Privacy Policy — FIO Foundation
Last Updated: 14 May 2026 | Version 1.1
Effective Date: 14 May 2026
Last Updated: 14 May 2026
Version: 1.1
1. Who We Are
FIO Foundation ("Future Is Ours Foundation") is a not-for-profit organisation registered in Kerala, India, dedicated to POSH Act (Prevention of Sexual Harassment at Workplace Act, 2013) training, compliance advisory, Internal Committee formation, and workplace safety education.
Data Fiduciary (Controller)
FIO Foundation
Kunnummal Road, Palathara, Kottakkal, Malappuram,
Kerala, India — 676510
Email: connect@fiofoundation.org
Phone: +91 99617 71711
Website: https://fiofoundation.org
This Privacy Policy describes how FIO Foundation collects, uses, stores, protects, and handles personal data when you:
- Visit our website (fiofoundation.org)
- Fill and submit our contact or enquiry form
- Register and make payment for a training programme (including the POSH Bootcamp)
- Interact with us via WhatsApp or any other channel linked from our website
2. Legal Framework
This Privacy Policy is drafted in compliance with and in accordance with:
- The Digital Personal Data Protection Act, 2023 (DPDPA)
- The Information Technology Act, 2000 (IT Act) and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
- The Consumer Protection Act, 2019 (India)
- The General Data Protection Regulation, (EU) 2016/679 (GDPR) — to the extent applicable to visitors from the EEA or UK
- The Payment and Settlement Systems Act, 2007 — as applicable to payment processing
- The Goods and Services Tax Act, 2017 and Income Tax Act, 1961 — for financial record-keeping obligations
- Any other applicable Indian central or state law in force
3. What Data We Collect and Why
We collect only what is necessary for the legitimate purposes described below. We do not collect data speculatively or for any purpose not disclosed in this Policy.
3.1 Contact and Enquiry Form
| Data | Purpose | Legal Basis |
|---|---|---|
| Full Name | Address you personally and process your enquiry | Consent / Legitimate interest |
| Phone Number | Respond via call or WhatsApp | Consent |
| Organisation Name | Understand compliance context | Consent |
| District / Location | Assess service availability | Consent |
| Service Required | Route enquiry to the right team | Consent |
| Message / Details | Understand and respond to your need | Consent |
Important — Database Storage: When you submit the contact form, the data you provide is saved into our secure database so our team can (a) review who has approached us, (b) follow up if your enquiry was not resolved, (c) reach out if your registration or payment encountered an issue, and (d) maintain records for quality and operational purposes. You may request deletion at any time by emailing connect@fiofoundation.org.
3.2 Bootcamp Booking and Payment Form
| Data | Purpose | Legal Basis |
|---|---|---|
| Full Name | Identify payment initiator, confirm booking, issue certificate | Contractual necessity / Consent |
| Mobile Number | Confirm booking, send event details, payment support | Contractual necessity / Consent |
| Email Address | Booking confirmation, receipt, certificate | Contractual necessity / Consent |
| Company / Organisation | Issue GST invoice where applicable | Contractual necessity |
| Number of Participants | Manage event capacity and seating | Contractual necessity |
| GSTN (if provided) | Issue valid GST tax invoice | Legal obligation (GST Act, 2017) |
Important — Database Storage: Booking data is stored to (a) process and confirm your booking, (b) identify you as the payment initiator in case of failure, dispute or refund, (c) reach out if your payment was initiated but not confirmed, (d) issue your Certificate of Participation, and (e) maintain financial, tax and attendance records. Financial transaction data is retained for 7 years as required under the Income Tax Act, 1961 and GST regulations.
3.3 Payment Processing — Razorpay
Payments are processed exclusively through Razorpay (Razorpay Software Private Limited), a PCI-DSS compliant payment gateway authorised by the RBI as a Payment Aggregator.
FIO Foundation does NOT collect, process, or store your:
- Credit/debit card numbers
- CVV codes or card expiry dates
- UPI IDs, PINs, or transaction passwords
- Net banking credentials or OTPs
We receive only a payment confirmation/failure status and a transaction reference number. Your name, mobile and email are shared with Razorpay solely to facilitate the transaction.
3.4 WhatsApp Communication
Our website contains WhatsApp chat links. When you initiate a conversation, it occurs on WhatsApp (Meta Platforms Inc.). We receive your messages and your WhatsApp-registered name and phone number, and use them solely to respond to your enquiry. WhatsApp's own Privacy Policy governs that platform.
3.5 Website Technical Data
Our hosting infrastructure may automatically collect standard server log data:
- IP address (partially anonymised) — security & approximate geolocation
- Browser type and version — compatibility
- Pages visited and time spent — content usefulness
- Referring URL — how visitors find us
- Device type — UX optimisation
We do NOT use Google Ads, Facebook Pixel, behavioural retargeting, or third-party audience analytics beyond standard server logs.
3.6 Data We Do Not Collect
- Payment card numbers, CVV, UPI PINs, banking credentials
- Biometric, health, or sexual orientation data
- Aadhaar, PAN, Passport (unless specifically required and consented)
- Race, ethnicity, caste, religion, political opinion
- Data from individuals believed to be under 18
- Any data through covert means
4. How We Use Your Data
- To respond to your enquiry
- To process your booking and payment
- To follow up on incomplete registrations or payment issues
- To deliver training services and issue certificates
- To maintain financial and legal records (Income Tax, GST)
- To improve our website using anonymised technical data
- To comply with legal obligations
We do NOT use your data for marketing emails, advertising, retargeting, selling/renting to third parties, automated profiling, or any purpose not stated in this Policy.
5. Sharing of Your Data
FIO Foundation does not sell, trade, rent, or share your personal data with any third party for commercial purposes.
5.1 Razorpay — Payment Processor
Name, mobile and email are shared with Razorpay solely to process your bootcamp payment under their own Privacy Policy.
5.2 Hosting and Infrastructure Providers
Our website is hosted on the Lovable platform and uses Cloudflare for security and performance. Our database is on secure cloud infrastructure accessed only by authorised team members.
5.3 Legal Obligation
We may disclose data if required by court order, law enforcement under the IT Act 2000, the Data Protection Board under DPDPA 2023, or any applicable statutory obligation.
5.4 Business Continuation
In the event of a merger, acquisition or structural change, data may be transferred to a successor entity with prior notice where required.
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form enquiry | Until resolved + 12 months | Service continuity & follow-up |
| Unresolved enquiries | Up to 24 months | Legitimate interest in assisting |
| Bootcamp booking (name, mobile, email) | 7 years | Income Tax Act 1961 & GST |
| GST invoice data | 7 years | GST Act, 2017 |
| Certificate of Participation records | 5 years | Proof of training delivery |
| Website server / technical logs | Up to 90 days | Security & fraud prevention |
| WhatsApp communication | Per Meta/WhatsApp | Governed by WhatsApp |
7. Data Security
We implement reasonable technical and organisational security measures as required under Rule 8 of the IT (SPDI) Rules, 2011 and Section 8(4) of the DPDPA, 2023:
- HTTPS encryption for all website data transmission
- Secure, access-controlled database storage
- Role-based access control for authorised team members only
- Payment data handled exclusively within Razorpay's PCI-DSS environment
- Regular review of data handling and security practices
No system is 100% secure. Contact connect@fiofoundation.org immediately if you believe your data may have been compromised.
8. Your Rights as a Data Principal
8.1 Right to Access (Section 11, DPDPA)
Confirm whether we hold your data and obtain a summary of processing.
8.2 Right to Correction and Completion (Section 12, DPDPA)
Request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure (Section 12, DPDPA)
Request deletion where we are not legally required to retain. Tax/legal records cannot be erased before the mandated period expires.
8.4 Right to Grievance Redressal (Section 13, DPDPA)
Acknowledged within 48 hours; resolved within 30 days of receipt.
8.5 Right to Nominate (Section 14, DPDPA)
Nominate another individual to exercise your rights on your behalf.
8.6 Right to Withdraw Consent
Withdraw at any time. Lawfulness of prior processing is unaffected.
8.7 Rights of EEA and UK Residents (GDPR)
- Right to data portability (Article 20)
- Right to object to processing (Article 21)
- Right to restriction of processing (Article 18)
- Right to lodge a complaint with your supervisory authority
How to exercise your rights: Contact our Grievance Officer at connect@fiofoundation.org or +91 99617 71711. We will verify your identity and respond within 30 days, free of charge.
9. Cookies and Tracking Technologies
We use minimal technical cookies strictly necessary for functionality and security. We do NOT use:
- Advertising or targeting cookies
- Behavioural tracking or retargeting pixels
- Social media tracking (Facebook Pixel, LinkedIn Insight Tag)
- Google Analytics or similar behavioural analytics
We do not operate a cookie consent banner because we do not use non-essential cookies that require consent.
10. Marketing and Promotional Communications
FIO Foundation does NOT send marketing emails, newsletters, unsolicited WhatsApp broadcasts, or SMS marketing. Outbound communication is strictly service-related — direct responses, booking confirmations, certificates, and payment-issue follow-ups.
11. Third-Party Links
Our website links to WhatsApp (Meta), Razorpay, and our LinkedIn, Instagram and YouTube profiles. When you leave our site, the privacy policies of those platforms apply. We accept no responsibility for third-party privacy practices.
12. Children's Data
Our services are directed at working professionals, business owners, HR managers, legal officers, IC members, and organisational representatives. We do not knowingly collect data from minors under 18. If we receive such data inadvertently, we delete it promptly. Notify us at connect@fiofoundation.org.
13. Cross-Border Data Transfers
We are based in Kerala, India, with primary operations within India. Some service providers process data abroad:
- WhatsApp / Meta: may process in the US and other jurisdictions under Meta's Data Processing Addendum and SCCs.
- Cloudflare: traffic passes through their global network under their Privacy Policy and GDPR commitments.
- Lovable: hosting governed by their Terms and Privacy Policy.
We comply with DPDPA cross-border transfer rules as notified by the Government of India. For GDPR, transfers use SCCs or adequacy decisions. Razorpay payment data stays within India's regulated financial infrastructure.
14. Grievance Officer
In accordance with the IT Act 2000, IT (SPDI) Rules 2011, and DPDPA 2023, FIO Foundation designates the following Grievance Officer and Data Protection Contact:
Mr. Suhail Kundil
Founder, FIO Foundation
Kunnummal Road, Palathara, Kottakkal, Malappuram, Kerala — 676510
Email: connect@fiofoundation.org
Phone: +91 99617 71711
Working Hours: Mon–Sat, 9:00 AM to 6:00 PM IST
Response Timelines: Acknowledgement within 48 hours; resolution within 30 days. If unsatisfied, you may approach the Data Protection Board of India, the Adjudicating Officer under the IT Act 2000, your local DPA (EEA/UK), or the Consumer Forum under the Consumer Protection Act, 2019.
15. Changes to This Privacy Policy
We may update this Policy to reflect changes in practices, legal requirements, or services. Material changes will be notified via the "Last Updated" date and posting on fiofoundation.org/privacy-policy. Continued use after posting constitutes acceptance of the updated Policy.
16. Contact Us
FIO Foundation (Future Is Ours)
Kunnummal Road, Palathara, Kottakkal, Malappuram, Kerala — 676510
Email: connect@fiofoundation.org
Phone / WhatsApp: +91 99617 71711
Website: https://fiofoundation.org
Disclaimer
This Privacy Policy was prepared in good faith in accordance with DPDPA 2023, IT Act 2000 & SPDI Rules 2011, GDPR (EU) 2016/679, and applicable Indian tax and financial record-keeping laws. It does not constitute legal advice. Indian data protection law continues to evolve as DPDPA rules are progressively notified. We recommend periodic legal review by a qualified professional.
© 2026 FIO Foundation (Future Is Ours). All rights reserved.
Kunnummal Road, Palathara, Kottakkal, Malappuram, Kerala — 676510
connect@fiofoundation.org | +91 99617 71711