Privacy Policy

Visitors to our Website and End users of our Services MAY CHOOSE to interact with DoSelect services, in ways that provide us with their Personal Data. In such instances, the amount and type of information that DoSelect collects is contingent upon the nature of your interaction with us.

Further, we will also collect the information including personal information including but not limited to your name, address, image and email ("collectively referred to as Profile Information") in connection with creating an online profile of yours on our Website.

Your profile information, however, could be shared with the Partners. Where the Partners use our Services for hiring assessments, learning assessments, hosting contests, community building or via an integration inside their application and the End User to choose to submit their profile information, these will be shared with the Partners. Further, DoSelect if at times, find that your profile may be suited to another Partner or customer with us, rather than the specific Partner to whom you chose to submit your information to, may choose to share your Profile information with such other Partners, as the case maybe for the legitimate benefit of you/Partner/Visitor only. Further, DoSelect may use your Profile Information to improve upon our Services by using your profile information for internal and external business analytics and analysis.

If you report a security vulnerability to DoSelect and request public acknowledgment, then we shall publicly disclose the personal information you provided to us in connection with the report, including your name to fulfil your request for acknowledgment. In each case, DoSelect collects such Personal Data only insofar as is necessary or appropriate to fulfil the purpose of the user's interaction with or request made to DoSelect. We will not disclose Personal Data other than as described in this Privacy Policy.

In some circumstances you might provide us with the Personal Data about another person(s) in which case: You must ensure that you (1) have their permission to provide their Personal Data to us; and (2) you have made them aware of the terms of this Privacy Policy. By submitting the Personal Data about others, you represent and warrant that you are authorized to do so and that you have received authorization from the person about whom you are providing the Personal Data and that person has explicitly consented to have all Information used, processed, disclosed, and transferred in accordance with this Privacy Policy.

Any personally identifiable information provided by you on freely available domain and / or accessible in the public domain including any comments, messages, blogs, scribbles available on social platforms including but not limited to LinkedIn, Facebook, Instagram, Twitter may be collected. Any content posted by you on social media platform like LinkedIn may be collected directly from such social media platform and stored to provide necessary services to you. Please note that any content posted/uploaded/conveyed/communicated by users on the public sections of the Sites becomes published content and is not considered personally identifiable information subject to this Policy.

Visitors and End Users can always refuse to supply Personal Data, with the caveat that it may prevent you from engaging in certain Website-related activities or being able to access and use certain features and Services. In any case, we will not be liable and or responsible for the denial of certain services to you for lack of you providing the necessary Personal Data.

When you register using your other accounts like Gmail, we shall retrieve personal information, from such account to continue to interact with you and to continue providing the Services.

In addition to the activities outlined elsewhere in our Privacy Notice, users are advised directed to review the test permissions required for accessing the Test/assessment:

During assessments, the Platform may use your device’s camera to capture and use your image for identity verification and to monitor test integrity. This may include recording video and audio, as well as screen activities, to prevent malpractice, unauthorized assistance, or other prohibited behaviors during exams or assessments. Permissions, such as access to the camera, photos, and notifications, require your manual approval. Revoking Permissions may prevent participation in the assessment.

During the assessment, DoSelect may collect Aadhaar / PAN /ID information for the sole purpose of identity verification during the assessment process. Your Aadhaar / PAN /ID information will not be shared, or used beyond the verification purpose. All Aadhaar-related data is encrypted during transmission and storage, ensuring its protection. You can contact us for any concerns under this policy. We do not share your Aadhaar information with any third parties, except as required by law or UIDAI regulations. By proceeding with the assessment, you acknowledge and consent to the collection, processing, and retention of your Aadhaar / PAN / ID card data as described in this Privacy Policy.

DoSelect does not intentionally collect sensitive Personal Data, such as social security numbers, genetic data, health information, or religious information. Although DoSelect does not request or intentionally collect any sensitive personal information, we realize that End users might store this kind of information in a DoSelect repository, if any of the Partners insists on sharing the information or if an End user participates in any coding challenges, blogs posts or any other activity that the End User engage in as part of DoSelect community, including writing articles, sharing posts etc. If you store any sensitive personal information on DoSelect's servers, you are consenting to our storage of that information on our servers, which are located in Asia.

As a matter of DoSelect policy, if you're a child under the age of 13, you MUST NOT create End-user account on the Website. DoSelect does not knowingly collect information from or direct any of our Website or content specifically to children under 13. If we learn or have reason to suspect that a user is under the age of 13, we will close the child's account. We are not liable if users under the age of 13 open an account on the Website defying the express intimation from us to not to do so. However, we understand there are users who are less than the age 13, who might want to contribute to the community and participate in coding challenges and other activities organized by us. They could only do so, only after DoSelect receives express parental consent in accordance with the applicable law pertaining to child welfare.

IV(B). For Partners - Information We Collect

We collect information from Partners regarding their corporate identity, registered office address, contact details, purposes for which our services are rendered and other details. We may also collect and analyse information on how the Partner is using our services and share it with our affiliates to understand industry trends and improve our services. We may make available the details of the Partners to our End Users or Visitors upon request or the information pertaining to the identity of the Partners could be put to display in our Website in the course of rendering our Services.

All Partners agree that all matters not specifically established in this Privacy Policy are governed by the General Terms and Conditions located on the Website. Accordingly, the Partners expressly accepts that in case of conflict between the General Terms and Conditions and this Privacy Policy, this Privacy Policy shall prevail. This clause shall in no manner exclude the Partner from privacy terms and obligations prescribed otherwise than under this clause.

IV(C). For SMEs / Marketplace Contributors — Information We Collect

In addition to the information collected from Visitors, End Users, and Partners, DoSelect may collect certain personal information and related data from Subject Matter Experts (“SMEs”), creators, reviewers, and other marketplace contributors in connection with onboarding, verification, assessment, content contribution, payment processing, quality review, and marketplace operations.

Lawful basis. DoSelect processes such Personal Data either (i) on the basis of your consent obtained through a separate consent notice, (ii) for the performance of a contract to which you are a party, or (iii) where applicable, for the legitimate uses recognised under Section 7 of the Digital Personal Data Protection Act, 2023 (including, for example, processing necessary to comply with applicable law or to respond to a medical emergency). The applicable basis for each category of data is disclosed at the point of collection.

We may collect personal and professional information required to create and manage your marketplace contributor profile, including your name, email address, phone number, profile photo, address, educational details, work experience, resume / curriculum vitae, certifications, areas of expertise, skill selections, and other profile-related information submitted by you.

We may collect and process information relating to assessments, screening tests, interviews, evaluation exercises, proctoring records (the scope and modalities of which — including whether face-capture, screen-capture, audio, or keystroke logging are used — shall be specifically disclosed to you and your separate, granular consent obtained at the point of collection), submitted answers, scores, results, feedback, and role eligibility outcomes in order to determine your suitability for participation in the Marketplace and to maintain quality standards on the platform.

Where required for onboarding, identity verification, payout enablement, or statutory compliance, we may collect and process verification-related information and documents, including government-issued identity or address proof, tax-related identifiers, photographs, verification status, and related records. Such documents may include PAN (mandatory for tax and payout purposes); identity and address proof through any one of: Aadhaar Offline KYC (UIDAI XML or DigiLocker), Virtual ID (VID), Passport, Driving Licence, or Voter ID; and a cancelled cheque or bank account confirmation. DoSelect does not collect or store physical Aadhaar copies, photocopies of Aadhaar cards, or raw Aadhaar numbers, and uses only the modalities permitted under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and the framework prescribed by the Unique Identification Authority of India. We collect only such information as is reasonably necessary for the relevant purpose disclosed to you.

In order to process incentives, payments, reimbursements, or other amounts payable to marketplace contributors, we may collect and process financial and payment-related information, including bank account details, account holder name, IFSC code, branch details, cancelled cheque, UPI details, PAN, tax information, invoice details, and other information necessary for payout processing, accounting, and statutory compliance under applicable tax and accounting laws.

We may collect and generate records relating to your participation in the Marketplace, including content submissions, review actions, edits, approval or rejection history, quality scores, revision history, turnaround time, delivery status, content usage, incentive eligibility, policy violations, and other contributor activity or performance data necessary for marketplace operations, quality control, analytics, and dispute resolution.

We may collect records of communications with you, including emails, notifications, support requests, grievance submissions, and operational communications, where necessary to manage your participation in the Marketplace, provide assistance, resolve issues, and comply with legal obligations.

V. UNDER WHAT BASES ARE WE PROCESSING YOUR INFORMATION?

These highlights the legal grounds under which we have the rights to process information collected from you.

1. Performance of a contract. The use of your information may be necessary to perform the contract that you have with us. For example, if you use our Website to purchase DoSelect product subscriptions or services, create a profile, post and comment through our Website, or request information through our Website, we will use your information to carry out our obligation to complete and administer that contract or request.
2. Legitimate interests. We use your information for our legitimate business interests, including but not limited to provide, to improve and promote our products and services, and for administrative, security, fraud prevention and legal purposes.
3. Consent. We may rely on your consent to use your Personal Data for certain direct marketing purposes, such as sending you newsletter updates about DoSelect products. You may withdraw your consent at any time through the unsubscribe feature provided with each marketing email or by contacting us at the addresses given at the end of this Privacy Policy.

VI. How DoSelect Uses and Protects Personally-Identifying Information

1. HOW DOSELECT USES AND PROTECTS PERSONAL DATA

   In addition to the purposes described elsewhere in this Privacy Policy, DoSelect may process personal information and related data of SMEs, creators, reviewers, and other marketplace contributors for onboarding, profile management, eligibility verification, skill assessments, KYC and fraud checks, task and work order management, content quality review, payouts, operational communications, legal compliance, and protection of DoSelect's rights and marketplace operations. 1 DoSelect may also use Marketplace Content, contributor submissions, review inputs, feedback, usage patterns, and related operational data to improve platform quality, support internal quality assurance systems, analytics, product features, and service improvements, in each case in aggregated, anonymised, or de-identified form to the extent reasonably practicable.

   DoSelect does not use SME or contributor Personal Data, or Marketplace Content that contains Personal Data, to train generative artificial intelligence or large language models without your separate, explicit and granular consent obtained at the time of such use.

   Where required under applicable law, DoSelect shall obtain appropriate consent before using personal data for any secondary purpose beyond the scope originally disclosed.

   1. Sharing Your Information

      DoSelect only discloses Personal Data to those of its employees, contractors, and affiliated organizations that (i) need to know that Personal Data in order to process it on DoSelect's behalf or to provide services available on the Website, and (ii) are bound by confidentiality and privacy obligations at least as restrictive as this Privacy Policy. DoSelect may also share personal information and related data of marketplace contributors with service providers engaged under written data processing agreements that impose obligations equivalent to or more protective than those set out in this Privacy Policy, on a need-to-know basis, including for identity verification, KYC, payments, tax compliance, cloud hosting, operational support, legal compliance, and customer delivery or quality assurance requirements.

      DoSelect will not rent or sell Personal Data to anyone in an unsolicited manner. However, the Personal Data would be shared with its affiliated organizations and related parties who are contractually bound to use the information only for the purposes disclosed and to maintain protections equivalent to or more stringent than those set out in this Privacy Policy.

      As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, Personal Data may be part of the transferred assets, subject to providing notice to Data Principals where required under applicable law.

      We may use third-party advertising companies to serve ads when you visit or use our Website or services. These companies may use information (excluding your name, address, email address or telephone number or any personally identifiable information) about your visits or use to particular website, mobile application or services, in order to provide advertisements about goods and services of interest to you. The Personal Data of SMEs and other marketplace contributors collected for onboarding, KYC, payout, and contribution purposes is not shared with third-party advertising companies.

      For specific use case below, the End User agrees to share their information with our partners in return to participate in a contest for incentives or job offer or any other Services. The same may apply to SMEs and marketplace contributors where participation, incentives, payouts, customer delivery, or quality assurance requirements make such sharing reasonably necessary, in each case subject to the purposes disclosed at the time of collection and the safeguards set out in this Privacy Policy.

      Disclosures to government authorities. DoSelect may disclose Personal Data to courts, regulators, law enforcement agencies, or other governmental authorities where such disclosure is required under applicable law, in response to a binding legal process, or where DoSelect believes in good faith that disclosure is reasonably necessary to comply with such legal obligations or to protect the rights, property, or safety of DoSelect, its users, or the public.

      We assure you that, other than to its employees, contractors, and affiliated organizations, as described above, DoSelect discloses Personal Data only when required to do so by law, or when DoSelect believes in good faith that disclosure is reasonably necessary to protect the property or rights of DoSelect, third parties, or the public at large. DoSelect takes measures commercially reasonable and absolutely necessary to protect against the unauthorized access, use, alteration, or destruction of Personal Data, including sensitive onboarding, verification, KYC, payout, and financial information submitted by SMEs, creators, reviewers, and other marketplace contributors, and shall comply with the security safeguards prescribed under the Digital Personal Data Protection Rules, 2025 and any reasonable security practices required under applicable law.

      Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

   2. Intimation Related To International Transfers

      The Website is hosted in Singapore and any information we collect will be stored and processed on third-party servers which are located in Singapore, who does the same on a contractual basis. Our employees, contractors and affiliated organizations that process information for us as described above may be located in India or in other countries outside of your home country; by using the Website, you consent to the international transfer of your information by DoSelect.

      The use of or provision of the Services may require the transfer of Personal Data of Data Subjects located in the EU to countries outside the European Economic Area. We will ensure an appropriate mechanism that is recognized by applicable Data Protection Laws in EU, is implemented to allow for the data transfer, and shall endeavour that us and the data controllers, data processors, and sub-processors, as applicable, will comply with the related requirements of the alternative mechanism for data transfer.

      To the extent that DoSelect processes (or causes to be processed) any Personal Data protected by EU Data Protection Laws including the General Data Protection Regulation (GDPR and/or originating from the European Economic Area (including the United Kingdom and Switzerland) ("EEA Personal Data") in a country outside of the EEA, we shall first endeavour to take all such measures as are necessary to ensure an adequate level of protection for such EEA Personal Data in accordance with the requirements of EU Data Protection Law.

      We endeavour that your Personal Data is protected by making sure at least one of the following safeguards is in place:

      1. by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
      2. by using specific contracts approved by the European Commission which give your personal information the same protection it has within the EEA including to the US;
      3. where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

VII. DOSELECT COMMUNICATIONS WITH YOU

If you are a registered End user of the Website and have supplied your email address, DoSelect may occasionally send you an email to tell you about security, system information, new features, solicit your feedback, or just keep you up to date with what's going on with DoSelect and our services and products.

We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum. We will only send mass marketing emails with your affirmative consent. There's an unsubscribe link located at the bottom of each of the marketing emails we send you so you can stop receiving such emails at any time.

If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish your request in order to help us clarify or respond to your request or to help us support other users.

We will not publish your Personal Data in connection with your request.

In the case of SMEs, creators, reviewers, and other marketplace contributors, DoSelect may also send communications relating to onboarding, assessments, verification, KYC, task or work order allocation, content review outcomes, incentives, payouts, policy updates, support matters, and other operational or service-related requirements necessary for participation in the Marketplace. Such communications may be sent even where you have opted out of marketing communications, to the extent they are necessary for providing the Services or complying with legal or contractual obligations. Communications via SMS, voice call, or other regulated channels will be sent through DLT-registered headers and templates and otherwise in compliance with the Telecom Commercial Communications Customer Preference Regulations, 2018 issued by the Telecom Regulatory Authority of India and any other applicable law.

VIII. COOKIES, TRACKING TECHNOLOGIES AND DO NOT TRACK

1. Cookies
   1. What is a Cookie?

      A cookie is a string of information that a website stores on a Visitor's computer, and that the Visitor's browser provides to the website each time the Visitor returns.

   2. How do we use a Cookie?

      DoSelect uses cookies to help DoSelect identify and track visitors, their usage of the Websites, and their Website access preferences.

   3. How to politely refuse a Cookie?

      DoSelect Visitors and End Users who do not wish to have cookies placed on their computers may set their browsers to refuse cookies before using the Websites. However, be advised that disabling browser cookies may cause certain features of DoSelect's websites to not function properly.

      Certain pages on the Website may set other third-party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. These sites set their own cookies and we do not have access or control over these cookies. The use of cookies by third parties is not covered by our Privacy Policy.

      For more information on what cookies are used, visit our Cookies Policy

2. Tracking Technologies

   We use third-party tracking services, but we don't use these services to track you individually or collect your Personal Data. We use these services to collect information about how the Website performs and how users navigate through and use the Website so we can monitor and improve our Services and Website performance.

   Third party tracking services gather certain non-personally identifying information over time, including but not limited to your IP address, browser type, internet service provider, referring and exit pages, timestamp, and similar data about your use of the Website.

   We do not link this information to any of your Personal Data.

3. Do Not Track

   Do Not Track is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third-party tracking services. DoSelect does not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic tracking, which you may opt out of.

IX. GLOBAL PRIVACY PRACTICES

Information we collect will be stored in servers located in Singapore and this information may be as per each user case demands, may be processed in India in accordance with this Privacy Policy but we understand that End Users and Visitors from other countries may have different expectations and rights with regard to their privacy.

For all Website Visitors and our End users of Services, no matter their country of location, we will:

• provide clear methods of unambiguous, informed consent when we do collect your Personal Data;
• only collect the minimum amount of Personal Data necessary for the purpose it is collected for unless you choose to provide us more;
• offer you simple methods of accessing, correcting, or deleting your information that we have collected. Modification or deletion of Personal Data received by us from Partners shall be controlled by the Partners; and
• provide Website users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users with a method of recourse and enforcement.

You are entitled to the following rights with regard to your personal information and data:

1. Right of access to your personal data, to know what information about you we hold
2. Right to correct any incorrect or incomplete personal data about yourself that we hold;
3. Right to restrict/suspend our processing of your personal data;
4. Right to complain to a supervisory authority if you believe your privacy rights are being violated

Additional rights that may apply to you in certain instances:

1. Right of data portability (if our processing is based on consent and automated means);
2. Right to withdraw consent at any time (if processing is based on consent);
3. Right to object to processing (if processing is based on legitimate interests);
4. Right to object to the processing of personal data for direct marketing purposes;
5. Right of erasure of your personal data from our system ("right to be forgotten")

In the case of SMEs, creators, reviewers, and other marketplace contributors, DoSelect will obtain your consent to processing of your Personal Data, where consent is the lawful basis for such processing, through a clear and itemised consent notice presented at or before the point of collection, captured by your explicit affirmative action. Where the lawful basis is the performance of a contract or a legitimate use recognised under Section 7 of the Digital Personal Data Protection Act, 2023, processing will proceed on that basis and the relevant basis will be disclosed to you. Such users may, subject to applicable law and to statutory retention obligations under tax, accounting, audit, anti-fraud, and other regulatory laws, exercise the following rights: (i) the right to obtain information about and access to their Personal Data (Section 11, DPDP Act); (ii) the right to correction, completion, updating, and erasure of their Personal Data (Section 12, DPDP Act); (iii) the right to grievance redressal (Section 13, DPDP Act); (iv) the right to nominate another person to exercise these rights in the event of death or incapacity (Section 14, DPDP Act); and (v) the right to withdraw consent at any time, where processing is based on consent, with such withdrawal taking effect prospectively. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal, and DoSelect may continue to process Personal Data to the extent permitted under applicable law.

Reviewer's comments

• Consent mechanic reset. Submission alone is not a DPDP-compliant consent. The redrafted paragraph anchors consent to a separate notice + affirmative action, and acknowledges other lawful bases (contract / Section 7) where applicable.
• DPDP rights enumerated. Section 11–14 rights named explicitly. The original “access, correction, deletion, withdraw consent” missed nomination and grievance — both of which are statutory.
• “Legitimate business” removed. Replaced with a tighter, statute-anchored carve-out. “Legitimate business” is too elastic and would not survive scrutiny.

To exercise your privacy rights, you can email us at privacy@doselect.com

X. DATA RETENTION AND DELETION

If you already have an account on the Website, you may access, update, alter, or raise a request to delete your basic user Profile Information by logging into your account and updating profile settings. DoSelect will retain your information for as long as your account is active or as needed to perform our contractual obligations, provide you services through the Website, to comply with legal obligations, resolve disputes, preserve legal rights, or enforce our agreements.

We will delete inactive accounts once it is no longer necessary to fulfill the 'legitimate business interests' under Applicable Data Protection Laws or when we receive a request from the End User to delete his or her account profile created with us, whichever, is the latest.

In the case of SMEs, creators, reviewers, and other marketplace contributors, DoSelect may retain onboarding, assessment, verification, KYC, payout, contribution, and related operational records for the periods set out below, or such longer period as may be required to comply with applicable law: (i) KYC and verification records — eight (8) years from the end of the engagement (consistent with retention obligations under the Income Tax Act, 1961 and the Companies Act, 2013); (ii) financial and payout records — eight (8) years from the end of the relevant financial year (Section 128, Companies Act, 2013); (iii) assessment, proctoring, and eligibility data — twenty-four (24) months from the date of collection or last engagement, whichever is later; (iv) Marketplace Content — for the duration of the licence granted under the SME Engagement Agreement; and (v) communications and grievance records — three (3) years from the date of the relevant communication. On expiry of the applicable retention period, Personal Data will be erased or anonymised, except where statutory retention or an active legal proceeding requires continued retention.

The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal information to these websites.

XII. CONTACTING DOSELECT ABOUT YOUR PRIVACY

If you have questions or concerns about the way we are handling your information or would like to exercise your privacy rights, please email us with the subject line "Privacy Concern" privacy@doselect.com. We will respond within thirty (30) days of receiving your email. If you still haven't received a satisfiable recourse from us in thirty (30) days, kindly send us a reminder.

XIII. PRIVACY POLICY CHANGES

There is only one thing under the sun, which does not change, and it is change in itself and the one thing that certainly will change is a privacy policy. Although most changes are likely to be minor, DoSelect may change its privacy policy from time to time, and in DoSelect's sole discretion. We will provide notification to End users who have provided us email addresses of material changes to this Privacy Policy through our Website prior to the change taking effect by posting a notice on our home page or sending email to the email address specified in your account. DoSelect encourages Visitors to frequently check this page for any minor changes to its Privacy Policy. While we shall mandatorily attempt to seek your express consent as prescribed above, your continued use of this site after any change in this Privacy Policy will however constitute your acceptance of such change.

This DoSelect Data Processing Addendum (DPA) is incorporated by reference into any and all services agreements, insertion orders and addendums currently in place between Partner (defined above) and Axilly Labs Private Limited ("DoSelect"), collectively ("Agreement"). This DPA is entered into as of the later of the dates beneath the parties signatures below. By entering into this DPA, Partner represents and warrants that Partner has the authority to legally bind both the Partner and all of Partners personnel, representatives and/or affiliates operating pursuant to any such Agreement referenced herein. The parties agree to comply with the following provisions with respect to any Personal Data of one or more Data Subjects located in the European Economic Area Processed in connection with the Agreement. The purposes of the DPA is to ensure such Processing is conducted in accordance with Data Protection Laws, including the GDPR and with due respect for the rights and freedoms of individuals whose Personal Data are processed. References to the Agreement will be construed as including this DPA. To the extent that the terms of this DPA differ from those in the Agreement, the terms of this DPA shall prevail.

Definitions

All terms (capitalized and otherwise) not defined in this DPA including, without limitation, "personal data", "controller", "processing", "data protection officer", "data subject" and "processor" shall have the meanings set forth in the privacy and data protection laws, regulations, and decisions applicable to a party to this DPA ("Applicable Data Protection Law(s)"). For the sake of clarity, Applicable Data Protection Laws include the EU Directive 95/46/EC and the General Data Protection Regulation (2016/679) and any implementing legislation.

"Partners"- are those companies, organizations, body corporates or individuals, who use our Services to: 1) evaluate the hiring potential of a prospective employee or interns; 2) evaluate the skill proficiency of their students or employees; 3) Host contests; 3) Upskill their students or employees; 4) Any other legitimate activities that can be executed using our Services.

1. Role of the Parties
   1. Parties agree that the Partner(s) is and will at all times remain the Controller of the Data processed by DoSelect hereunder and that DoSelect may process the Data as a processor and at times, may as a separate and independent controller as strictly required for the Services. In no event will the parties process the Data jointly as joint controllers. Neither party is required to obtain authorization from the other party in relation with its processing of the Data it controls.
   2. Partner agrees and acknowledges that it is responsible for compliance with all its obligations under Applicable Data Protection Law, (including but not limited to providing any required notices and obtaining any required consents and/or authorizations, or otherwise securing an appropriate legal basis under Applicable Data Protection Law).
   3. DoSelect is responsible for compliance with its obligations under this DPA and as a processor under Applicable Data Protection Law. DoSelect, including any DoSelect affiliate and/ or Sub-processors, shall process Data solely for the purpose of (i) providing the Services in accordance with the General Terms and Conditions, where applicable, and this DPA (ii) complying with any documented written instructions provided by the Partner(s), or (iii) complying with DoSelect's regulatory obligations. DoSelect will comply with the aforesaid instructions provided by Partner(s), to the extent necessary for DoSelect to (i) comply with its obligations under Applicable Data Protection Law; or (ii) assist the Partner to comply with its respective obligations under Applicable Data Protection Law relevant to the use or rendering of the Services.
   4. Each party is separately responsible for honouring data subject access requests under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable) and responding to correspondence, inquiries and complaints from data subjects. Each party shall provide reasonable and timely assistance to the other party as necessary to help facilitate compliance with this sub-section 1.4
2. Security Measures
   1. DoSelect has implemented and will maintain appropriate technical and organizational security measures for the processing of Data. These measures are intended to protect Data against the risks inherent to the processing of such Data in the rendering of the Services, and DoSelect may, at its sole discretion and as required to be compliant with Applicable Data Protection Law, modify and amend it from time to time.
   2. Both parties shall ensure that their respective personnel engaged in the Processing of Personal Data under this DPA are informed of the confidential nature of the Personal Data as well as any security obligations with respect to such Personal Data. The Parties shall ensure that access to Personal Data covered under this DPA is limited to that person who require such access to perform the Services.
   3. Both parties will (taking into account the nature of the processing of Personal Data under this DPA) cooperatively and reasonably assist each other in ensuring compliance with any of each other's respective obligations with respect to the security of Personal Data and Personal Data breaches under this DPA.
   4. Further, Partner(s) shall maintain administrative, physical and technical safeguards for the protection of the security, confidentiality and integrity of Personal Data under this DPA. Partner(s) will implement and maintain technical and organizational measures to protect such Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Personal Data. The Security Measures may include measures to encrypt Personal Data; to help ensure ongoing confidentiality, integrity, availability and resilience of Partner(s) systems and services; to help restore timely access to Personal Data following an incident and for regular testing of effectiveness.
3. Sub-Processors and Sub-Processing
   1. Partner acknowledges and agrees that DoSelect may engage third-party Sub-processors in connection with the provision of the Services. DoSelect agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA.
   2. A list of Sub-processors is available in the DoSelect user interface or at a particular web page hosted by DoSelect. DoSelect may change the list of such other Sub-processors by no less than 10 business days' notice via the DoSelect user interface. If Partner objects to DoSelect's change in such Sub-processors, DoSelect may, as its sole and exclusive remedy, terminate the portion of the Agreement relating to the Services that cannot be reasonably provided without the objected-to new Sub-processor by providing 30 days' written notice to Partner.
   3. Where Partner engage third-party Sub-processors in connection with the provision of the Services, Partner must provide a list of Sub-Processors to DoSelect, at DoSelect's written request. Partner will have a written agreement with each Sub-processor and agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA.
   4. Both parties shall be liable for the acts and omissions of its Sub-processors to the same extent such party would be liable under the terms of this DPA.
4. Security Breach
   1. If either party becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to any Personal Data transmitted, stored or otherwise processed on the other party's equipment or facilities under this DPA ("Security Breach"), such party will promptly notify the other party of the Security Breach. Notifications made pursuant to this section will take place within a reasonable time and certainly no longer than three business days after discovery and shall describe, to the extent possible, details of the Security Breach, including steps taken to mitigate the potential risks and any recommended steps that either or both parties should take to address the Security Breach. Each party will promptly investigate the Personal Data Breach if it occurred on its infrastructure or in another area it is responsible for and will assist the other party as reasonably necessary for both parties to meet their obligations under Applicable Data Protection Laws.
   2. Both parties agree that an unsuccessful Security Breach attempt will not be subject to this Section 4. An unsuccessful Security Breach attempt is one that results in no unauthorized access to personal data processed pursuant to this DPA or to any of either party's equipment or facilities storing personal data.
   3. Any notification of or response to a Security Breach under this Section 4 will not be construed as an acknowledgment by either party of any fault or liability with respect to the Security Breach.
5. Liability

   Both parties agree that their respective liability under this DPA shall be apportioned according to each party's respective responsibility for the harm (if any) caused by each respective party.

6. Retention of Data.

   On expiry of the Agreement, both parties hereby instruct the other to delete all Personal Data (including existing copies) from their respective systems and discontinue processing of such Personal Data in accordance with Data Protection Law as soon as reasonably practicable and within the time frame, wherein, the processing of such data does not serve any 'legitimate business interest' as defined in the Data Protection Law. This requirement shall not apply to the extent that the Personal Data has been archived on backup systems so long as such Personal Data is isolated and protected from any further processing except to the extent required by applicable law.

7. Cross-Border Data Transfers.
   1. The use of or provision of the Services may require the transfer of Personal Data of Data Subjects located in the EU to countries outside the EEA. Each party will ensure an appropriate mechanism that is recognized by applicable Data Protection Laws is implemented to allow for the data transfer and shall ensure both it and its Data Controllers, Data Processors, and Sub-Processors will comply with the related requirements of the alternative mechanism for data transfer.
8. Miscellaneous
   1. This DPA will take effect on the date it is executed by Partner and DoSelect at the bottom of this Agreement (the Effective Date) and will remain in effect until, and automatically expire upon, the deletion of all Personal Data by DoSelect or Partner through the Services as described in this DPA.
   2. Nothing in this DPA shall impact Partners intellectual property rights with respect to Personal Data provided by Partner under the Agreement except to the extent required by applicable law.
   3. Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.
   4. This DPA may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one Agreement.