Privacy Policy

1.1 Personal Information (Students)

We may collect and process the following data relating to Students:

• Identification details: full name, gender, date of birth, nationality, government-issued identifiers (only if provided by the Client for verification purposes).
• Contact details: email address, phone number, postal address, emergency contact details (if provided by the Client).
• Academic history: enrolment details, course name, graduation year, certifications, transcripts, marksheets, grade point averages, or other academic performance data.
• Career records: resumes/CVs, version history, cover letters, career preferences, professional skills, work experience, internships, projects, references.
• Application data: job applications, placement preferences, recruiter interactions, status of selection/placement.
• Interview data: audio, video, and textual responses during AI-driven mock interviews, including biometric data such as voice samples and recorded likeness (strictly for the purposes of conducting and assessing mock interviews).
• Feedback data: recruiter feedback, placement officer notes, system-generated analytics and performance metrics.

1.2 Personal Information (Recruiters)

We may collect and process the following data relating to Recruiter Users:

• Identity and role information: name, designation, department, company/organisation details.
• Contact information: email address, phone number, and official correspondence address.
• Recruitment activity data: job postings, hiring preferences, role descriptions, candidate requirements, and placement outcomes.
• Communication data: recruiter messages to Students or Placement Officers through the PMS, interview invitations, and other interactions recorded via the Services.

1.3 Client & Placement Officer Data

We may collect and process the following data from Clients and Placement Officers/Administrators:

• Institutional details: organisation name, registered address, accreditation details, and institutional identifiers.
• Subscription information: plan details, subscription duration, modules purchased, usage metrics.
• Billing and payment data: invoicing details, payment records, GST numbers, bank transaction details (processed securely via third-party payment processors).
• Operational data: placement schedules, recruiter engagement logs, analytics reports, institutional dashboards, and communications exchanged with the Company.

1.4 Technical and Usage Data

We may automatically collect the following technical and usage information when Users interact with our Services:

• Device data: IP address, device identifiers, browser type, operating system, screen resolution, and language settings.
• Log data: timestamps of access, login/logout activities, features accessed, error logs, crash reports, and system diagnostics.
• Usage patterns: clickstream data, session duration, navigation paths, frequency of use, and performance metrics.
• Security data: failed login attempts, suspicious activity alerts, and authentication logs used for fraud detection and account security.

1.5 Cookies, Tracking & Analytics

We use cookies and similar technologies (e.g., pixels, beacons, SDKs, local storage) for the following purposes:

• Authentication: to recognise returning Users and maintain session integrity.
• Preferences: to store language, resume settings, and customised dashboards.
• Analytics: to measure feature usage, performance, and service improvements.
• Security: to detect anomalies, prevent fraud, and ensure platform stability.

Users may manage or disable cookies through browser settings. However, disabling certain cookies may restrict access to core features of the Services.

2.1 Service Delivery

• To provide, operate, and maintain the PrepCV Platform and PMS.
• To enable Students to create, edit, and manage multilingual resumes with AI-driven assistance.
• To conduct AI-powered mock interviews (both standard and dynamic), assess candidate performance, and generate structured feedback.
• To facilitate placement workflows including student shortlisting, recruiter dashboards, interview scheduling, and job offer tracking.
• To provide Placement Officers and Clients with real-time dashboards, reports, and analytics for placement and compliance monitoring.

2.2 Communication and Support

• To send system-generated updates, alerts, and transactional notifications (e.g., interview scheduling, account confirmations, subscription reminders).
• To provide customer and technical support, resolve queries, and troubleshoot service-related issues.
• To deliver service announcements, policy updates, and changes to features or pricing.

2.3 Data Sharing and Authorised Access

• To securely share Student resumes, interview outcomes, and placement data with authorised Recruiter Users in accordance with Client instructions.
• To ensure Recruiters can access only those Student profiles that have been authorised and shared by the Client or Placement Officer.
• To ensure Placement Officers and Clients retain supervisory control over all Recruiter access and Student data.

2.4 Security, Fraud Prevention, and Compliance

• To monitor and prevent unauthorised access, hacking, fraud, or misuse of accounts.
• To maintain logs and audit trails for compliance and dispute resolution.
• To detect and investigate suspicious or unlawful activities.
• To comply with legal, regulatory, and law enforcement requirements, including government directives under the DPDP Act, 2023 and other applicable laws.

2.5 Research, Development, and Service Enhancement

• To improve platform functionality, user experience, and reliability.
• To conduct anonymised analytics for feature optimisation, predictive placement insights, and service scalability.
• To use aggregated and de-identified data for benchmarking, reporting, or academic research, ensuring no personally identifiable information is disclosed.

2.6 Marketing and Optional Engagement

• To send newsletters, promotional offers, or updates about new features or products (only where Users or Clients have provided explicit consent).
• To conduct surveys, feedback sessions, and user research programs, always on an opt-in basis.

2.7 Legal Basis of Processing

• Consent: where Users actively provide data (e.g., resume upload, mock interview participation, job application submission).
• Contractual necessity: where processing is essential for delivery of Services to Clients and Users.
• Legitimate interest: ensuring security, fraud detection, service improvement, and engagement with Clients.
• Legal obligation: responding to government requests, audit requirements, or compliance with Indian data protection laws.

3.1 Consent

Students provide consent when uploading resumes, academic records, or participating in AI-driven mock interviews.

Recruiters provide consent when posting job roles, submitting hiring preferences, or interacting with Student data.

Placement Officers and Clients provide consent when registering institutional details or managing Student accounts.

Consent is obtained either directly (via opt-in forms) or indirectly (through Client institutions responsible for onboarding).

3.2 Contractual Necessity

Processing is required to deliver the Services subscribed to by Clients, including PMS, resume editing, mock interviews, analytics, dashboards, and placement reporting.

Without such processing, we would be unable to fulfil our contractual obligations to Clients.

3.3 Legitimate Interests

We may process personal data where necessary for our legitimate interests, provided such interests do not override User rights and freedoms. Examples include:

• ensuring network and information security;
• preventing fraud, misuse, or unauthorised access;
• monitoring service usage and performance to improve functionality;
• generating anonymised insights to enhance product design.

3.4 Legal Obligations

We may process and disclose data where required to comply with:

• applicable laws and regulations in India or abroad;
• directives from courts, regulators, or government authorities;
• audit and compliance requirements;
• obligations under the DPDP Act, 2023, including grievance redressal.

3.5 Special Categories of Data (Biometric/Interview Data)

Where mock interviews involve the collection of audio, video, or voice recordings that may qualify as biometric identifiers, we rely on:

• explicit consent from the Student User (either directly or via the Client institution); and
• strict purpose limitation, meaning such data is used solely for conducting and assessing mock interviews and not for any unrelated purpose.

3.6 Withdrawal of Consent

Users may withdraw consent at any time by contacting the Client or the Company (through the grievance redressal process).

Withdrawal of consent may limit or prevent further access to certain features of PrepCV or PMS.

Data processed prior to withdrawal shall remain lawful.

4.1 Recruiters

• Student resumes, profiles, and interview outcomes may be shared with authorised Recruiter Users strictly for legitimate hiring purposes.
• Recruiters must access data only through PMS, under login credentials issued by the Client, and in compliance with applicable labour, anti-discrimination, and data protection laws.
• The Company does not permit Recruiters to download, export, or re-use Student data outside PMS except where specifically authorised by the Client.

4.2 Clients (Institutions and Placement Officers)

• Clients and designated Placement Officers have supervisory visibility into the data of Students enrolled under their institution.
• Clients may generate analytics reports, placement dashboards, and institutional statistics using such data.
• The Company does not authorise Clients to re-use Student or Recruiter data for commercial purposes outside the scope of placements.

4.3 Service Providers and Sub-Processors

We engage carefully selected third-party service providers to support delivery of our Services, including cloud hosting, data storage, communication tools, payment processors, and analytics providers.

These providers act as sub-processors and are bound by contractual obligations that require them to:

• process data only on our documented instructions;
• maintain adequate technical and organisational safeguards;
• ensure compliance with the DPDP Act, 2023 and international best practices.

A current list of critical sub-processors may be made available to Clients upon written request.

4.4 Legal and Regulatory Authorities

We may disclose personal data where required by:

• applicable laws or regulations;
• lawful orders of courts, tribunals, regulators, or government agencies;
• audits, inspections, or compliance checks under the DPDP Act, 2023.

Where legally permissible, we will provide notice to the Client prior to such disclosure.

4.5 Business Transfers

In the event of a merger, acquisition, corporate restructuring, or sale of assets, personal data may be transferred as part of the business assets.

Any such transfer will be subject to confidentiality safeguards, and the acquiring entity shall be bound by obligations no less stringent than those under this Policy.

4.6 Protection Against Misuse

All third parties with whom personal data is shared must agree in writing to maintain confidentiality, apply appropriate data security measures, and use the information solely for the purposes authorised by the Company.

Any misuse or unauthorised disclosure by such third parties shall constitute a material breach of their obligations and may result in termination of access, legal action, or reporting to regulators.

5.1 Default Storage Location

All personal data collected through PrepCV and PMS is, by default, stored and processed within India, using secure cloud hosting infrastructure that complies with applicable Indian data protection and security standards.

5.2 Circumstances for Transfer

Cross-border transfers may occur in limited circumstances, including but not limited to:

• enabling access by authorised international Recruiters or employers for legitimate hiring;
• providing services through third-party global vendors, such as cloud hosting providers, communication platforms, or analytics services;
• compliance with legal, regulatory, or contractual obligations requiring data availability outside India.

5.3 Legal Compliance

All cross-border transfers shall comply with:

• the Digital Personal Data Protection Act, 2023 (DPDP Act), including any restrictions or government notifications regarding countries to which transfers may be prohibited;
• applicable international data protection principles, including contractual and security safeguards aligned with GDPR standards, wherever feasible.

5.4 Safeguards Implemented

To ensure lawful and secure transfers, the Company shall:

1. use contractual data protection clauses with overseas recipients, obligating them to maintain confidentiality, purpose limitation, and adequate security standards;
2. apply encryption, pseudonymisation, or anonymisation to data before transfer, where feasible and appropriate;
3. limit transfers to the minimum data necessary for the purpose of such transfer;
4. monitor and review the practices of overseas processors or recruiters with whom data is shared.

5.5 User and Client Responsibility

Clients remain responsible for ensuring that their Students or Recruiters are notified of potential cross-border transfers during the consent-collection process, in accordance with the DPDP Act. The Company acts only on documented instructions from Clients regarding which data is to be shared with international recipients.

5.6 Governmental Access Requests

Where foreign governments or regulators request access to personal data, the Company shall:

• assess the request for legal validity;
• notify the Client promptly, unless prohibited by law;
• disclose only the minimum necessary data required under law.

5.7 Accountability

Any cross-border transfer made under this Section shall remain subject to the obligations of this Privacy Policy, and the Company shall remain accountable for ensuring that personal data continues to receive an equivalent level of protection outside India.

6.1 General Retention Principle

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws, regulations, or contractual obligations. Once retention is no longer justified, personal data shall be securely deleted, anonymised, or archived in accordance with this Policy.

6.2 Subscription Term

Personal data uploaded or generated by Clients, Placement Officers, Students, or Recruiters is retained for the duration of the active Subscription Term.

Upon expiry or termination of the Subscription Term, access to data will cease, except as provided below.

6.3 Post-Term Retention Window

Following expiry or termination, personal data will be retained for an additional ninety (90) days ("Retention Window") to allow Clients to download or migrate their data.

During this period, the Client may request export of Student records, placement reports, or analytics.

At the end of the Retention Window, the Company will securely delete or anonymise personal data unless longer retention is required by law.

6.4 Category-Specific Retention Periods

• Student Data (resumes, academic records, interview responses) – retained for the Subscription Term + Retention Window; deleted thereafter unless the Client requests earlier deletion.
• Recruiter Data (job postings, requirements, interactions) – retained for the Subscription Term + Retention Window; anonymised thereafter.
• Client & Placement Officer Data (billing, reports, subscription records) – retained for up to seven (7) years after termination for accounting, audit, and tax compliance.
• Technical Logs & Security Data (login history, IP logs, access attempts) – retained for up to two (2) years for security, dispute resolution, and fraud prevention.
• Backups & Disaster Recovery Archives – may contain residual copies of personal data, retained for up to six (6) months before being overwritten or deleted.

6.5 Aggregated & Anonymised Data

The Company may retain aggregated, de-identified, or anonymised data indefinitely for statistical analysis, benchmarking, product development, and research purposes.

Such data cannot reasonably be used to re-identify individuals and does not constitute personal data under the DPDP Act.

6.6 Early Deletion Requests

Clients may request deletion of specific Student or Recruiter data before the end of the Subscription Term, subject to legal, regulatory, or contractual obligations.

The Company shall confirm deletion in writing within a reasonable time frame.

6.7 Secure Disposal

When data is deleted, we employ secure disposal methods including:

• overwriting digital storage (data sanitisation);
• deletion from active systems and backups within defined cycles;
• ensuring third-party processors also comply with deletion obligations.

7.1 Technical Safeguards

• Encryption: All personal data is encrypted in transit (TLS/SSL) and at rest using industry-standard algorithms.
• Access Controls: Role-based access, multi-factor authentication (MFA), and session timeouts are enforced for all authorised users.
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and rate-limiting are deployed to prevent unauthorised access.
• Application Security: Regular vulnerability scans, penetration tests, and code reviews are conducted to identify and remediate risks.
• Data Segmentation: Client data is logically separated to prevent unauthorised cross-institution access.

7.2 Organisational Safeguards

• Confidentiality Obligations: All employees, contractors, and sub-processors handling personal data are bound by strict confidentiality undertakings.
• Training & Awareness: Staff undergo periodic training on data protection, phishing awareness, and incident response protocols.
• Vendor Management: Third-party service providers are vetted and contractually required to implement equivalent safeguards.
• Access Reviews: Administrative and privileged access rights are reviewed periodically to ensure minimal and appropriate access.

7.3 Procedural Safeguards

• Monitoring & Logging: Continuous logging of access, changes, and system events to detect anomalies and unauthorised activities.
• Incident Response: A documented incident response plan ensures prompt investigation, containment, and remediation of security breaches.
• Backups & Disaster Recovery: Regular, encrypted backups are maintained in geographically separate locations, with disaster recovery drills conducted periodically.
• Business Continuity: Redundancy measures and failover protocols are in place to maintain uptime commitments.

7.4 Shared Responsibility

While the Company employs robust security measures, no system is completely immune to risks. Users and Clients are responsible for:

• safeguarding their login credentials and devices;
• using strong, unique passwords;
• promptly notifying the Company of any suspected compromise;
• ensuring institutional administrators (Placement Officers) enforce proper onboarding and offboarding of Student/Recruiter accounts.

7.5 Breach Handling

In the event of a suspected or confirmed data breach:

• the Company will notify the Client without undue delay, and within seventy-two (72) hours where feasible;
• provide details of the breach, its impact, and remedial measures taken;
• cooperate with the Client in meeting regulatory notification obligations.

8.1 Right of Access

Users have the right to obtain confirmation as to whether their personal data is being processed and, where so, to request access to such data, including:

• categories of data processed;
• purpose(s) of processing;
• details of entities with whom data has been shared;
• retention period and applicable safeguards.

8.2 Right to Correction and Updates

Users may request correction, completion, or updating of their personal information where it is inaccurate, outdated, or incomplete. This includes academic records, resumes, or contact details uploaded into the Services.

8.3 Right to Deletion (Right to be Forgotten)

Users may request deletion or erasure of their personal data in the following circumstances:

• where consent has been withdrawn;
• where data is no longer necessary for the original purpose;
• where processing is unlawful;
• where retention is not required under law or contractual obligations.

Deletion requests are subject to:

• statutory record-keeping requirements;
• legitimate business needs (e.g., billing records, compliance reports);
• retention rules described in Section 6 (Data Retention).

8.4 Right to Withdraw Consent

Where processing is based on consent, Users may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Withdrawal of consent may limit or prevent further access to certain Services (e.g., mock interviews, recruiter sharing).

Clients are responsible for obtaining, recording, and managing consent from their Students and Recruiters.

8.5 Right to Restrict or Object to Processing

Users may request restriction of processing or object to certain processing activities, including:

• objection to processing for direct marketing (if consented earlier);
• restriction of data usage to core placement activities only;
• suspension of processing during dispute resolution.

8.6 Right to Data Portability

Where technically feasible, Users may request transfer of their personal data to another data fiduciary (e.g., upon change of institution), subject to security and contractual safeguards.

8.7 Right to Grievance Redressal

Users have the right to lodge grievances regarding data processing, misuse, or rights violations. Complaints must be submitted to the Company's designated Grievance Officer (see Section 13 of this Policy).

8.8 Procedure for Exercising Rights

All data rights requests must be routed through the Client (institution/organisation), acting as the data fiduciary.

The Company acts solely as a data processor and will act on documented instructions from the Client regarding such requests.

The Company will not respond directly to Students or Recruiters unless legally required under the DPDP Act or a valid order of a regulator/court.

Clients must maintain appropriate consent mechanisms and ensure their Students and Recruiters are informed of their rights.

8.9 Response Timelines

The Company shall support Clients in responding to requests within the statutory timelines prescribed under the DPDP Act (currently 15 business days for grievance resolution).

In complex cases requiring longer investigation, the Client will be informed of the reasons for delay and expected timelines.

8.10 Limitations

The exercise of data rights may be restricted where:

• disclosure would adversely affect the rights or freedoms of another individual;
• compliance would conflict with applicable legal or regulatory requirements;
• retention is mandated under accounting, taxation, or audit obligations.

9.1 Intended User Base

The Services (PrepCV and PMS) are designed primarily for use by higher education institutions, placement officers, students above 18 years of age, and recruiters/employers. They are not intended for general use by children.

9.2 Age Threshold

For the purposes of the Digital Personal Data Protection Act, 2023, a "child" is defined as an individual under 18 years of age. Accordingly:

• We do not knowingly collect or process personal data of children under 18 without the involvement of a parent, guardian, or duly authorised institutional representative.
• If a Student User is below 18, the Client institution (acting as Data Fiduciary) is solely responsible for obtaining and recording verifiable parental or guardian consent before providing access to the Services.

9.3 Institutional Responsibility

Where under-18 users are granted access by an institution:

• The institution must ensure that consent is obtained and documented in compliance with the DPDP Act.
• The Company relies entirely on the Client's assurance that valid consent exists.
• The Company shall not be liable for misuse of Services by underage Users where the Client has failed to obtain proper consent.

9.4 Prohibited Activities with Children's Data

In compliance with the DPDP Act and international standards:

• We do not profile, track, or target children for behavioural analysis, advertising, or marketing.
• We do not permit recruiters to specifically target underage students for employment opportunities that contravene applicable labour or education laws.
• We do not knowingly share underage student data with third parties other than as authorised by the Client institution.

9.5 Remedial Measures

If the Company becomes aware that personal data of a child under 18 has been collected without valid parental or institutional consent, we will take immediate steps to delete or anonymise such data.

Clients and Users are required to notify the Company promptly if they discover any such unauthorised collection.

9.6 International Compliance

Where Services are accessed by international recruiters subject to GDPR or similar laws:

• A child may be defined at a lower threshold (e.g., 16 years under GDPR, 13 years under COPPA in the US).
• To ensure global compliance, the Company requires institutions to verify that students granted access meet the strictest applicable age-of-consent standard in the relevant jurisdiction.

10.1 Integrations

Our Services may integrate with or provide access to third-party applications, platforms, or tools (collectively, "Third-Party Services"), such as:

• video interview platforms;
• analytics and reporting tools;
• communication and notification services;
• payment gateways;
• cloud hosting and storage providers.

Such integrations may involve the transfer, processing, or storage of personal data by these third-party providers.

10.2 Responsibility of Third Parties

While we carefully select Third-Party Services and require them to implement reasonable safeguards, we do not control and are not responsible for their independent privacy practices, data handling, or security measures.

Users and Clients are encouraged to review the privacy policies of Third-Party Services directly before enabling integrations or providing data.

10.3 Sub-Processors

Some Third-Party Services engaged by us act as sub-processors, supporting the delivery of PrepCV and PMS.

Sub-processors are bound by contractual obligations to:

• process data only on our instructions;
• implement adequate technical and organisational safeguards;
• comply with the DPDP Act, 2023 and comparable international standards.

A current list of critical sub-processors may be shared with Clients upon written request.

10.4 Third-Party Recruiters

Recruiters accessing PMS may also constitute third parties.

The Company does not warrant or guarantee the conduct, authenticity, or privacy practices of Recruiters.

Clients remain responsible for ensuring that Recruiters they invite onto PMS comply with applicable laws, institutional codes, and data protection obligations.

10.5 Liability Disclaimer

To the maximum extent permitted by law:

• the Company disclaims liability for any unauthorised collection, misuse, or disclosure of data by independent Third-Party Services;
• responsibility for reviewing and approving such integrations rests with the Client;
• the Company's liability, where applicable, shall remain limited in accordance with Section 13 (Limitation of Liability) of this Policy and the Agreement.

10.6 Withdrawal of Integrations

We reserve the right to modify, suspend, or discontinue integration with any Third-Party Service at any time if:

• required by law or regulation;
• the third party fails to maintain adequate safeguards; or
• continued integration poses a risk to the security, stability, or integrity of PrepCV or PMS.

11.1 Responsibilities of Clients (Institutions/Organisations)

• (a) Consent Management: Clients are solely responsible for obtaining valid, informed consent from Students and Recruiters before uploading, sharing, or processing their personal data on PrepCV or PMS.
• (b) Accuracy of Data: Clients must ensure that all institutional and placement data they provide (including student enrolments, recruiter registrations, and reports) is accurate, up-to-date, and lawful.
• (c) Access Management: Clients must ensure that Placement Officers and Administrators enforce proper onboarding and offboarding of Student and Recruiter accounts to prevent unauthorised access.
• (d) Compliance with Law: Clients must ensure that their use of the Services complies with applicable data protection, education, labour, and anti-discrimination laws.
• (e) Indemnity: Clients remain responsible for any claims, penalties, or damages arising from failure to obtain consent, unlawful data uploads, or misuse of Services by their Users.

11.2 Responsibilities of Placement Officers / Administrators

• (a) Supervise access and use of PMS on behalf of their Client institution.
• (b) Monitor recruiter interactions with Students to ensure compliance with institutional policies.
• (c) Prevent unauthorised sharing or export of Student data outside PMS.
• (d) Act as the designated point-of-contact for communication with the Company.

11.3 Responsibilities of Recruiters

• (a) Legitimate Use Only: Recruiters may use Student data solely for bona fide recruitment and hiring purposes.
• (b) Compliance with Law: Recruiters must comply with applicable labour, employment, and equal opportunity laws, and must not discriminate on the basis of caste, religion, gender, disability, or any other protected category.
• (c) No Misuse of Data: Recruiters are prohibited from using Student data for solicitation, marketing, or unrelated commercial purposes.
• (d) Accuracy of Information: Recruiters must provide truthful and accurate company, designation, and job role information when engaging with Students and Clients.

11.4 Responsibilities of Students

• (a) Truthful Submissions: Students must provide accurate and truthful personal information, academic records, resumes, and job applications. Falsification of data is strictly prohibited.
• (b) Consent to Sharing: Students acknowledge and consent that their data may be shared with authorised recruiters through PMS, in accordance with Client institution's placement workflows.
• (c) Lawful Use: Students must use PrepCV and PMS only for career preparation and placement-related activities, and not for fraudulent or unlawful purposes.

11.5 General User Obligations

• (a) Users shall not upload, transmit, or distribute unlawful, defamatory, obscene, or harmful content.
• (b) Users shall not attempt to gain unauthorised access to systems, accounts, or data.
• (c) Users shall not introduce malware, viruses, or malicious code into the Services.
• (d) Users must promptly notify the Company of any unauthorised access or misuse of their accounts.

11.6 Shared Responsibility

While the Company implements reasonable safeguards under Section 7 (Security Measures), Users are responsible for:

• maintaining the confidentiality of their account credentials;
• ensuring devices used to access Services are secure;
• complying with institutional codes of conduct.

12.1 Right to Amend

The Company reserves the right to amend, modify, or update this Privacy Policy at any time to:

• reflect changes in applicable laws, regulations, or government directives (including the Digital Personal Data Protection Act, 2023);
• incorporate new features, technologies, or product modules within PrepCV or PMS;
• address feedback from Clients, Users, regulators, or industry bodies;
• improve clarity, transparency, or enforceability.

12.2 Notification of Changes

(a) Material changes to this Privacy Policy will be communicated to Clients and Users through one or more of the following channels:

• email notifications to registered addresses;
• in-platform alerts or pop-up messages;
• publication of the updated Policy on the Company's official website.

(b) The "Effective Date" at the top of the Policy shall always reflect the latest version.

12.3 Binding Effect of Changes

(a) Continued access to or use of PrepCV or PMS after the effective date of an updated Privacy Policy shall constitute deemed acceptance of the revised terms.

(b) Clients are responsible for communicating material changes to their Students, Recruiters, and Placement Officers who use the Services under the Client's subscription.

(c) If a User or Client does not agree to the updated Privacy Policy, their sole remedy is to discontinue use of the Services.

12.4 Urgent Updates

Where updates are required to comply with urgent legal or regulatory requirements, such changes may take effect immediately upon publication, without prior notice.