CONTACT US

Privacy Policy — GTM Playroom

Last Updated: 12 January 2026

This Privacy Policy explains how GTM Playroom (“GTM Playroom”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website, course platform, consulting services, hiring services, and our communities/communication channels (collectively, the “Services”).

This Privacy Policy is intended to comply with applicable Indian law, including the Digital Personal Data Protection Act, 2023 and related rules.

If you do not agree with this Privacy Policy, please do not use our Services.

 

Scope

This Policy applies to:

  • gtmplayroom.com and its subdomains/pages
  • course portals, forms, assessments, and internal dashboards we operate
  • GTM Playroom-managed communities (e.g., WhatsApp groups) and communications (email/SMS/phone) used to deliver Services
  • consulting engagements and hiring facilitation conducted by GTM Playroom

This Policy does not apply to third-party websites, tools, or platforms linked from our Services (they have their own policies).

Our Role (Important)

For most activities, GTM Playroom acts as a Data Fiduciary (we decide why and how personal data is processed). We may use third-party vendors as Data Processors to help us run our Services (hosting, email, analytics, payment gateways, etc.).

In certain consulting engagements, if we process personal data strictly on a client’s documented instructions, we may act as a Data Processor for that client (and the client may be the Data Fiduciary). This will be clarified in the consulting agreement where relevant.

What Personal Data We Collect

We collect only the data we need to provide Services. Depending on what you use, we may collect:

Information you provide directly
  • Identity & contact: name, email, phone number, city/state, country
  • Profile & professional details: LinkedIn URL, education, work experience, role/designation, skills
  • Course participation: assignment submissions, quiz/test answers, mentor session scheduling details, feedback
  • Hiring/placements (if you opt in): resume/CV, interview availability, portfolio links, role preferences, compensation expectations (optional), hiring pipeline updates
  • Consulting (business clients): business contact details, company information, project inputs shared with us, meeting notes, deliverables feedback
  • Support communications: messages sent to us via email/WhatsApp/forms

Information collected automatically (“Usage Data”)
  • IP address (general location derived from IP), device/browser type, pages visited, clickstream, referral/exit pages, timestamps, approximate location
  • cookies and similar technologies (see Section 9)
Payment information

Payments are processed by third-party payment gateways. We do not store full card details. We may receive payment confirmation metadata (transaction status, amount, timestamp, reference ID).

Why We Collect/Use Your Data (Purposes)

We process personal data for the following purposes:

Courses
  • create and manage your account and course access
  • deliver lessons, assignments, evaluations, certificates (if applicable)
  • provide coordinator/mentor support
  • prevent misuse (account sharing, cheating, fraud)
Consulting
  • deliver consulting services, communicate with client stakeholders
  • create and share deliverables and recommendations
  • manage project execution and support
Platform operations & improvement
  • analytics, troubleshooting, security monitoring, abuse prevention
  • improve content, curriculum, and user experience
Communications
  • service updates, admin notices, policy changes
  • marketing (only where permitted and with opt-out)
Legal & compliance
  • comply with applicable laws, respond to lawful requests
  • resolve disputes and enforce our agreements

Consent, Notice & Lawful Basis

Where required, we process data based on:

  • your consent (for example, marketing communications, sharing profile with employers, optional profile fields), and/or
  • performance of a contract (to provide the course/consulting/hiring support you requested), and/or
  • legitimate uses permitted by law (security, fraud prevention, legal compliance)

You can withdraw consent where applicable (see Section 8). DPDP requires clear, purpose-specific notice and consent practices, and Data Fiduciaries must provide clear contact points and respond to rights requests within prescribed timelines.

Hiring Partners — How Sharing Works (Explicit)

We may help employers discover suitable candidates.

  • Employers may see limited/anonymized profile details in certain contexts.
  • We share identifiable data (resume, email, phone) with hiring partners only with your explicit consent, or when you explicitly respond/opt in to a specific opportunity.

Opt-out: Email us at richa@gtmplayroom.com with subject: “Hiring Opt Out”.

Who We Share Data With

We may share your data with:

  1. Service providers / processors (hosting, email delivery, CRM, analytics, customer support tools, payment gateways) strictly for running Services.
  2. Hiring partners (only as per Section 6).
  3. Professional advisors (legal/accounting) as needed.
  4. Legal/regulatory authorities where required by law or valid legal process.
  5. Business transfer scenario (restructuring/acquisition) — we will ensure reasonable safeguards and notices as applicable.

We do not sell your personal data to third parties for their marketing.

Your Rights (DPDP-Aligned)

Email richa@gtmplayroom.com with subject line:

  • “Data Access Request” / “Data Correction Request” / “Data Erasure Request” / “Nomination Request”

Response timeline: We aim to respond as soon as possible and within timelines prescribed under applicable rules. DPDP Rules, 2025 require handling access/correction/updating/erasure requests within a maximum of 90 days.

Your Rights (DPDP-Aligned)

Subject to applicable law, you may request:

  • Access / information about your personal data and processing (what we have, what we do with it, who we share it with).
  • Correction / completion / updating of inaccurate or incomplete data.
  • Erasure of personal data, unless retention is required for the specified purpose or legal compliance.
  • Grievance redressal via our channel before approaching the Data Protection Board.
  • Nomination: you may nominate another person to exercise your rights in the event of death/incapacity.
  • Withdraw consent (where processing is based on consent), including marketing opt-out.

How to exercise your rights

Email richa@gtmplayroom.com with subject line:

  • “Data Access Request” / “Data Correction Request” / “Data Erasure Request” / “Nomination Request”

Response timeline: We aim to respond as soon as possible and within timelines prescribed under applicable rules. DPDP Rules, 2025 require handling access/correction/updating/erasure requests within a maximum of 90 days.

Cookies & Tracking

We use cookies and similar technologies to:

  • keep you logged in (where applicable)
  • remember preferences
  • analyze traffic and usage (e.g., via analytics tools)
  • improve the website and Services

You can control cookies through your browser settings. Disabling cookies may affect certain features.

Data Retention

We retain personal data:

  • as long as your account is active and needed to provide Services, and
  • as necessary for the specified purposes and legal/compliance needs.

Typical retention approach:

  • Account/profile/course data: retained while active; deleted/anonymized upon request unless required for legal/compliance or dispute handling.
  • Support communications: retained for reasonable periods for continuity and recordkeeping.
  • Security logs/analytics: retained for a limited period as needed for security and troubleshooting (not “forever”).

When you request deletion, we may retain minimal records where required by law, to enforce our terms, or for fraud prevention.

Security

We use commercially reasonable safeguards to protect personal data, including administrative, technical, and organizational measures. However, no method of transmission or storage is 100% secure.

You are responsible for keeping your login credentials confidential.

Personal Data Breach

If a personal data breach occurs, we will take reasonable steps to investigate, mitigate, and notify affected individuals and/or authorities where required. DPDP Rules, 2025 emphasize timely breach communication to affected individuals in plain language.

Cross-Border Processing

Some of our service providers may process data outside India. Transfers/processing outside India will be subject to applicable legal requirements and any restrictions notified by the Government of India

Children

Our Services are generally intended for users 18+. If we learn we have collected personal data of a child without appropriate consent/authority, we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “Last Updated” date.

Grievance & Contact

If you have questions, concerns, or requests related to privacy, contact:
Email: richa@gtmplayroom.com
We will make reasonable efforts to address grievances promptly, in line with applicable legal requirements. DPDP also requires readily available grievance redressal mechanisms