Privacy Policy

NIIT attaches great importance to the confidentiality and security of your personal information. We will use reasonable efforts to protect the security of your personal information (“Personal Information”, as defined below) in accordance with this Privacy Policy. “We” as used in this Privacy Policy refers to NIIT and it’s affiliates.

This Privacy Policy applies to the information collected through NIIT Platforms, and does not apply to information that we may collect from you through other means (for example, this The Privacy Policy does not apply to information you may provide to us by telephone, fax or daily correspondence).

If you choose not to provide us with the information necessary, you may not be able to create a user account and we may not be able to provide you with various services.

This Privacy Policy mainly includes the following contents:

1. Consent regarding information processing
2. Personal information
3. Disclosure
4. Sharing and Transfer
5. Acquisition, merger, reorganization, bankruptcy
6. Exceptions to Consent for Sharing, Transfer, and Disclosure
7. Entrusted processing
8. Your rights
9. Response
10. Personal Information Protection of Minors
11. Safety
12. Modifying the Privacy Policy
13. Privacy Concerns
14. Personal Information Storage Period
15. Suspension of Operation
16. The sole subject

Consent Regarding Information Processing

By accessing NIIT’s and it’s affiliates’ websites, you understand and expressly agree to our processing (including collection, storage, use, processing, transmission, provision, disclosure and deletion) for the purposes stipulated in this Privacy Policy and the NIIT Terms of Service etc.) your personal information, including but not limited to the transfer of your personal data between NIIT and the third parties, affiliates and affiliates described in this Privacy Policy .

Personal information collected and generated during our operations in the People’s Republic of China is stored in China, except in the following cases:

1. The applicable laws are clearly stipulated;
2. Obtain your express authorization;

In response to the above situations, we will ensure that your personal information is adequately protected in accordance with this Privacy Policy.

Special handling rules for cross-border information

In principle, the personal information we collect and generate within the territory of the People’s Republic of China will be stored within the territory of the People’s Republic of China. Since we may provide various services through overseas resources and servers, this means that, after obtaining your authorization and consent, your personal information may be transferred to the overseas jurisdiction of the country/region where you use the various services, or subject to access from these jurisdictions. Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we will ensure that your personal information is adequately and equally protected as within the territory of the People’s Republic of China.

For any services your personal information will not be shared overseas and will be stored and secured in servers located in People’s Republic of China.

By agreeing to this policy, you affirm that you understand that the personal information processor and the overseas recipient have agreed through the Contract that you are a third-party beneficiary, and that the you may enjoy the rights of a third-party beneficiary pursuant to the Contract until you do not expressly refuse for the same within 30 days (by using the means of communication provided by the processor).

Personal information

Personal Information refers to various information related to identified or identifiable natural persons recorded electronically or in other ways, excluding anonymized information. The personal information involved in this privacy policy includes name, email id, phone number, company name.

There is no Sensitive Personal Information involved in this privacy policy. No data of any minor is collected on NIIT and its affiliates websites. 

For the purposes of this policy, i.e. NIIT Privacy Policy, the term ‘Personal Information’ includes above defined Personal Information.

We will only collect and use your personal information for the purpose of contacting you for business purposes.

Disclose

In principle, we will not publicly disclose your personal information.

We will only publicly disclose your personal information in the following circumstances, on the premise of conducting a personal information security impact assessment in advance, and taking industry-standard security protection measures and de-identification processing based on the assessment results. Record and store the public disclosure of personal information, including the date, scale, purpose, and scope of public disclosure, etc.:

1. Through your reserved email address, we will inform you of the purpose of public disclosure, and the type of personal information disclosed. According to your needs, we will disclose the individuals you designate in the disclosure method that you expressly agree to disclose information;
2. When it is necessary to provide your personal information according to the requirements of laws, regulations, mandatory administrative law enforcement or judicial requirements, we may publicly disclose your personal information according to the required type and disclosure method of personal information. Under the premise of compliance with laws and regulations, when we receive the above-mentioned request for information disclosure, we will require the issuance of corresponding legal documents, such as subpoenas or investigation letters. All requests are carefully reviewed to ensure they have a legitimate basis and are limited to data law enforcement has a legitimate right to obtain for specific investigative purposes.

If we violate the provisions of laws and regulations during the disclosure process and cause you losses, we will bear the corresponding responsibilities arising therefrom.

Share and transfer:

We will not share or transfer your Personal Information to any company, organization or individual other than NIIT and its affiliates, except in the following cases:

1. Sharing with explicit consent or authorization: After obtaining your explicit consent or authorization, we will share and transfer your Personal Information to other parties.
2. We may share and transfer your personal information externally in accordance with laws and regulations, or as required by applicable laws and regulations, legal procedures, and mandatory administrative or judicial requirements.
3. Other sharing situations: sharing with our affiliates and associates.Your personal information may be shared with our affiliates and associates. We will only share necessary personal information and subject to the purposes set out in this Privacy Policy. If our affiliates and associates want to change the purpose of processing personal information, they will ask for your authorization again.

Acquisitions, Mergers, Reorganizations, Bankruptcies

When it comes to acquisitions, mergers, reorganizations and bankruptcy, you understand and agree that: we may not be able to meet the steps and requirements for personal information sharing and transfer listed in the aforementioned “Sharing and Transfer”. However, we will inform you of the relevant situation through your reserved email address within 7 working days after the announcement, and require new companies and organizations that hold your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require the company or organization to seek authorization from you again. If it is bankrupt and there is no successor, we will delete the relevant data within 7 working days after the announcement.

Sharing, Transfer, Disclosure with Consent Exception

According to relevant laws and regulations and national standards, we may share, transfer and publicly disclose your personal information without your consent in the following situations:

(1) Those directly related to national security and national defense security;

(2) Related to public security, public health, major public interests, etc.;

(3) related to criminal investigation, prosecution, trial and execution of judgments, etc.;

(4) In order to protect your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain my consent;

(5) Your personal information disclosed to the society by yourself;

(6) Collect your personal information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels;

(7) Related to our performance of obligations stipulated by laws and regulations.

(8) Other circumstances stipulated by laws and administrative regulations.

Delegated processing

At present, we have not entrusted any third party to process personal information. If it is really necessary to entrust due to business development, the following conditions must be met:

1. The entrusted party behavior does not exceed the scope of your authorization and consent.
2. We will conduct personal information security impact assessment on the entrusted party behavior to ensure that the entrusted person meets the data security capability requirements.
3. We will ensure that the entrusted person meets the following requirements:

(1) Handling personal information in strict accordance with our requirements, and if it fails to comply with the requirements due to special reasons, it must give us feedback in a timely manner;

(2) If it is really necessary to entrust again, it is necessary to obtain our authorization in advance;

(3) To assist us in responding to your requests;

(4) If a sufficient level of security protection cannot be provided in the process of processing personal information or a security incident occurs, feedback must be given to us in a timely manner;

(5) Relevant personal information will no longer be stored when the entrustment relationship is terminated.

4. We will supervise the entrusted persons, including but not limited to:

(1) The responsibilities and obligations of the entrusted party are stipulated through contracts, etc.;

(2) Audit the entrusted persons.

5. We will accurately record and store the entrusted processing of personal information.
6. If we know or find that the entrusted person fails to process personal information in accordance with the entrustment requirements, or fails to effectively perform the responsibility for personal information security protection, we will immediately require the entrusted person to stop relevant behavior, and take or require the entrusted person to take effective measures. Remedial measures (such as changing passwords, revoking permissions, disconnecting network connections, etc.) control or eliminate security risks to personal information. When necessary, we will terminate the business relationship with the entrusted person and require the entrusted person to delete the personal information obtained from us in a timely manner.

Your rights:

1. Query personal information

You have the right to inquire about your personal information, except for the exceptions provided by laws and regulations.

You can also contact us at any time through the methods set out in this Privacy Policy to apply for inquiries about account personal information, sources of personal information, the purpose of our use of your personal information, and the identity or type of third parties that have obtained your personal information from us. After we receive your inquiry email, we will give you feedback within 30 working days; if we cannot provide it, we will explain the reason to you.

2. Correction of personal information

You have the right to ask us to make corrections when you find that the personal information we process about you is inaccurate. You can contact us at any time in the manner specified in this Privacy Policy, and we will process it within 3 working days;

3. Delete personal information

In the following circumstances, you may request us to delete personal information by contacting us in the manner set out in this Privacy Policy:

(1) If our processing purpose has been achieved, cannot be achieved or is no longer necessary to achieve the processing purpose;

(2) If we stop providing products or services, or the storage period has expired;

(3) If you withdraw your consent;

(4) If we handle your personal information in violation of laws, administrative regulations or agreements;

(5) Other circumstances stipulated by laws and administrative regulations. If we collect and use your personal information in violation of laws and regulations or our agreement with you, we will delete the corresponding information within 3 working days after receiving your aforementioned request.

When you delete information from our service, we may not delete the corresponding information from the backup system immediately, but will delete the information when the backup is updated.

The storage period stipulated by laws and administrative regulations has not expired, or if it is technically difficult to delete your personal information, we will stop processing other than storage and taking necessary security protection measures.

4. Change the scope of your authorization and consent or withdraw your authorization

You can change the scope of your authorization for us to continue to collect personal information or withdraw your authorization by deleting information, turning off device functions, setting “Privacy Settings” on the NIIT or it’s affiliates sites or software, etc. You can also withdraw all authorization for us to continue to collect your personal information by canceling your account.

Please understand that each business function requires some basic personal information to be completed. After you withdraw your consent or authorization, we cannot continue to provide you with the services corresponding to the withdrawal of consent or authorization, nor will we process your corresponding personal information. However, your decision to withdraw your consent or authorization will not affect the previous processing of personal information based on your authorization.

Response

For your request based on this Privacy Policy, we will process it after the necessary identity verification is passed, and will respond within a maximum of thirty days or the time limit stipulated by laws and regulations. If directly fulfilling your request requires high costs or significant difficulties, we will provide other alternatives to protect your legitimate rights and interests.

In the following cases, we may not be able to respond to your request in accordance with relevant laws, regulations and national standards:

(1) Related to our performance of obligations stipulated by laws and regulations;

(2) Related to national security and national defense security;

(3) Those related to public safety, public health, and major public interests;

(4) Related to criminal investigation, prosecution and trial;

(5) There is sufficient evidence to show that you have subjective malice or abuse of rights;

(6) In order to protect your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain the consent of the year;

(7) Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;

(8) Involving commercial secrets.

Personal Information Protection of Minors

Our products, websites and services are primarily aimed at adults. Minors should not provide their information.

Safety

We take personal information security very seriously and take all reasonably practicable measures to protect your personal information:

1. Data security technical measures

We will adopt industry-standard security protection measures, including establishing reasonable system specifications and security technologies to prevent your personal information from being accessed, used and modified without authorization, and to avoid data damage or loss.

NIIT and its affiliates  adopts encryption technologies such as transport layer security protocol, and provides browsing services through https and other methods to ensure the security of user data during the transmission process.

NIIT and its affiliates adopts encryption technology to encrypt and store users’ personal information, and isolate them through isolation technology.

When using personal information, we will adopt a variety of data desensitization technologies including content replacement and SHA256 to enhance the security of personal information in use.

NIIT and its affiliates  uses strict data access control and multi-factor authentication technology to protect personal information and prevent data from being used illegally.

NIIT and its affiliates  uses code security automatic inspection and data access log analysis technology to conduct personal information security audits.

2. Other security measures taken by NIITto protect personal information

NIIT and its affiliates  manages and regulates the storage and use of personal information by establishing a data classification and grading system and data security management specifications.

NIIT and its affiliates  conducts comprehensive security control of data through confidentiality agreements, monitoring and auditing mechanisms for information contacts.

NIIT and its affiliates  establishes a data security management organization to promote and ensure the security of personal information.

we store your personal data is certified as ” Trusted Cloud ” by the Data Center Alliance.

Strengthen safety awareness. We also conduct security and privacy protection training courses to enhance employees’ awareness of the importance of protecting personal information.

3. We only allow employees and partners of NIIT and its affiliates who need to know this information to access personal information, and set up a strict access control and monitoring mechanism for this purpose, and batch modification and copying of personal information, download and other important operations have set up corresponding internal approval processes. We also require all personnel who may have access to your personal information to fulfill corresponding confidentiality obligations. If you fail to fulfill these obligations, you may be subject to legal responsibility or be suspended from the cooperative relationship with NIIT and its affiliates .
4. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will only retain your personal information for as long as is necessary to achieve the purposes described in this policy, unless an extension of the retention period is required or permitted by law.
5. The Internet is not an absolutely safe environment, and it is impossible to determine whether the communication with other users such as email, instant messaging, social software, etc. is completely encrypted. We recommend that you use complex passwords when using such tools, and pay attention to protecting your personal information security.
6. The Internet environment is not 100% secure, and we will try our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of information, resulting in damage to your legitimate rights and interests, we will assume corresponding legal responsibilities.
7. Security incident handling

When conducting online transactions of goods or services with third parties through the NIIT website, you will inevitably disclose your personal information to the counterparty or potential counterparty. Please properly protect your personal information and only provide it to others when necessary.

In order to deal with the possible risks of personal information leakage, damage and loss, NIIT has formulated a number of systems to clarify the classification and classification standards of security incidents and security vulnerabilities and the corresponding processing procedures. NIIT has also established a special emergency response team for security incidents. In accordance with the requirements of security incident handling specifications, security plans are initiated for different security incidents, and they will stop losses, analyze, locate, formulate remedial measures, and cooperate with relevant departments to trace the source and strike.

In the event of an unfortunate personal information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and the measures you can take to prevent and reduce risks on your own. Recommendations, remedies for you, etc. At the same time, we will promptly notify you of the relevant information of the event by email, letter, telephone, push notification, etc. When it is difficult to inform the personal information subjects one by one, we will take a reasonable and effective way to publish an announcement. At the same time, we will also proactively report the handling of personal information security incidents in accordance with the requirements of regulatory authorities.

Modify Privacy Policy

Please note that in order to provide you with better services and with the development of NIIT business, we may review and revise this Privacy Policy at any time. We will issue an updated version on the NIIT  website and remind you of relevant content updates through website announcements or other appropriate means. When this Privacy Policy is revised, this Privacy Policy link will contain the notation “Updated (Date)”, which means that you should review the new terms, and any revisions will be effective immediately upon posting on this page, with the updated effective date. By accessing this product after any modification of this product, you are deemed to have agreed to the revised Privacy Policy and all other modifications to this product. Please visit this webpage periodically to keep up to date with the latest version of this Privacy Policy.

Privacy concerns

If you have privacy concerns, or have disclosed data you wish to keep private, or wish to access information we hold about you, please contact us: Privacy@niit.com.cn.

Generally, we will reply within thirty days. If you are not satisfied with our response, especially if our personal information processing behavior has harmed your legitimate rights and interests, you can also seek solutions through the following external channels:

1. File a civil lawsuit with the people’s court where the defendant is located;
2. Report to the Central Cyberspace Administration of China (the website of the report center is: http://www.12377.cn, and the report number is: 12377).

Personal information storage period

We only retain your personal information for the period necessary for the purpose of providing you with NIIT related services and within the time limit stipulated by laws, regulations and supervision. After the storage period has expired, we will delete or anonymize your personal information, but it is otherwise required by national laws, regulations, rules, normative documents or government policies, orders, etc., or is retained for the fulfillment of our compliance obligations. Except for your personal information.

Updated: Nov 13th, 2023