UniMate
Data Protection Policy
This Data Protection Policy explains, in practical terms, how Guide to Heights [legal entity] ("UniMate", "we") protects the personal data you entrust to us — especially the sensitive documents you submit to verify your FlyMate registration. It supports our Privacy Policy and reflects the principles of India's Digital Personal Data Protection Act, 2023 (DPDP Act), Australia's Privacy Act 1988 and the Australian Privacy Principles (APPs), and the EU General Data Protection Regulation (GDPR).
1. Our data protection principles
We handle all personal data in line with these principles:
- Lawfulness and fairness — we process data only with a valid lawful basis and consent.
- Purpose limitation — we use data only for verification, matching, and operating the service.
- Data minimisation — we collect only what we genuinely need.
- Accuracy — we keep data accurate and let you correct it.
- Storage limitation — we keep data only as long as needed, then delete it.
- Integrity and confidentiality — we protect data with appropriate security.
- Accountability — we take responsibility for, and can demonstrate, our compliance.
2. Categories of data we handle
We handle ordinary account data (name, email, optional phone, destination, travel dates) and, for FlyMate, sensitive verification documents: your passport, admission letter (offer letter / CoE), and air ticket. Because these documents are sensitive, we apply heightened protection to them as described below.
3. How your verification documents are handled
Lifecycle of your passport, admission letter, and air ticket
- Collection — submitted by you through a secure, encrypted upload during registration.
- Storage — stored encrypted, in restricted storage separate from your public profile.
- Use — used solely to verify your identity, student status, and travel dates. A trained member of our verification team reviews each submission, assisted by OCR (text recognition). Documents are never shown to other users.
- Retention — retained only until 30 days after your class commencement (start) date.
- Deletion — at that point the documents are permanently and irreversibly deleted. You will not be able to access or recover them, and neither will we.
4. Security measures
- Encryption — documents are encrypted both in transit (TLS) and at rest.
- Access control — access is limited to authorised verification staff on a need-to-know basis, with access logged.
- Separation — sensitive documents are stored separately from profile data shown to other users.
- Vendor diligence — third-party processors (hosting, storage, OCR, payments) are bound by confidentiality and security obligations.
- Automated deletion — a scheduled process removes verification documents on the retention date.
[Update this list to match your actual technical setup before publishing.]
5. Retention schedule
| Data category | Purpose | Retention |
|---|---|---|
| Verification documents | Identity, student & travel verification | Deleted 30 days after class start date (permanent) |
| Account & profile data | Provide and operate the service | While account is active; deleted on closure |
| Payment records | Legal & accounting compliance | As required by law |
| Security/usage logs | Security & fraud prevention | Limited period, then deleted/anonymised |
6. International transfers
Where data is processed outside your home country (for example, in the India–Australia corridor), we ensure a level of protection consistent with the DPDP Act, the Australian Privacy Principles, and GDPR transfer safeguards.
7. Data breach response
If a personal data breach occurs, we will act promptly to contain and assess it, notify the relevant data protection authority and affected individuals where required by law, and take steps to prevent recurrence.
8. Your rights
You may access, correct, or request deletion of your data, withdraw consent, nominate a representative (under the DPDP Act), and lodge a grievance. To exercise these rights, contact our Grievance / Data Protection Officer below. Verification documents are deleted automatically on the schedule above regardless of any request.
9. Grievance / Data Protection Officer
[Officer name]
Email: [grievance@unimate.club]
Guide to Heights [legal entity], [registered office address]
We aim to acknowledge grievances promptly and resolve them within the timeframes required by applicable law. If you are not satisfied, you may escalate to the Data Protection Board of India, the Office of the Australian Information Commissioner (OAIC), or your local supervisory authority, as applicable.
UniMate is a service of Guide to Heights. Read alongside our Privacy Policy and Terms & Conditions.