Privacy Notice

1. Introduction

At Sannam S4 Group and its affiliate company Sannam S4 Acumen India Pvt Ltd ("Sanam S4", "We" "'Company", "our', or 'us"), we believe that trust is built on transparency. Whether you’re a student, client, partner, applicant, employee, or visitor, our commitment is to handle your personal data respectfully and responsibly.

Purpose

Privacy Notice explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your information.

We’re dedicated to complying with global data privacy standards, including:

  • General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)

  • United Kingdom General Data Protection Regulation (“UK GDPR”), as retained in UK law under the European Union (Withdrawal) Act 2018

  • Digital Personal Data Protection Act, 2023 (“DPDP”)

  • California Consumer Privacy Act of 2018 (“CCPA”)

  • California Privacy Rights Act of 2020 (“CPRA” which amends and expands the CCPA)

  • Act on the Protection of Personal Information (“APPI”), Japan

  • Privacy Act 1988, Australia

  • Law on Cyberinformation Security and the Personal Data Protection Decree 13/2023/ND-CP, Vietnam

Who We Are

We’re a global market-entry and expansion partner. Born in New Delhi in 2008, today Sannam S4 Group operates in over 50 countries, serving clients across higher education, non-profits, corporates, and government bodies.

Our offerings include:

  • Strategic advisory

  • In-country representation

  • International student recruitment and mobility

  • Entity setup and compliance services

  • Recruitment, payroll, and HR support

Who This Notice Applies To

This Notice applies to anyone whose data we process, including but not limited to:

  • Clients, universities, nonprofits, and government partners

  • Students, trainees, and research program participants

  • Job applicants, employees, contractors, and interns

  • Vendors, suppliers, and service providers

  • Website or platform visitors

  • Any individual whose data we lawfully receive as part of our services

If you interact with Sannam S4 or if we collect personal data about you, this Notice explains what it means for you.

Key Definitions

  • Personal Data: Information that identifies or could identify you like your name, email, ID numbers, or IP address.

  • Processing: Any action involving your data—collection, storage, use, disclosure, or deletion.

  • Data Subject/Data Principal: The person whose personal data is being processed (that’s you).

  • Data Controller/Data Fiduciary: We make decisions about how and why your data is processed (that’s us).

  • Data Processor: Third parties acting on our behalf for providing certain services.

2. PERSONAL DATA WE COLLECT

At Sannam S4 Group, we believe that privacy and innovation can go hand in hand. Whether we’re helping institutions expand globally, facilitating student mobility, or advising organizations on international operations, we strive to collect only the Personal Data that is necessary, relevant, and respectful of your privacy preferences.

The information we collect and how we use it depends on how you interact with us and how you choose to manage your data rights and privacy settings.

When you register for an event, webinar, or in-person session organised by us, we may collect personal data such as your name, email address, organisation, job title, professional interests, and other information required for registration, attendance, and post-event engagement.

We may also record online sessions (with prior notice) for internal use, post-event summaries, or for making event content available to other attendees or registrants.

We may collect personal data in three ways:
(i) directly from you,
(ii) automatically through your interaction with our services, and
(iii) from authorized third parties.

1. Data You Provide

We collect Personal Data that you voluntarily provide to us when you engage with our services whether as a student, partner, client, employee, consultant, vendor, or visitor. This includes, but is not limited to:

  • Name and Contact Data: Your first and last names, work or personal email address, mobile and landline numbers, mailing address, job title, and the name of your organization or institution.

  • Demographic Data: Information such as your nationality, date of birth, gender, language preference, country of residence, and visa or immigration status.

  • Identity and Verification Data: Passport numbers, Aadhaar or other national IDs, visa details, government-issued photo ID, professional certifications, or other documentation provided for onboarding, verification, or international mobility purposes.

  • Professional and Academic Data: Your CV/resume, educational qualifications, employer history, LinkedIn profile, academic transcripts, certifications, references, or letters of recommendation, typically collected during applications.

  • Billing and Payment Details: Data needed to process payments or disbursements, such as your bank account number, payment instrument, invoicing address, GST/PAN numbers, and other financial identifiers.

  • Customer Support or Service Interactions: Details you provide when contacting us for support, submitting queries, participating in surveys, requesting program information, or attending consultations.

  • Other Information: Any additional data you choose to provide, such as during onboarding, through event registration forms, webinar Q&As, satisfaction surveys, or internal compliance disclosures.

Note: Certain types of data such as health records, biometric identifiers, and criminal background checks are classified as sensitive personal data under various laws. We will only collect such data with your explicit consent and use it solely for the purpose stated at the time of collection.

2. Data We Collect Automatically

When you interact with our websites, digital platforms, emails, or services, we may automatically collect certain technical and usage-related information. This helps us secure our systems, improve your user experience, and analyze how our platforms are being used. This may include:

  • IP Address: Your Internet Protocol address, which may also reveal approximate geographic location like city or country.

  • Usage Data: Details such as the pages you visit, time spent on each page, clicks, scrolls, and navigation paths.

  • Access Timestamps: When you log in, log out, or visit a particular feature or tool on our platform.

  • Location Data (if enabled): If you have granted permission, we may collect precise or approximate geolocation data through your device or browser.

  • Cookies and Tracking Technologies: We use first-party and third-party cookies, web beacons, and tracking pixels to:

    • Authenticate users and manage sessions,

    • Analyze site performance and troubleshoot issues,

    • Personalize your experience (e.g., language or region),

    • Serve relevant content or marketing.

Note: You can manage your cookie preferences or withdraw consent at any time by visiting our [Cookie Policy] page or adjusting your browser settings. We honor Do Not Track requests and opt-outs where required by law.

3. Data We Receive from Third Parties

We may receive Personal Data about you from trusted third parties especially when it is necessary to deliver a service, process an application, or comply with a legal obligation. This may include:

  • Analytics Providers
    We receive data from analytics services (e.g., Google Analytics, HubSpot) about how users interact with our website, email campaigns, or online content.

  • Marketing Platforms
    If you engage with our content on platforms such as LinkedIn, Facebook, or Twitter, those platforms may share insights or campaign metrics with us. We may also receive lead forms or contact details if you sign up through a social ad.

  • Business and Education Partners
    Clients, institutions, or universities may share Personal Data with us to:

    • Facilitate mobility programs or visa sponsorships,

    • Process student applications or professional training,

    • Coordinate business or legal support engagements.

  • Employment and Background Verification Vendors
    During recruitment or onboarding, we may receive reference checks, criminal record verification, or educational background reports from third-party agencies.

  • Publicly Available Sources
    We may collect information that you have made public such as on your professional website, research portals, alumni databases, or public directories.

  • Regulatory Authorities or Government Agencies
    When required, we may receive tax, visa, or compliance-related data from government agencies, embassies, or regulators.

  • Research and Development Datasets
    Occasionally, we may acquire datasets that include audio, video, or other personal identifiers, for the purpose of improving our services or conducting anonymized research. Where applicable, we do so in strict accordance with the laws of the jurisdiction and we do not attempt to reidentify individuals who may appear therein.

Note: We only receive and process third-party data if the source has a valid legal basis for sharing it. We also enter into data sharing or processing agreements with third parties to ensure your data is handled securely.

3. PURPOSE OF PROCESSING PERSONAL DATA

We process your personal data to deliver, manage, and enhance our services in a manner that respects your privacy and complies with the applicable privacy laws. The purposes for which we process your personal data are based on the type of interaction you have with us, the services you use, and the permissions you provide. These purposes include:
  1. Service Delivery and Account Management: To provide access to our products and services, create and maintain user accounts, authenticate users, and manage service subscriptions.
  2. Customer Support and Communication: To respond to your inquiries, feedback, and support requests, and to provide notifications about updates, account activity, or service availability.
  3. Product Improvement and Personalization: To understand how our services are used, measure engagement, and tailor content, recommendations, and user experiences based on preferences and usage data.
  4. Billing and Payment Processing: To facilitate transactions, process payments, manage billing accounts, and send invoices or payment confirmations.
  5. Marketing and Promotional Communication: To send you information about new features, products, services, events, and offers, provided you have given your consent or were permitted under applicable law. You may opt out of marketing communications at any time by contacting us at dataprotection@sannams4.com
  6. Analytics and Performance Monitoring: To analyse usage trends, assess the performance of our services, conduct surveys, and perform data-driven research to improve service delivery and innovation.
  7. Security and Fraud Prevention: To monitor, detect, investigate, and prevent security incidents, fraudulent activities, and violations of our terms or policies.
  8. Legal and Regulatory Compliance: To comply with our legal obligations, respond to lawful requests from public authorities, enforce our terms of service, and protect our legal rights and interests.
  9. Research and Development: To develop and test new features and services, including the use of datasets for algorithmic training or AI development, provided such data usage complies with applicable laws and anonymization protocols.
If we intend to use your personal data for any new or materially different purpose not stated in this Privacy Notice, we will inform you in advance and, where required by law, obtain your explicit consent before proceeding.

4. LEGAL BASIS FOR PROCESSING

  1. We process your personal data in accordance with the legal grounds permitted under applicable data protection laws, including the General Data Protection Regulation (GDPR and UK GDPR), the Digital Personal Data Protection Act, 2023 (India), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Privacy Act 1988 (Australia), and Law on Cyberinformation Security and the Personal Data Protection Decree 13/2023/ND-CP (Vietnam) and the Act on the Protection of Personal Information (APPI) of Japan.
  2. The legal basis we rely on will depend on the nature of the personal data, the context in which it is collected, and the jurisdiction in which we operate. The key legal grounds on which we rely are outlined below:
  • Consent
We may rely on your consent as the lawful basis for processing personal data in specific situations where we request your explicit permission to collect and use your information. This applies, for example, when you subscribe to receive newsletters or promotional content, participate in voluntary surveys or feedback activities, engage in beta-testing programs, or when we use non-essential cookies or similar technologies for analytics and targeted advertising purposes. In these situations, we ensure that consent is freely given, specific to a clear and defined purpose, informed through accessible and transparent disclosures, and provided through an unambiguous affirmative action, such as checking a box or selecting a preference. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Where applicable, we provide you with simple mechanisms to manage or withdraw your consent, either through your user account settings or by contacting us at dataprotection@sannams4.com
  •  Performance of a Contract
We process your personal data where it is necessary to perform a contract to which you are a party, or to take steps at your request before entering into such a contract. This includes situations where we provide services to you as a client, partner institution, vendor, student participant, or employee. For instance, processing may be required to deliver advisory services, coordinate student placements, facilitate payroll or benefits, or manage contractual obligations with third-party service providers or universities.
  • Legal Obligation
We may process personal data when it is required to comply with a legal or regulatory obligation to which we are subject. This includes compliance with tax and employment laws, immigration regulations, anti-money laundering frameworks, corporate governance rules, data retention requirements, and reporting obligations to competent supervisory or judicial authorities. We may also be required to process personal data in response to lawful requests from government bodies or law enforcement agencies.
  •  Legitimate Interests
In certain cases, we process personal data because it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms. Legitimate interests may include delivering and enhancing our services, securing our systems and infrastructure, preventing fraud and misuse, conducting internal audits and business analytics, marketing similar services to existing clients (within legal boundaries), managing client relationships, and ensuring network and information security. When relying on this basis, we conduct a legitimate interest assessment to evaluate the impact on your privacy and apply appropriate safeguards, including transparency and the right to object.
  •  Vital Interests 
In rare cases, we may process personal data to protect someone’s life or physical safety. This legal basis is used only where absolutely necessary, such as during health emergencies, natural disasters, or incidents involving public safety, and when no other lawful basis is available.
  •  Compliance with Local Jurisdictions
We may also rely on additional legal grounds as specifically required or permitted under local privacy frameworks. For example:
  • Under the Digital Personal Data Protection Act, 2023 (India), we may rely on consent or "legitimate use" as permitted under Section 7 for purposes such as employment, compliance with legal obligations, or public interest.
  • Under the CCPA (California), we process data as a “business” and ensure transparency in our data practices, provide the ability to opt out of the sale or sharing of personal information, and respect consumer rights such as access, deletion, and correction.
  • Under the APPI (Japan), we provide advance notice of the purpose of use and rely on consent or other statutory grounds such as contractual necessity or public interest for the collection and use of personal data. We also implement safeguards for international data transfers in accordance with law.

5. HOW WE USE PERSONAL DATA

We use the personal data we collect to enable, operate, and enhance the services we provide across our global platforms and business functions. Our use of personal data is guided by the principles of transparency, necessity, and proportionality, and always aligned with applicable legal frameworks such as the GDPR, India’s DPDP Act, CCPA/CPRA, and Japan’s APPI. The specific uses of personal data vary depending on the nature of your relationship with Sannam S4 Group, the context in which the data is collected, and the permissions you provide. The primary purposes for processing personal data are outlined below:
  • Service Delivery and Account Management
We use personal data to create, verify, and manage individual or institutional accounts on our platforms. This includes authenticating users, configuring access permissions, delivering contracted services, and maintaining records of your interactions with us. For example, if you are a university client, we may use your data to facilitate partnership activities, manage documentation, and track project milestones. If you are a student, we may use your information to coordinate placement support, visa processes, or institutional onboarding. We process your personal data to manage event or webinar participation including registration, communication (reminders, follow-ups), attendance verification, feedback collection, and where applicable, to share recordings or slides.This processing may be based on your consent, our legitimate interest in hosting such events, or to fulfil our contractual obligation (e.g., when attendance is linked to service delivery).
  • Communication and Customer Support
Your personal data allows us to stay in contact with you for service-related communication and support. This includes answering questions submitted through our website or contact forms, responding to program-related inquiries, sending alerts related to service availability or account activity, and providing updates to our terms, policies, or services. We also use personal data to schedule meetings, notify stakeholders of project progress, and resolve technical issues or user complaints.
  • Personalization and User Experience
To improve user satisfaction and service relevance, we use certain types of personal and usage data to customize content, interfaces, and service interactions. This may involve tailoring recommendations, displaying relevant updates, or modifying communication tone and content to better match user preferences or geography. Where permitted by law or based on consent, we may also use location data or interaction history to enhance navigation or suggest localized offerings.
  • Product Development and Improvement
We process personal data as part of our continuous efforts to improve and evolve our services. This includes analysing usage trends, identifying areas of friction, testing new service features, conducting internal audits, and validating the effectiveness of updates to digital tools or program delivery models. Feedback shared through surveys, ratings, or direct input may also be analysed to guide service innovation and ensure that our offerings continue to meet the needs of our clients, students, and partners.
  • Payment Processing and Financial Transactions
Where billing is involved, such as in the context of consultancy services, HR support, or program participation, we process personal and financial data to issue invoices, reconcile payments, administer refunds, and maintain tax-compliant records. We may use secure third-party payment service providers for transaction processing, in which case limited data is shared strictly for processing purposes under contractual safeguards.
  • Marketing and Promotional Activities
With your prior consent or in accordance with applicable legal allowances, we use your personal data to send you newsletters, service updates, event invitations, and other promotional materials relevant to our work. This may include information about research initiatives, education sector insights, cross-border compliance updates, or tailored service recommendations. Where marketing is based on consent, you may opt out at any time by following the unsubscribe instructions or by contacting us directly.
  • Analytics and Reporting
We rely on aggregated and pseudonymized data from usage logs, website analytics, and engagement metrics to better understand how our services are performing. These analytics help us evaluate the effectiveness of different service features, identify performance bottlenecks, and support strategic decision-making. Insights generated may also be used to measure user engagement, client satisfaction, or the success of particular program initiatives.
  •  Security and Abuse Prevention
Personal data is essential to safeguarding the integrity of our systems and preventing misuse. We monitor system access, analyse IP addresses and login patterns, and detect suspicious or anomalous activities that may indicate fraud, unauthorized access, or misuse of our services. This proactive monitoring is part of our broader information security framework designed to ensure resilience, confidentiality, and compliance with legal obligations.
  • Legal and Regulatory Compliance
We process personal data to meet our legal duties under employment, tax, immigration, corporate, and data protection laws. This may involve retaining documents for auditing, fulfilling Know Your Customer (KYC) requirements, complying with export controls, or reporting to governmental or regulatory authorities upon valid request. Where necessary, we maintain audit trails and logs to support such compliance efforts.
  • Protection of Interests and Legal Rights
In specific situations, we may use personal data to protect the legal rights, safety, or property of Sannam S4 Group, our clients, employees, or the public. This includes enforcing our contractual terms, investigating claims or disputes, exercising legal defenses, or pursuing remedies in the event of a breach or litigation.We will only use your personal data for the purposes outlined in this section or for other purposes that are legally compatible with the original intent, unless we have a legal obligation or your prior consent to do otherwise. Where required, we conduct data protection impact assessments to ensure such usage is lawful, fair, and respectful of your rights.

6. HOW WE SHARE PERSONAL DATA

We do not sell your personal data. However, in the course of conducting our business and delivering services, we may share your personal data with carefully selected third parties. Such sharing is strictly limited to what is necessary, proportionate, and compliant with applicable data protection laws, including the GDPR, India’s DPDP Act, the CCPA/CPRA, and Japan’s APPI. We ensure that all recipients of personal data are subject to appropriate contractual, technical, and organizational safeguards that uphold privacy and confidentiality.
  1. Third-Party Service Providers
We may share your personal data with trusted third-party service providers who perform services on our behalf and require access to personal data to do so. These may include cloud hosting providers, IT support vendors, CRM platforms, secure file storage services, identity verification tools, analytics providers, communication platforms, marketing vendors, and payroll or HR software systems. For example, we may use third-party platforms to manage email distribution, host career portals, or process payments. In all such cases, these third parties are bound by strict data processing agreements that limit their use of personal data to specified purposes and require them to maintain adequate security measures.
  • University and Institutional Partners
In contexts such as international student mobility, cross-border recruitment, research collaboration, or transnational education initiatives, we may share relevant personal data with university clients, academic institutions, or partner organizations. This sharing is necessary for executing specific program requirements, verifying qualifications, scheduling interviews, issuing offers, or supporting visa-related documentation. The scope of data shared depends on the nature of the service and is always subject to confidentiality agreements or data sharing frameworks designed to protect individual rights.
  • Business Transfers
If Sannam S4 Group is involved in a merger, acquisition, asset sale, corporate restructuring, or other change in control, personal data may be transferred to a successor entity or acquiring organization. In such events, we will ensure that any personal data transferred remains subject to privacy commitments that are at least as protective as those outlined in this Notice. Where required by law, we will notify affected individuals and offer the opportunity to opt out or exercise data rights prior to the transfer.
  • Legal Requirements and Regulatory Disclosures
We may disclose your personal data when required to do so by applicable law, regulation, legal process, or court order, or in response to lawful requests by public authorities. We may also disclose information when we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of our employees, clients, partners, or the public. Where permissible, we will make reasonable efforts to notify individuals before responding to such requests.
  • Professional Advisors and Auditors
In the course of our legitimate business operations, we may share personal data with external advisors such as legal counsel, accountants, auditors, or consultants. This may occur in connection with internal governance reviews, regulatory compliance audits, risk assessments, or dispute resolution proceedings. All such parties are required to handle data in accordance with strict confidentiality obligations and applicable legal standards.
  • Consent-Based Sharing
Where we have obtained your explicit consent, we may share your personal data with third parties for purposes beyond the scope of our core services, such as promotional campaigns, testimonials, or third-party research projects. You may withdraw your consent at any time, and we will honour such requests in accordance with applicable laws and contractual commitments. We review all third-party relationships regularly and conduct due diligence to ensure that your data is handled securely and lawfully. All data transfers, whether domestic or cross-border, are supported by appropriate contractual and legal safeguards such as Standard Contractual Clauses (SCCs), data processing agreements, or lawful exemptions under applicable privacy frameworks.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

  1. As a globally active organisation, Sannam S4 Group operates across multiple jurisdictions and engages with clients, partners, and service providers located around the world. In the course of providing services and conducting business, your personal data may be transferred to, accessed from, or stored in countries other than your country of residence, including jurisdictions that may not offer the same level of data protection as your own.
  2. We are committed to ensuring that any such international transfer is conducted in full compliance with applicable privacy laws, including the EU and UK General Data Protection Regulations (GDPR), the Digital Personal Data Protection Act, 2023 (India), and Japan’s Act on the Protection of Personal Information (APPI). Where necessary, we implement specific legal, technical, and organizational safeguards to ensure that your personal data remains protected regardless of where it is processed. When we transfer your personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your privacy rights and the integrity of your personal data. These safeguards may include:
  •  Standard Contractual Clauses (SCCs)
We may implement contracts approved by regulators that require recipients to protect personal data in accordance with applicable laws.
  •  Binding Corporate Rules (BCRs)
Where applicable, we adhere to internal policies approved by regulatory authorities to allow international transfers within our corporate group.
  •  Certification Mechanisms
In some cases, we may rely on independently certified frameworks that ensure data protection standards, subject to applicable approvals.
  •   Consent
Where required by law, we will ask for your explicit consent to transfer your data across borders.
  •  International Data Transfer Agreement as per ICO, UK
Where personal data is transferred outside the UK to a country without an adequacy decision, Sannam S4 uses the International Data Transfer Agreement approved by the UK Information Commissioner’s Office .We may also use the UK Addendum to the EU Standard Contractual Clauses where both UK and EU data are involved. These tools ensure a legally binding and enforceable mechanism for safeguarding personal data. Transfers are further supported by Transfer Risk Assessments and technical and organisational measures such as encryption. Our goal is to ensure that individual rights are protected even when data is transferred internationally. All international transfers are made in compliance with the UK GDPR.
  1. We use service providers and infrastructure in several jurisdictions, and your data may be processed or stored in countries such as India, United States, UK, European Union, Japan etc. These locations are selected to support our global operations and to deliver services reliably and efficiently.

Regardless of where your personal data is processed, we apply the protections described in this Privacy Notice and take all necessary steps to comply with applicable legal requirements for international data transfers. If you would like more information about the specific countries to which your personal data may be transferred, or the safeguards implemented to protect your information, you may contact us at dataprotection@sannams4.com

8. DATA RETENTION

    1. We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required to meet legal, regulatory, or operational obligations.
    2. The specific retention period depends on the nature of the data, the context in which it was collected, and the applicable legal requirements in the jurisdictions where we operate, including the GDPR (EU/UK), India’s DPDP Act, 2023, Japan’s APPI, and the California Consumer Privacy Laws
    3. In determining the appropriate retention period for personal data, we consider several factors, including but not limited to:
      • The nature, sensitivity, and classification of the data;
      • The purposes for which the data was collected or subsequently processed, including contractual obligations;
      • Whether there is a legal or regulatory requirement to retain the data for a defined period (e.g., tax, employment, or corporate law);
      • Internal operational policies, industry guidelines, and historical recordkeeping practices;
      • The likelihood of continued interaction or relationship with the user (e.g., active accounts or service usage);
      • Potential legal risks or the need to preserve data for dispute resolution or enforcement of our rights.
    4. Once the applicable retention period has expired, or when we no longer need the data for business or legal purposes, we securely delete it or anonymize it in a manner that ensures it cannot be linked back to any individual.

9. YOUR RIGHTS AND CHOICES

  1. Depending on your country of residence and the applicable data protection laws, you may be entitled to certain rights regarding your personal data. These rights vary by jurisdiction but generally include access, correction, deletion, objection to processing, and portability.
  2. We will always honour your rights in accordance with the laws that apply to you, including the EU/UK GDPR, India’s Digital Personal Data Protection Act, 2023, Japan’s Act on the Protection of Personal Information (APPI), and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA)
  3. Right to Access    You have the right to request confirmation of whether we process your personal data and to obtain a copy of such data in a clear and understandable format. This right allows you to gain transparency about the categories of personal data we collect, how we use it, the types of third parties with whom it may be shared, and the duration for which it is retained. Upon your request, we will provide:
    • A summary of the personal data we hold about you;
    • The purposes of processing;
    • The categories of personal data processed;
    • The recipients or categories of recipients to whom your data may have been disclosed;
    • The source of the data, if not collected directly from you;
    • Where applicable, information about automated decision-making and the logic involved.
  4. Right to rectificationYou have the right to request the correction or update of any personal data we hold about you that is inaccurate, incomplete, or outdated. This ensures that the information we use and share is accurate and relevant. Depending on the nature of the data and the purpose for which it is processed, you may:
    • Request that we correct factual inaccuracies (e.g., name, contact details);
    • The purposes of processing;
    • The categories of personal data processed;
    • Request completion of incomplete data if it is relevant to the processing context;
    • Provide supporting information or documentation to facilitate the correction process.
  5. Right to ErasureYou have the right to request the deletion of your personal data where there is no compelling reason for us to continue processing it. You may request erasure of your personal data in the following circumstances:
      • The data is no longer necessary for the purpose for which it was collected or processed;
      • You withdraw your consent, and there is no other legal basis for processing;
      • You object to the processing and there are no overriding legitimate grounds to continue;
      • The personal data was processed unlawfully;
      • The data must be erased to comply with a legal obligation.
    Please note that this right is not absolute. We may retain certain personal data where necessary:
    • To comply with a legal obligation (e.g., tax, employment, or regulatory requirements)
    • For the establishment, exercise, or defence of legal claims;
    • Where retention is required for our legitimate business interests, consistent with applicable law.
  6. Right to ObjectYou have the right to object to the processing of your personal data when it is based on our legitimate interests or is being used for direct marketing purposes. If you object to direct marketing, we will stop processing your personal data for that purpose immediately. For processing based on legitimate interests, we will consider your objection and determine whether we have compelling legitimate grounds to continue processing or whether your rights outweigh those interests.
  7. Right to Data PortabilityYou have the right to request that we provide you with your personal data in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that we transfer this data directly to another data controller of your choice. This right applies when the processing is based on your consent or on a contract and is carried out by automated means.
  8. Right to Withdraw ConsentWhere we rely on consent to process your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  9. Right to NominateWhere permitted by applicable law, you have the right to nominate another individual to exercise your data subject rights on your behalf in the event of your incapacity or death. To exercise this right, you may be required to provide:
    • A valid nomination form or legal authorization
    • Proof of identity of the nominee and supporting documentation
    • Any additional documentation as required by local regulations.

10. USE OF ARTIFICIAL INTELLIGENCE (AI) TOOLS

Sannam S4 Group may use Artificial Intelligence (AI) tools in limited contexts such as candidate screening, data analysis, or service enhancement to improve efficiency and decision support. These tools are designed to assist human decision-making, not replace it.

Where AI involves the processing of personal data, we ensure it is done transparently and in compliance with our obligations under the applicable privacy laws.

11. USE OF COOKIES

We use cookies and similar technologies to enhance your experience on our website, measure performance and marketing effectiveness, and support essential site functionality. Cookies are small data files placed on your device when you visit our site. Here’s how we use them:

  1. Strictly Necessary Cookies
These cookies are essential for the website to work properly. They help with things like login sessions, form submissions, and cookie preferences. Disabling these may prevent parts of the site from functioning correctly, but they do not identify you as an individual.
  • Performance Cookies
We use performance cookies to count visits and traffic sources. They help us understand which pages are most popular and how users navigate our site. The data collected is anonymous and used to continuously improve site performance. sannams4.com
  • Functionality Cookies
These cookies enable enhanced features and personalization. They may remember your language or region preferences and may involve data you’ve provided. If disabled, some site features may not function optimally.
  • Targeting (Advertising) Cookies
  • Set by advertising partners, these cookies help build interest-based profiles and deliver more relevant ads. Depending on their specifics, they may involve personal data about your browsing habits. sannams4.com
  • We also use tracking pixels, web beacons, and similar tools for analytics and marketing purposes, such as analysing cookie data, performance metrics, and tracking interactions with marketing content.
  • When you first visit our site, we request your consent to use non-essential cookies. If you decline, we will not use them for that session though strictly necessary cookies remain active. We use both session cookies (which are erased when you close your browser) and persistent cookies (which stay until they expire or are manually removed). Disabling cookies may limit some features and functionality of the website.

12. Targeting (Advertising) Cookies

  • Set by advertising partners, these cookies help build interest-based profiles and deliver more relevant ads. Depending on their specifics, they may involve personal data about your browsing habits. sannams4.com
  • We also use tracking pixels, web beacons, and similar tools for analytics and marketing purposes, such as analysing cookie data, performance metrics, and tracking interactions with marketing content.
  • When you first visit our site, we request your consent to use non-essential cookies. If you decline, we will not use them for that session though strictly necessary cookies remain active. We use both session cookies (which are erased when you close your browser) and persistent cookies (which stay until they expire or are manually removed). Disabling cookies may limit some features and functionality of the website.

13. DATA SECURITY AND INTEGRITY

  1. We are committed to protecting the confidentiality, integrity, and availability of personal data. To achieve this, we implement a range of technical and organizational security measures designed to prevent unauthorized access, loss, misuse, alteration, or disclosure of your personal data. Our security framework includes, but is not limited to:
    • Use of robust encryption protocols for data in transit and at rest to safeguard sensitive information;
    • Role-based access controls and secure authentication mechanisms to restrict access to authorized personnel only;
    • Regular security assessments, including vulnerability scans and penetration testing, to proactively identify and address risks;
    • Real-time system monitoring and anomaly detection to identify potential threats and ensure rapid response;
    • Ongoing staff training and awareness programs to promote a culture of data security and privacy compliance;
    • Established incident response and data breach notification procedures to act swiftly and lawfully in the event of a security incident.
    • Sannam S4 Is ISO 27001: 2022 Certified.
  2. Access to personal data is granted strictly on a need-to-know basis and is limited to employees, contractors, and service providers who are bound by contractual confidentiality obligations and are required to follow our data protection standards.

14. PRIVACY OF CHILDREN DATA

  1. Protecting the privacy of children is of paramount importance to Sannam S4 Group. Our services and websites are not directed at, nor intended for use by, children under the age of 16 (or such other age as defined under applicable local laws, such as 13 under CCPA and 18 under India's DPDP Act for specific processing purposes).
  2. We do not knowingly collect, solicit, or process personal data from children without verifiable parental consent, unless we are legally required or permitted to do so under applicable laws. If we become aware that we have collected personal data from a child without the appropriate consent or legal basis, we will take immediate steps to delete that information.
  3. Where our business activities involve engaging with minors such as in the context of higher education consulting, scholarship facilitation, or recruitment serviceswe ensure that appropriate safeguards are in place. This includes:
  • Obtaining explicit consent from parents or legal guardians before collecting or using any personal data;
  • Limiting the data collected to what is necessary and proportionate;
  • Ensuring secure processing and restricted access to such data; and
  • Providing transparency regarding the purpose and duration of data use.

15. Updates to This Privacy Notice

  1. Sannam S4 Group does not do any automated decision-making processes that produce legal or similarly significant effects on individuals, as defined under privacy regulations such as the EU/UK GDPR, India’s DPDP Act, Japan’s APPI, and California’s CCPA.
  2. Where we use limited forms of automation such as analysing job applications, user preferences, or engagement data it is strictly for the purpose of enhancing service efficiency, personalisation, or operational analytics. These processes do not result in decisions that significantly affect your rights or access to services without meaningful human involvement.
  3. Any profiling or segmentation we perform is done under the following safeguards:
  • Data used in such activities is limited, proportionate, and pseudonymised or aggregated where possible;
  • Profiling is not used to make decisions about eligibility, performance, or access to services without human review;
  • We do not use profiling for behavioural advertising or sensitive inferences without your consent; and
  • Individuals retain the right to object to profiling, request human intervention, and receive explanations about any such processing.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or the way we process your personal data, please reach out to us. We are committed to addressing your queries promptly and transparently. You can contact us using the details below: Privacy Office Sannam S4 Group Email: dataprotection@sannams4.com Depending on your location, you may also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concern directly. For all privacy-related inquiries, including data access, correction, withdrawal of consent, or the exercise of your legal rights, please clearly specify the nature of your request in your communication. We may ask you to verify your identity before we process your request in order to protect your data.