🔒 Privacy & Security

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information in compliance with international standards including ISO 27001:2022 and GDPR.

Last Updated:

9/2/2025

Version:

2.0

ISO Compliance:

ISO/IEC 27001:2022, ISO/IEC 29100:2011

1Introduction

Nepal Tech Lab "we," "our," or "us" is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our educational services, or interact with us. This policy complies with ISO/IEC 27001:2022 and ISO/IEC 29100:2011 standards for information security and privacy management, as well as GDPR and applicable Nepalese data protection laws.

2Information We Collect

We may collect the following types of data:

2.1 Personal Information

  • Full name and contact information (email, phone, address)
  • Educational background and professional experience
  • Payment information and billing details
  • Government-issued identification (when required)
  • Emergency contact information

2.2 Technical Information

  • IP address and browser information
  • Device identifiers and operating system details
  • Website usage data and analytics
  • Cookies and similar tracking technologies
  • Log files and server data

2.3 Educational Data

  • Course enrollment and progress information
  • Assessment scores and certifications
  • Learning preferences and behavior
  • Communication with instructors and peers

We collect information you provide directly to us, such as when you create an account, fill out a form, or contact us. This may include your name, email address, phone number, and any other information you choose to provide. We also collect information automatically when you use our services, including your IP address, browser type, operating system, and usage patterns. Additionally, we may collect information from third parties, such as social media platforms, if you choose to connect your accounts.

3How We Use Your Information

We process your personal data for the following purposes:

Educational Services

  • Providing courses, training, and educational content
  • Tracking learning progress and issuing certifications
  • Customizing learning experiences and recommendations

Communication & Support

  • Responding to inquiries and providing customer support
  • Sending important updates about courses and services
  • Marketing communications (with consent)

Business Operations

  • Processing payments and managing billing
  • Improving our services through analytics and research
  • Ensuring security and preventing fraud

5Data Sharing and Disclosure

We may share your information with:

🤝Service Providers

Technology Partners:

  • • Cloud hosting providers (AWS, Google Cloud)
  • • Learning management system vendors
  • • Analytics and monitoring tools

Business Services:

  • • Payment processors (Stripe, PayPal)
  • • Email service providers
  • • Customer support platforms

🎓Educational Partners

With your consent, we may share data with:

  • • Accrediting bodies for certification purposes
  • • Partner institutions for joint programs
  • • Industry partners for internship opportunities

⚖️Legal Requirements

We may disclose information when legally required:

  • • Court orders and legal proceedings
  • • Government investigations
  • • Protection of rights, property, or safety
  • • Prevention of fraud or illegal activities

🔄Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity. You will be notified of any such change via email or prominent notice on our website.

6Data Security

We implement ISO 27001:2022 compliant security measures including:

🔐Technical Safeguards

  • 256-bit SSL/TLS encryption in transit
  • AES-256 encryption at rest
  • Regular security audits and penetration testing
  • Secure cloud infrastructure (SOC 2 certified)

🛡️Access Controls

  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and deprovisioning

📊Monitoring & Detection

  • 24/7 security monitoring (SIEM)
  • Intrusion detection systems
  • Automated threat intelligence
  • Incident response procedures

👥Organizational Measures

  • Staff security training and awareness
  • Background checks for personnel
  • Data retention and disposal policies
  • Regular policy updates and reviews

🏆Compliance Certifications

🔒

ISO 27001:2022

🛡️

SOC 2 Type II

🌐

GDPR Compliant

Regular Audits

7Your Data Protection Rights

Under GDPR and our commitment to data protection, you have the following rights:

Right to Access

Request copies of your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of processing your personal data in specific situations.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Withdraw consent for processing at any time where consent is the legal basis.

Right to Lodge a Complaint

File a complaint with the relevant data protection authority.

8Frequently Asked Questions

What personal information does Nepal Tech Lab collect?+
We collect personal information including your name, email, phone number, educational background, payment information, and technical data like IP address and browser information when you use our services.
How does Nepal Tech Lab use my personal data?+
We use your data to provide educational services, track learning progress, issue certifications, communicate with you, process payments, and improve our services. All processing is done in compliance with ISO 27001:2022 standards.
Is my data secure at Nepal Tech Lab?+
Yes, we implement ISO 27001:2022 compliant security measures including 256-bit SSL/TLS encryption, AES-256 encryption at rest, multi-factor authentication, and 24/7 security monitoring.
Can I delete my personal data from Nepal Tech Lab?+
Yes, you have the right to request deletion of your personal data. Contact our Data Protection Officer at privacy@nepaltechlab.com to submit a data deletion request.
How long do you retain my personal data?+
We retain personal data only as long as necessary for the purposes outlined in this policy, typically for the duration of your account plus 7 years for legal and compliance requirements.

📧Contact Information

Data Protection Officer

Nepal Tech Lab

Email: privacy@nepaltechlab.com

Phone: +977-1-4444444

Address: Kathmandu, Nepal

For urgent privacy matters, please mark your communication as "URGENT - Privacy Request"

🛡️

Compliance Statement

This Privacy Policy complies with ISO/IEC 27001:2022, ISO/IEC 29100:2011, GDPR, and applicable Nepalese data protection laws. Regular audits ensure ongoing compliance with international privacy standards.