Data Protection Policy

Scope

This policy applies to all personal data processed by Fresso Labs LLP in connection with its operations, including data relating to clients, candidates, Career Catalyst applicants, Pyuper registrants, employees, website visitors, and any other individuals whose data we hold. It applies to all formats — digital and physical.

Data Protection Principles

Fresso Labs processes personal data in accordance with the following principles: lawfully, fairly, and transparently; for specified, explicit, and legitimate purposes; limited to what is necessary for those purposes; accurately and kept up to date; retained no longer than necessary; and processed with appropriate security safeguards.

Lawful Basis for Processing

Fresso Labs processes personal data on the following legal bases under the DPDP Act 2023 and applicable law: consent of the data principal; performance of a contract or pre-contractual obligations; compliance with a legal obligation; and legitimate interests pursued by Fresso Labs where not overridden by the rights of the data principal.

Rights of Data Principals

Under applicable data protection law, individuals have the following rights: right of access — to obtain a summary of personal data held; right to correction — to correct inaccurate or incomplete data; right to erasure — to request deletion of personal data no longer required; right to withdraw consent — at any time, without affecting prior lawful processing; right to grievance redressal — to raise a complaint with Fresso Labs or the Data Protection Board of India. Contact hello@fressolabs.com. Fresso Labs will respond within 30 days.

Cross-Border Data Transfers

Where personal data is transferred outside India, Fresso Labs ensures appropriate safeguards are in place — consistent with applicable regulations and notified countries as specified under the DPDP Act 2023 and its Rules.

Data Breach Procedures

In the event of a personal data breach, Fresso Labs will immediately contain and assess the breach; notify the Data Protection Board of India and affected data principals as required by applicable law; and document the breach, its impact, and all corrective actions taken.

Policy Compliance & Review

All Fresso Labs employees and authorised third parties are responsible for adhering to this policy. Non-compliance may result in disciplinary action. This policy is reviewed annually and updated as required by changes in law or business practice.