Privacy Policy

Privacy Policy Information

Derivion International Private Limited (“Derivion,” “we,” “our,” or “us”), operating under the brand ISFT — International School of Financial Trading, is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use and store it, who we share it with, and what rights you have.

This Policy applies to all individuals who visit our website, make an enquiry, enrol in a programme, or otherwise interact with ISFT and Derivion. By using our website or services, you acknowledge that you have read and understood this Policy.

 

  1. Who We Are & How to Contact Us

Data Controller: Derivion International Private Limited

Brand: ISFT — International School of Financial Trading

Registered Office: Derivion International Private Limited, Gurugram, Haryana, India

Privacy Contact: privacy@derivion.in

Website: www.isft.in

For all privacy-related queries, requests, or complaints, please write to us at privacy@derivion.in. We aim to respond within 10 working days.

 

  1. Information We Collect

We collect personal information in the following categories:

  1. a) Identity & Contact Information
  • Full name, email address, mobile number, WhatsApp number, city, and country of residence.
  • Date of birth and nationality (where required for qualification registration).

 

  1. b) Educational & Professional Background
  • Academic qualifications, professional experience, and career objectives, as provided during the application or enrolment process.

 

  1. c) Financial Information
  • Billing details and payment transaction history. All payment processing is handled by authorised third-party payment gateways. Derivion does not store full card or banking details on its own systems.

 

  1. d) Communication Data
  • Records of your communications with us, including emails, phone calls, WhatsApp messages, website chat interactions, and enquiry form submissions.

 

  1. e) Technical & Usage Data
  • IP address, browser type and version, device information, pages visited, time spent on the site, and referring URLs, collected automatically when you visit our website.
  • Cookie and tracking data, as described in Section 8.

 

  1. How We Use Your Information

We use your personal data for the following purposes:

  • Programme Delivery: To process your enrolment, manage your student account, deliver training, and issue certifications.
  • Qualification Registration: To register you with our UK Academic Partner and the relevant awarding body (VTCT/ZISHI) for regulated qualifications.
  • Payments & Finance: To process fee payments, issue receipts, and manage payment plans.
  • Communications: To respond to your enquiries, send programme updates, share schedules, and provide student support.
  • Marketing & Outreach: To send you information about new programmes, events, and offers — only where you have consented or where we have a legitimate interest in doing so. You may opt out at any time.
  • Website Improvement: To analyse how our website is used and improve its content, performance, and user experience.
  • Legal Compliance: To fulfil our obligations under applicable Indian law, regulatory requirements, and the terms of our partnership agreements.

 

  1. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • DPDP Act, 2023 (India): We rely on your consent for data processing. By submitting an enquiry form, enrolling in a programme, or making a payment, you provide consent for us to process your data as described in this Policy.
  • Contractual Necessity: Processing is necessary to fulfil our obligations under your enrolment agreement.
  • Legitimate Interests: We may process data for purposes such as fraud prevention, network security, and improving our services, where our interests are not overridden by your data protection rights.
  • Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation.

If you are based in the UK or EU, we also process your data in accordance with the UK GDPR / EU GDPR as applicable. Our UK Academic Partner, ZISHI, acts as a separate data controller for data processed in connection with qualification registration.

 

  1. Sharing of Your Information

We do not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

  • UK Academic Partner (ZISHI) and Awarding Bodies: We share relevant student data — including name, date of birth, contact details, and qualification enrolment information — with our UK Academic Partner and awarding bodies (e.g., VTCT) for the purpose of qualification registration and certification. This involves an international data transfer to the UK, which is conducted with appropriate safeguards.
  • Affiliated Trading Firms: For students on programme tracks that include a trading performance evaluation component, limited professional profile data may be shared with our affiliated proprietary trading partner. You will be informed in writing before any such sharing occurs.
  • Service Providers: We share data with trusted third-party service providers who assist in operating our business — including payment gateways, cloud hosting providers, CRM platforms, email and WhatsApp communication tools, and website analytics services. These providers are contractually bound to process data only on our instructions and in accordance with applicable law.
  • Legal & Regulatory Authorities: We may disclose your data to government authorities, law enforcement agencies, or regulators where required or permitted by law.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred as part of that transaction. You will be notified of any such transfer.

 

  1. International Data Transfers

As part of delivering our OfQual-regulated programmes, your personal data may be transferred to and processed in the United Kingdom by our UK Academic Partner and the relevant awarding body. We ensure that such transfers are made in accordance with applicable data protection laws and that appropriate safeguards are in place.

If you have questions about international data transfers or the safeguards in place, please contact us at privacy@derivion.in.

 

  1. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are:

  • Enquiry and pre-enrolment data: up to 2 years from the date of last contact.
  • Enrolment records, programme data, and qualification records: up to 7 years from programme completion, in accordance with regulatory and awarding body requirements.
  • Financial and payment records: up to 8 years as required under Indian tax and accounting laws.
  • Marketing consent records: retained until consent is withdrawn.

When data is no longer required, it is securely deleted or anonymised.

 

  1. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytics. We use the following types of cookies:

  • Essential Cookies: Required for core website functionality. These cannot be disabled without affecting site performance.
  • Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). This data is aggregated and anonymised where possible.
  • Marketing & Remarketing Cookies: Used to deliver targeted advertising on platforms such as Meta (Facebook/Instagram) and Google. These are only placed with your consent.

You can manage or withdraw your cookie preferences at any time through your browser settings or via the cookie consent banner on our website.

 

  1. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include:

  • Encrypted data storage and secure server infrastructure.
  • Restricted access to personal data on a need-to-know basis.
  • Secure payment processing through PCI-compliant third-party gateways.
  • Regular review of our data security practices.

While we take every reasonable precaution, no method of electronic storage or transmission is completely secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities in accordance with applicable law.

 

  1. Your Rights

Depending on your location and applicable law (including the DPDP Act 2023, UK GDPR, or EU GDPR), you may have the following rights in relation to your personal data:

  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure: To request deletion of your data, subject to our legal obligations (also known as the “right to be forgotten”).
  • Right to Withdraw Consent: To withdraw consent for data processing at any time, without affecting the lawfulness of prior processing.
  • Right to Object: To object to the processing of your data for direct marketing purposes.
  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format (where applicable).

 

To exercise any of these rights, please write to us at privacy@derivion.in. We will respond within 10 working days. In some cases we may need to verify your identity before processing your request.

 

  1. Third-Party Links

Our website may contain links to third-party websites, including partner organisations, awarding bodies, and payment service providers. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

 

  1. Minors

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18 without verifiable parental or guardian consent. If we become aware that we have inadvertently collected data from a minor, we will take prompt steps to delete it.

 

  1. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any updates will be published on this page with a revised Last Updated date. For material changes, we will endeavour to notify enrolled students by email. Your continued use of our services following any update constitutes acceptance of the revised Policy.

 

  1. Contact & Complaints

For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us at:

 

Privacy Contact:  privacy@derivion.in

Registered Office:  Derivion International Private Limited, Gurugram, Haryana, India

Website:  www.isft.in

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.