance with this Privacy Notice and the Digital Personal Data Protection Act, 2023 (DPDPA).
1. Personal and Sensitive Personal Data
Personal Data (“Data”) refers to any information that (alone or when used in combination with other information) relates to an identified or identifiable individual. The Personal Data we collect varies depending on our relationship and interactions with you.
DPDPA does not distinguish between “personal” and “sensitive” personal data (unlike other regulations).
2. Categories of Personal Data We Collect
We collect and process Personal Data for lawful purposes connected with the provision of our services. The categories of Personal Data we may collect include the following:
|
Category |
Description |
|
Contact and Identity Information |
Name, email address, telephone or mobile number, residential or correspondence address, and other identifiers required for authentication, verification, or service delivery. |
|
Official Identification Information |
Government-issued identifiers such as PAN, Aadhaar, passport, or similar documents, collected only where legally permitted and strictly necessary. |
|
Demographic Information |
Age, gender, marital status, mother tongue, and general location information (not precise geolocation), where applicable. |
|
Guardian / Nominee Information |
Details of Guardian / Nominee, where relevant to the services or declarations provided by you. |
|
Professional Information |
Information relating to your profession, employment history, qualifications, or professional affiliations, where relevant. |
|
Financial Information |
Payment instrument details and transaction-related information required to facilitate lawful payments and financial transactions, processed through secure and authorised mechanisms. |
|
Communication Preferences |
Information relating to your communication choices, such as email or other communication opt-out preferences. |
|
Usage and Technical Information |
IP address, device identifiers, browser or device settings, usage patterns, and information collected through cookies and similar technologies to enhance security and user experience. |
|
Social Media Information |
Social media profile identifiers, handles, or publicly available information when you interact with our official social media pages. |
|
Audio and Visual Information |
Photographs, video recordings, CCTV footage, and call center recordings or monitoring records, where permitted by law. |
|
Health-Related Information (Limited and Context-Specific) |
Health information collected only where necessary for specific services or legal obligations, including general health information or optometric/vision-related information provided for service customisation or support, with appropriate notice and safeguards. |
|
User-Generated Information |
Personal Data voluntarily provided when you interact with us through our services, platforms, or authorised channels, including: • Information shared via websites, admissions and application forms, visa and immigration forms, landing pages, referral links, digital marketing channels (including advertisements and lead forms), messaging platforms (such as WhatsApp), and official social media pages .• Information provided for academic processes such as admissions, enrolment, student exchange or mobility programmes, evaluations, and related declarations or undertakings (including identity, eligibility, financial, background, or credit-related declarations, where applicable). • Information provided during campaigns, promotions, surveys, events, awareness sessions, or visits to experience centers or campuses .• Information collected through affiliates, authorised representatives, third-party admission consultants, recruitment partners, or other service providers acting on our behalf. • Information provided in employment-related interactions (recruitment, onboarding, workforce administration, payroll, benefits, performance management, and exit processes) •Information provided in vendor, supplier, consultant, or contractor engagements (onboarding, due diligence, contracting, service delivery, invoicing, compliance, and relationship management). • Information provided when you contact us for enquiries, support, grievances, or submit reviews, feedback, or testimonials. |
|
Other Information |
Any other Personal Data voluntarily provided by you or required to be collected to comply with applicable laws or regulatory obligations. |
We may combine the information we receive from and about you, including information you provide to us and information we automatically collect through our Services, as well as information collected offline, across other computers or devices that you may use. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
3. Sources of Personal Data
We may collect Personal Data about you from various sources, including but not limited to:
|
Source |
Description |
|
Directly from You (Data Principal) |
Personal Data you voluntarily provide when you access or use our websites, platforms, or services; submit admissions, application, enrolment, visa, immigration, student exchange, or mobility forms; apply for employment or participate in recruitment, onboarding, or workforce processes; engage with us as a vendor, supplier, consultant, or contractor; participate in campaigns, promotions, surveys, events, or visits to experience centers or campuses; communicate with us via email, telephone, messaging platforms (such as WhatsApp), customer support, or grievance channels; or provide reviews, feedback, testimonials, declarations, undertakings, or consent confirmations. |
|
Digital and Technical Channels |
Personal Data collected automatically when you interact with our digital assets, including websites, portals, and online platforms, through cookies and similar technologies, device and browser information, IP address, and usage data, used for security, analytics, and service improvement. |
|
Affiliates and Group Entities |
Personal Data shared by entities within the Global University Systems (GUS) group for permitted purposes such as shared services, academic support, admissions, technology operations, alumni engagement, and other operational functions. |
|
Authorised Third Parties |
Personal Data received from third parties authorised to act on our behalf, including third-party admission consultants, recruitment partners, marketing and communication service providers, technology vendors, payment processors, background verification agencies, and other service providers engaged for lawful business purposes. |
|
Educational and Institutional Partners |
Personal Data shared by universities, higher education institutions, and learning or academic partners in connection with admissions, enrolment, evaluations, student exchange or mobility programmes, academic collaboration, or alumni engagement. |
|
Publicly Available or Lawfully Accessible Sources |
Personal Data obtained from publicly available sources or lawfully accessible records, including professional or academic profiles and information you choose to make publicly available on social media platforms when engaging with our official pages. |
|
Legal and Regulatory Sources |
Personal Data collected or received to comply with applicable legal or regulatory obligations, respond to lawful requests from government authorities or regulators, or for the establishment, exercise, or defense of legal claims. |
4. Purpose for Collecting & Lawful Basis of Processing Personal Data
The Personal Data we collect is used for various purposes, all aimed at enhancing our service delivery and customer experience. The collected Data can be processed on the following lawful basis under DPDPA
|
Purpose of Processing |
Description |
Lawful Basis under |
|
Service Delivery and Operations |
Provision, operation, maintenance, and improvement of websites, platforms, products, services, student lifecycle management, alumni engagement, and operational support. |
Consent and/or Legitimate Use under Section 7 of DPDPA - performance of services requested by the Data Principal |
|
Career and Admission Counselling |
Career guidance, academic counselling, admission-related advice, assessment of interests, eligibility, and communication of programs options. |
Consent. |
|
Applications, Admissions, and Academic Administration |
Processing applications, enrolments, academic programmes, student exchange or mobility initiatives; verification of eligibility, credentials, identity, and declarations. |
Legitimate Use under Section 7 of DPDPA - performance of obligations or steps taken at the request of the Data Principal |
|
Communication and Engagement |
Responding to enquiries, requests, feedback, grievances, and sending service-related or administrative communications. |
Legitimate Use under Section 7 of DPDPA - performance of services and communication requested by the Data Principal |
|
Marketing, Outreach, and Events |
Campaigns, promotions, surveys, awareness initiatives, events, registrations, and follow-up communications. |
Consent |
|
Payments, Finance, and Contract Management |
Payment processing, billing, invoicing, reimbursements, contract administration, and financial compliance. |
Legitimate Use under Section 7 of DPDPA - performance of contractual obligations and compliance with law. |
|
Employment and Workforce Management |
Recruitment, onboarding, workforce administration, payroll, benefits, performance management, compliance, and exit processes. |
Legitimate Use under Section 7 of DPDPA - employment-related purposes. |
|
Vendor, Consultant, and Third-Party Management |
Onboarding, due diligence, contracting, service delivery, invoicing, compliance, and relationship management. |
Legitimate Use under Section 7 of DPDPA - performance of contractual obligations. |
|
Technology, Security, and Analytics |
System security, fraud prevention, access control, monitoring, analytics, and service improvement. |
Legitimate Use under Section 7 of DPDPA - prevention, detection, and investigation of unlawful activity; protection of rights and safety. |
|
Legal, Regulatory, and Compliance |
Compliance with laws, regulations, court orders, audits, reporting, and responding to lawful authority requests. |
Legitimate Use under Section 7 of DPDPA - compliance with law. |
|
Health, Safety, and Accessibility (Where Applicable) |
Providing accommodations, support, and meeting health, safety, or welfare obligations. |
Legitimate Use under Section 7 of DPDPA - protection of life, health, or safety. |
|
Protection of Rights and Legal Claims |
Establishment, exercise, or defense of legal rights or claims. |
Legitimate Use under Section 7 of DPDPA protection of rights and safety. |
|
Other Lawful and Permitted Purposes (strictly incidental to, and reasonably necessary for the purposes as permitted under DPDPA) |
Purposes incidental or reasonably necessary to the above, as permitted by law. |
Consent or Legitimate Use under Section 7 of DPDPA, as applicable under the DPDPA. |
5. Disclosure of your Personal Data and Categories of Third Parties
We may disclose your Personal Data only for lawful purposes, to the extent necessary, and in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA). Where Personal Data is shared, we ensure that appropriate contractual, technical, and organisational safeguards are in place.
|
Category of Recipient |
Examples of Third Parties |
Purpose of Disclosure |
|
Cloud and Infrastructure Service Providers |
Cloud hosting providers, data storage and backup vendors |
Secure hosting, storage, processing, backup, and availability of systems and Personal Data. |
|
Technology and IT Service Providers |
LMS, ERP vendors, proctoring tools, analytics platforms, IT support providers |
Operation and maintenance of websites, applications, platforms, academic systems, and IT infrastructure. |
|
Customer Support and Communication Providers |
Call centers, helpdesk providers, messaging and email service providers |
Managing enquiries, support requests, communications, and grievance redressal. |
|
Security and Fraud Prevention Providers |
Cybersecurity firms, monitoring and threat-detection vendors |
Protecting systems and networks, preventing fraud, misuse, and unauthorised access. |
|
Payment and Financial Partners |
Banks, financial institutions, payment gateways, merchants, payment processors |
Enabling payments, refunds, reconciliation, financial compliance, and credit-related checks where applicable. |
|
Advertising and Marketing Service Providers |
Digital marketing agencies, advertising platforms, analytics providers |
Managing campaigns, outreach, lead generation, and performance analytics (not for third-party independent marketing without consent). |
|
Educational and Academic Partners |
Partner universities, educational institutions, examination boards, assessment partners, accreditation bodies |
Admissions, enrolment, assessments, accreditation, academic collaboration, and student lifecycle activities. |
|
Placement and Employment Partners |
Employers, placement agencies, career services partners |
Facilitating placements and employment opportunities, subject to consent or other lawful basis. |
|
GUS Group Entities |
Entities within the Global University Systems group |
Shared services, academic support, technology operations, admissions, student lifecycle management, and alumni engagement. |
|
Vendors, Consultants, and Professional Advisors |
Consultants, contractors, auditors, legal and financial advisors |
Service delivery, due diligence, audit, compliance, and corporate governance. |
|
Legal, Regulatory, and Government Authorities |
Regulators, courts, law enforcement agencies, government bodies |
Compliance with law, responding to lawful requests, regulatory reporting, and legal proceedings. |
|
Business Transfer Recipients |
Acquirers, transferees, or successors in mergers or asset transfers |
Supporting mergers, acquisitions, restructurings, or sale of business or assets, subject to legal safeguards. |
|
Third Parties at Your Direction |
Any third party authorised by you |
Providing services or disclosures specifically requested or authorised by you. |
|
Security and Protection of Rights |
Relevant third parties involved in investigations or enforcement |
Preventing or addressing security incidents, protecting rights, safety, and property. |
6. How we obtain consent:
Where our processing of Personal Data is based on your consent under the Digital Personal Data Protection Act, 2023 (DPDPA), we obtain such consent through clear and affirmative action.
Consent is obtained through appropriate mechanisms depending on the context of interaction, including:
- Selecting an unticked checkbox on our websites or digital platforms
- Providing electronic acceptance during application, registration, or onboarding processes
- Signing a physical or digital declaration form
- Confirming consent through email, messaging platforms, or other documented communication channels
Before obtaining your consent, we provide a clear and itemised notice describing:
- The categories of Personal Data to be collected
- The specific purposes of processing
- Your rights under the DPDPA, including the right to withdraw consent
- The manner in which you may exercise your rights
Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. Upon withdrawal, we will cease processing your Personal Data unless such processing is required or permitted under applicable law.
7. Cross Border Transfer
We will conduct any transfer of your personal data outside India in compliance with the DPDP Act 2023. The transfer of personal data to any country or territory outside India is permissible unless restricted by the Central Government through official notification. We will also ensure compliance with any other existing Indian law that provides for a higher degree of protection with respect to the transfer of your personal data outside India.
8. Data Storage & Retention
- Data Storage: We prioritize the security of your Personal Data and store your information securely on our servers and Databases, utilizing advanced security measures such as encryption, firewalls, and stringent access controls. These measures are in place to protect your Data from unauthorized access, alteration, disclosure, or destruction, ensuring your information remains safe and confidential. We may store Personal Data in India and in any other countries where GGS affiliates, subsidiaries, or service providers operate facilities, unless restricted by the Central Government.
- Data Retention: We are committed to retaining your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or reporting obligations.
The duration for which we retain your Data is determined by several factors:
- Compliance with Laws: We adhere to the retention periods mandated by applicable laws and regulations.
- Operational Needs/ Legitimate Interest: We keep your Data for the duration necessary to deliver our Services and maintain our business operations effectively.
- Consent-Based Processing: When processing your Data based on consent, we retain the Data for as long as we have your consent.
- Legal and Dispute Resolution: In cases of disputes or legal proceedings, we may need to retain your Data for longer periods to resolve issues.
After the relevant retention period has been concluded, we will ensure that your Personal Data is either securely deleted or anonymized, making it impossible to associate the Data with you. In instances where immediate deletion is not feasible, such as Data stored in backup archives, we will take steps to securely store and isolate the Data until it can be deleted. We may store Personal Data in India and in any other countries where GGS affiliates, subsidiaries, or service providers operate facilities, unless prohibited or otherwise required by law.
You may request that we delete your Personal Data or restrict the processing of such information by contacting us as indicated in ‘Section 13: Contact Us’.
9. Data Principals’ Rights
-
We respect your rights as a Data Principal in relation to your Personal Data and process related requests in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA).
Subject to applicable law, you have the following rights:
- Right to Access: You have the right to request copies of the Personal Data we hold about you. Right to obtain a summary of your Personal Data being processed, the identities of all other Data Fiduciaries and Data Processors with whom the personal data has been shared, and any other information as may be prescribed.
- Right to Rectification: the right to have your Personal Data rectified if it is inaccurate or incomplete. Depending upon the nature of the request, you may be able to update certain sets of Personal Data on your own.
- Right to Erase: the right to request that we delete or remove your Personal Data from our systems.
- Right to withdraw consent: the right to withdraw previously given consent to process your Personal Data.
- Right to Nominate: The right to nominate another individual to exercise your rights under the DPDPA on your behalf in the event of your death or incapacity.
- Right to Grievance Redressal: If you wish to make a complaint or are unhappy with the way we process your personal data or handle the exercise of your rights under applicable data protection laws, you may submit your grievance by contacting us as indicated in 'Section 14: Contact Us' of the Global Privacy Notice. We will acknowledge and respond to your grievance within the prescribed timeframe as per applicable regulations.
- Before escalating your concern to the Data Protection Board, we encourage you to exhaust our internal grievance redressal process. If you are not satisfied with our response or resolution, you may approach the appropriate regulatory authority for further recourse. We are committed to addressing your concerns in a timely and transparent manner.
If you wish to make a request for exercise the above rights or if you have a grievance related to the processing of your Personal Data, you may submit a request as described in ‘Section 10: How to Exercise Your Rights.’ We do not charge any fees for processing such requests. Where legally permitted to do so, we may refuse your request. If we refuse your request, we will provide the reasons for our decision.
10. How to Exercise Your Rights
If you wish to make a request for exercising your rights, you can submit your requests via email or reach out to us as indicated in ‘Section 14: Contact Us’.
To help us confirm your identity and to ensure that the Personal Data is only disclosed to authorized individuals, please provide your full name, email ID and phone number registered with us while sending the request.
Please note, where required we may also request additional information before taking any actions on the requests raised by you. If you are raising a Data subject request on behalf of another individual, such requests shall be accompanied by appropriate proof of identity of the requester, details of relationship with the person on whose behalf the request is being made and proof of authority for making such a request.
11. Minor’s Personal Data
Due to the nature of our services, we may collect Personal Data from minors. If you are a minor, you may use our product /Services only with the involvement of a parent or guardian.
If Personal Data related to minors has been collected without consent of their parents or their legal guardians, they have the right to object to processing and/or request deletion of such Personal Data Please refer to ‘Section 9: How to Exercise Your Rights.’ for more details on how to exercise these rights.
If a minor is under 18 years of age, we shall obtain the verifiable consent of your parent or lawful guardian before processing your Personal Data. We do not engage in processing that is likely to cause a detrimental effect on the well-being of a child or involves tracking, behavioral monitoring, or targeted advertising directed at children.
12. Data Security Measures
We recognize the critical importance of safeguarding Personal Data and maintaining the trust of stakeholders and have increasingly embraced comprehensive strategies and newer technologies that encompass both due diligence and due care principles. We have implemented rigorous measures to assess risks, proactively address vulnerabilities, and continuously improve Data security practices to protect our digital assets.
We restrict access to your Personal Data to employees of ours, our affiliates, and third-party service providers who reasonably need it to support the websites or provide our products or Services. We have implemented security policies, risk management programs, physical, administrative, and technical safeguards to protect your Personal Data from unauthorised access.
We use security measures to help protect your Personal Data against unauthorized disclosure, misuse, alteration and other incidents, with disciplinary actions against the offender. We are committed to maintaining reasonable security measures to protect your Personal Data. These safeguards are periodically reviewed and updated to address evolving risks and technological developments.
13. Cookies and Similar Technologies
Our websites and applications use cookies and similar technologies to collect limited technical and usage information when you interact with our platforms. These technologies help us operate our websites, enhance functionality, improve user experience, maintain security, and understand how users interact with our services.
You may manage or disable cookies through your browser or device settings. Please note that disabling or restricting certain cookies may affect the availability or proper functioning of some features of our websites or applications
14. Contact Us
If you would like to exercise your privacy rights under DPDPA 2023 or for any other assistance, including questions or concerns about the Privacy Notice or your Personal Data, please reach out to our designated Data Protection Officer at the following contact:
- Name: Akhtar Hussain Rizvi
- Email: dpo@gusindia.global
- Registered Address: Office No.1217a, Avanta Business Centre, 12th Floor, Ambadeep Building, K G Marg, Connaught Place Central Delhi DL 110001
- Communication Address: Gus Global Services India Private Limited, 3rd Floor, DLF Square, Jacaranda Marg, DLF Phase 2, Sector 25, Gurugram, Shahpur, Haryana 122002.
If you are not satisfied with our response to your grievance, you may, after exhausting the internal redressal process, file a complaint with the Data Protection Board of India in the manner prescribed by the Central Government.
15. Data Breach Incident Notification
In the event of a data breach involving your personal information, we will notify you and the Data Protection Board of India in an expedient manner and in accordance with the timelines and manner as prescribed under the DPDPA and applicable rules. Notifications will be provided in the form and manner prescribed by the Central Government. The notification will include a description of the incident, the types of personal data affected, the measures we have taken to address the breach, and how you can contact us for more information. Further, we maintain an internal incident response framework to access, contain, investigate, and remediate Personal Data breaches.
16. Duties of the Data Principal
Under the Digital Personal Data Protection Act, 2023 (DPDPA), individuals are expected to observe the following duties when sharing Personal Data or exercising their rights:
- Act Lawfully: Exercise your rights under the DPDPA in accordance with applicable laws.
- Provide Your Own Information: Do not impersonate another person when providing Personal Data for any purpose.
- Provide Complete and Accurate Information: Do not suppress or misrepresent material information, particularly when submitting identity, address, or government-issued documents.
- Use Grievance Channels Responsibly: Do not raise false, misleading, or frivolous grievances or complaints with us or with the Data Protection Board of India.
- Ensure Authenticity in Requests: Provide only accurate and verifiable information when requesting correction or erasure of Personal Data.
17. Changes to Privacy Notice
This version was last updated Feb 2026 and historic versions, if any can be obtained by contacting us. We may change from time to time the detail in this notice. Any changes we may make in the future will be posted on this page. Please check back frequently to see any such updates or changes.
Join Our Community and Shape Your Future