Privacy Policy

Introduction

Dhimson Tradespot Private Limited (“DhimsonHire,” “we,” “us,” or “our”) operates DhimsonHire.com (the “Platform”). This privacy policy describes how we collect, use and protect personal data from candidates, employers, educational institutions, agents and other users (“you”). The Platform is intended for users who are at least 18 years old; we do not knowingly collect personal data from children.

India’s Digital Personal Data Protection Act 2023, as operationalised by the Rules notified on 13 November 2025, applies to personal data processed in India or processed abroad in connection with goods or services offered to individuals in India. The Act replaces traditional “data controller” terminology with “Data Fiduciary” and treats all personal data—whether sensitive or otherwise—as subject to its protection. We act as a Data Fiduciary when determining the purposes and means of processing personal data through the Platform. This policy also considers obligations under India’s Information Technology Act 2000, the Consumer Protection Act 2019 (including the E‑commerce Rules 2020), and international privacy standards such as the EU’s General Data Protection Regulation where relevant.

Information We Collect

We collect the following categories of personal data when you use our services:

Candidate information: name, contact details, date of birth, nationality, postal address, education history, skills, employment history, salary expectations, survey responses and documents you upload (e.g., résumé, certificates). When you use our résumé builder or calculators, you may provide additional information to generate a document or calculation.

Employer information: company name, registered address, authorised representative details, business registration numbers (e.g., CIN, GST) and job descriptions posted on the Platform. Subscription plans may require additional verification.

Institution and agent information: institution or agency name, contact details, authorised representative details and candidate profiles uploaded on behalf of students or clients. Institutions and agents must obtain consent from data principals (candidates) before providing their information.

Purchase and payment data: details of courses or subscription plans purchased, transaction amounts and billing information. Payment card data is processed through third‑party providers and is not stored by DhimsonHire.

Technical data: IP address, device identifiers, browser type, operating system, referring URLs, pages visited, date and time of access and usage patterns collected via cookies and similar technologies.

Communication data: content of emails, messages, survey responses and customer‑support interactions.

We do not intentionally collect sensitive personal data such as caste, religion, health information or financial information beyond payment details. If you voluntarily include such data in your résumé or profile, you consent to our processing for recruitment purposes.

Basis and Purpose of Processing

Under the DPDPA, data may be processed only with the data principal’s consent or for specified legitimate uses. When you register on the Platform and provide personal data, you provide informed consent for us to process your data to:

• Provide recruitment services: create and manage your account, display job postings, enable job applications, and facilitate communication between candidates and employers. We may share your profile with employers when you apply for a job or when their subscription allows them to view candidate data.
• Provide e‑learning and paid services: allow you to purchase courses and subscription plans, deliver content, track progress and provide customer support. Contracts with course providers are formed directly between you and the provider.
• Operate tools and calculators: enable salary, allowance and gratuity calculations and résumé generation. Input data is used only to produce results and is not shared with employers unless you include it in your profile.
• Marketing and communication: send you service notifications, job alerts, course recommendations, promotional offers and newsletters. You may opt out of marketing at any time via the unsubscribe link in our emails.
• Compliance and risk management: comply with legal obligations, prevent fraud, respond to lawful requests from authorities and enforce our terms and conditions. Under the DPDPA, data fiduciaries must erase personal data when it is no longer required for the specified purpose. Significant Data Fiduciaries may be subject to additional obligations (e.g., appointing a Data Protection Officer).
• Analytics and improvement: analyse usage patterns to improve our services, develop new features and measure the effectiveness of job postings and courses.

We rely on legitimate uses for processing data provided voluntarily for a specific purpose (e.g., responding to a service request or completing a transaction). We also process data as required to comply with legal obligations and to protect our legitimate interests, such as fraud prevention and service integrity.

Consent Management

Consent must be specific and unambiguous, accompanied by a clear affirmative action. We provide privacy notices that describe the data to be processed, the purpose and how you can withdraw consent. You may withdraw consent by deleting your account or contacting us at any time; however, withdrawal does not affect processing already performed. Consent from children (persons under 18 years) is not accepted; such users are not permitted to register.

Data Sharing

We may share personal data with:

• Employers and recruiters: your profile and application data is shared with employers when you apply to a job or when their subscription permits profile access. Employers must use candidate information solely for recruitment and must not discriminate based on protected characteristics.
• Educational institutions and agents: if you are associated with a college or authorised agent, we may share application outcomes and job‑related feedback with the institution or agent. They must obtain your consent before providing your data and must comply with data‑protection obligations.
• Course providers and training partners: when you purchase courses through our Platform, we share your name, contact details and purchase information with the course provider to enrol you. The provider’s privacy policy will apply to your course participation.
• Payment processors and service providers: third‑party vendors who host our servers, process payments, provide analytics or supply customer‑support services may access your data to perform their functions. They are contractually obliged to protect your data and may not use it for other purposes.
• Advertising partners: we may share aggregated or pseudonymised data with advertising networks to display targeted ads. Under the DPDPA and the E‑commerce Rules, we must obtain separate and granular consent for advertising cookies and must allow users to opt out of specific categories of cookies. We do not provide advertisers with your direct identifiers such as name or email.
• Legal and regulatory authorities: we may disclose data to comply with laws, court orders or regulatory requests, or to protect our rights or the rights of others.
• Corporate transactions: in the event of a merger, acquisition or sale, your data may be transferred to the successor entity subject to this policy.

We do not sell or rent your personal data for marketing purposes.

International Transfers

Our servers may be located in India or other jurisdictions. The DPDPA has extra‑territorial application and applies to data processed outside India when goods or services are offered to individuals in India. We will ensure that cross‑border transfers comply with legal requirements, including restrictions on transferring data to countries specified by the Government of India or foreign regulators. Where required, we will obtain your explicit consent before transferring data abroad. By using the Platform from outside India, you consent to the transfer and processing of your data in India and other jurisdictions subject to these safeguards.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above, to comply with legal obligations and to enforce our agreements. Once the specified purpose is no longer served, data fiduciaries must erase personal data, unless there is a legal basis for retention. Certain categories of entities (e‑commerce firms, online gaming companies and social media platforms exceeding specific user thresholds) must delete personal data within three years of collection and notify data principals in advance. Although DhimsonHire is not currently classified as a Significant Data Fiduciary, we implement retention schedules and delete data associated with inactive accounts after a reasonable period (e.g., three years) unless you consent to extended retention for future opportunities.

Security Measures

We implement technical and organisational measures to protect data, including encryption in transit, secure server infrastructure, role‑based access control, regular security audits and staff training. The DPDPA requires data fiduciaries to implement logging and monitoring to detect and prevent unauthorised access; logs must be retained for at least one year. In the event of a personal data breach, we will notify affected individuals and the Data Protection Board without delay and provide details of the breach, consequences and mitigation measures.

Your Rights

Under the DPDPA and other applicable laws, you have the right to:

• Access and correction: request a summary of your personal data held by us and update your information.
• Data portability: obtain a copy of your data in a portable format.
• Withdrawal of consent: withdraw your consent to processing at any time. Please note that withdrawal may limit your use of certain services.
• Erasure: request deletion of your data when it is no longer needed or when you withdraw consent.
• Objection: object to marketing or other secondary processing.
• Grievance redressal: raise concerns via our grievance officer. We will acknowledge complaints within the timeframe prescribed by law and work to resolve them promptly.

To exercise these rights, email info@dhimson.com or use the account settings on the Platform.

Children’s Privacy

The Platform is intended for adults aged 18 years or older. We do not knowingly collect personal data from children. Parents or guardians who believe a minor has provided data without consent should contact us to request deletion.

Changes to This Policy

We may update this privacy policy to reflect changes in law or our practices. When material changes occur, we will post an updated policy on our website and notify users via email or Platform notices. Continued use after an update constitutes acceptance of the revised policy.

Contact Information

For privacy questions or complaints, contact: