When you register or interact with the NCFE Learning Management System (ELMS), we collect the following categories of personal data:

Category	Data Points
Identity Data	Full Name, User ID, Date of Birth, Gender, Photograph
Contact Data	Email Address, Mobile Number, Alternate Phone Number, Postal Address
Learning Data	Course enrolments, module completion status, assessment scores, quiz attempts, certificates issued
Technical Data	IP address, browser type, device type, login timestamps, session duration
Identity Verification Data	Government-issued ID details (collected where ID verification is mandated for proctored assessments)

Data is collected directly from you at the time of registration and through your use of the platform.

We collect and process your personal data only for the following legitimate, specified, and explicit purposes:

• User Authentication & Access Control – To verify your identity and provide secure access to the platform.
• Course Delivery & Learning Management – To enrol you in courses, track progress, deliver content, and issue completion certificates.
• Assessment & Proctoring – To administer assessments, prevent malpractice, and maintain the integrity of results.
• Compliance & Regulatory Reporting – To enable the organisation to demonstrate fulfilment of statutory training obligations.
• Communication – To send system notifications, course reminders, announcements, and support responses.
• Analytics & Improvement – To monitor platform performance, identify learning gaps, and improve the overall experience.
• Legal Obligation – Where processing is required to comply with applicable laws or regulatory requirements.

The legal bases for processing are: contractual necessity (to provide the LMS service), legitimate interest (operational and organisational learning needs), and where applicable, explicit consent obtained at the time of registration.

3.1 Data Usage

• Your data is used solely for the purposes outlined in Section 2 above.
• Personal data is not sold, rented, or disclosed to third parties.
• Aggregated and anonymised data may be used for internal analytics and reporting.

3.2 Data Storage and Security

• All personal data is stored on secured servers hosted within India.
• Access to personal data is restricted to authorised personnel on a need-to-know basis.
• We employ industry-standard technical and organisational measures including encryption in transit (TLS/HTTPS), role-based access controls, and regular security audits.
• Backup copies of data are maintained to prevent accidental loss.

3.3 Retention Period

• Personal data is retained for as long as your account remains active or as required by organisational policy and applicable law.
• Upon account deactivation, non-statutory data will be anonymised or deleted within 90 days, unless a longer retention period is required by law or regulatory mandate.
• Certifications and completion records may be retained for a longer period to support re-verification requests.

You have the following rights with respect to your personal data:

• Right to Access – Request a copy of the personal data we hold about you.
• Right to Correction – Request correction of inaccurate or incomplete data.
• Right to Withdraw Consent – Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Object – Object to processing based on legitimate interests.

Please note that withdrawal of consent may limit or prevent access to certain platform features where processing is essential for service delivery.

We may update this Privacy Policy from time to time. Any material changes will be communicated via platform notifications and a revised "Last Revised" date will be published at the top of this page. Continued use of the platform after such notification constitutes acceptance of the revised policy.