Privacy Policy
Effective date: 1st November 2025
Contents
1. Privacy Policy Overview
Discovery Outcomes, LLC (“Discovery Outcomes,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, disclose, and protect personal data in compliance with applicable data protection laws, including the Indian Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the European Union General Data Protection Regulation (“GDPR”).
This Privacy Policy applies to all users of our services, including visitors to our website, customers, and individuals whose data we process in the course of our business operations.
2. What this Privacy Policy Covers
This Privacy Policy covers our treatment of personally identifiable information (“Personal Data”) that we gather when you access or use our services. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
3. Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Principal” under the DPDP Act or “Data Subject” under GDPR). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
4. Categories of Personal Data We May Collect
We may collect the following categories of Personal Data:
- Identifiers: name, email address, phone number, business address, job title, company name.
- Commercial information: records of products or services purchased, obtained, or considered.
- Internet or network activity: browsing history, search history, information on interaction with our website.
- Professional information: current or past job history, performance evaluations.
- Usage data: information about how you use our services.
- Technical data: IP address, browser type, device information, cookies, and similar technologies.
5. Categories of Sources of Personal Data
- Directly from you: when you register for our services, fill out forms, or communicate with us.
- Automatically: through cookies and similar technologies when you visit our website.
- From third parties: business partners, service providers, and public databases.
- From your employer: if you use our services through your employer.
6. Our Commercial or Business Purposes
- Service provision: to provide, maintain, and improve our services.
- Communication: to communicate with you about our services, updates, and promotional offers.
- Customer support: to respond to your inquiries and provide customer support.
- Analytics: to analyze usage patterns and improve our services.
- Legal compliance: to comply with applicable laws, regulations, and legal processes.
- Security: to detect, prevent, and address technical issues and security threats.
- Business operations: internal purposes such as auditing, data analysis, and research.
7. Other Permitted Purposes
We may also process Personal Data for other purposes where:
- We have obtained your explicit consent.
- Processing is necessary for the performance of a contract.
- Processing is necessary for compliance with legal obligations.
- Processing is necessary to protect vital interests.
- We have a legitimate interest that is not overridden by your fundamental rights and freedoms.
8. How We May Disclose Your Personal Data
- Service providers: third-party vendors who provide services on our behalf (hosting, analytics, customer support).
- Business partners: partners with whom we collaborate to provide services.
- Legal authorities: law enforcement, regulatory authorities, or courts when required by law.
- Corporate transactions: in connection with mergers, acquisitions, or sale of assets.
- With your consent: when you have given explicit consent for disclosure.
We do not sell your Personal Data to third parties.
10. Data Security
We implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
- Encryption of data in transit and at rest.
- Regular security assessments and audits.
- Access controls and authentication mechanisms.
- Employee training on data protection.
- Incident response procedures.
While we strive to protect your Personal Data, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
11. Data Retention
We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:
- The nature and sensitivity of the Personal Data.
- The purposes for which we process the Personal Data.
- Legal, regulatory, tax, accounting, or reporting requirements.
- Our legitimate business interests.
When Personal Data is no longer needed, we will securely delete or anonymize it.
12. Personal Data of Children
Our services are not directed to individuals under the age of 18 (“Children”). We do not knowingly collect Personal Data from Children. If we become aware that we have collected Personal Data from a Child without verification of parental consent, we will take steps to delete that information.
If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us using the information in Section 16.
13. Indian Data Privacy Rights (DPDP Act)
If you are a resident of India, you have the following rights under the DPDP Act, 2023:
- Right to access (Section 11(2)): obtain a summary of Personal Data being processed and information about processing activities.
- Right to correction (Section 11(3)): correct, complete, or update your Personal Data.
- Right to erasure (Section 11(4)): request erasure of your Personal Data, subject to certain exceptions.
- Right to grievance redressal (Section 11(5)): nominate another individual to exercise your rights in the event of death or incapacity.
- Right to withdraw consent: where processing is based on consent, withdraw consent at any time.
To exercise these rights, contact our Grievance Officer as detailed in Section 16. We will respond to your request within the timeframes specified in the DPDP Act.
14. European Data Subject Rights (GDPR)
If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:
- Right of access (Article 15): obtain confirmation of whether we process your Personal Data and access to such data.
- Right to rectification (Article 16): correct inaccurate Personal Data.
- Right to erasure (Article 17): request deletion of your Personal Data under certain circumstances.
- Right to restriction of processing (Article 18): request restriction of processing under certain circumstances.
- Right to data portability (Article 20): receive your Personal Data in a structured, commonly used format.
- Right to object (Article 21): object to processing based on legitimate interests or for direct marketing purposes.
- Rights related to automated decision-making (Article 22): not to be subject to decisions based solely on automated processing.
To exercise these rights, contact us using the information in Section 16. We will respond to your request within one month, as required by GDPR. You also have the right to lodge a complaint with a supervisory authority in the EEA.
15. Transfers of Personal Data
Your Personal Data may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.
When we transfer Personal Data outside of India or the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission.
- Adequacy decisions by relevant authorities.
- Other legally approved mechanisms.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at privacy@discoveryoutcomes.com.
The Grievance Officer will address your concerns within the timelines specified under the DPDP Act.
17. Payment Through Hyperlink
When you make payments through hyperlinks on our website, you may be redirected to third-party payment processors. These third parties have their own privacy policies and terms of service. We encourage you to review their policies before providing any Personal Data.
We do not directly collect or store your payment card information. Payment information is encrypted and processed by our third-party payment processors in compliance with PCI DSS requirements.
We may receive limited information from payment processors, such as transaction confirmation and billing information, which we use solely for order fulfillment and customer service purposes.
Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the “Effective Date” above. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.