Harbans

SAHEDRA PRIVACY POLICY

Effective Date: November 8, 2025 · Last Updated: November 8, 2025

1. Introduction

Sahedra (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Sahedra ecosystem, including the Harbans platform, our websites, and associated services (collectively, the “Service”).

We are the data controller for your personal data. We follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) to protect your information.

2. Contact Details

Role

Data Controller

Entity

Sahedra

Data Protection Inquiries

Data Protection Team

Contact Information

help@sahedra.com

3. The Data We Collect About You

We collect and use different types of personal information about you, which we group as follows:

Category

  • Identity Data
  • Contact Data
  • Profile Data
  • Technical Data
  • Usage Data
  • Marketing & Communications Data

Description

  • Data used to identify you.
  • Data used to contact you.
  • Data related to your career development.
  • Data about your device and usage.
  • Data about how you use our Service.
  • Your preferences in receiving marketing from us.

Examples

  • First name, last name, username, date of birth (if provided).
  • Email address, phone number.
  • Educational history, employment history, career goals, progress logs, performance reviews, and other User-Generated Data (as defined in the Terms of Service).
  • IP address, login data, browser type and version, time zone setting, operating system, and platform.
  • Information about how you navigate and use the Sahedra and Harbans platforms, features accessed, and time spent.
  • Your marketing and communication preferences.

We also collect Aggregated Data (like statistics) which is not personal data because it does not identify you.

4. How We Collect Your Data

We use different methods to collect data from and about you, including:

  • Direct Interactions: You provide us with your Identity, Contact, and Profile Data when you create an account, fill in forms on the Service, or communicate with us.
  • Automated Technologies: As you interact with our Service, we automatically collect Technical and Usage Data using cookies, server logs, and other similar technologies.
  • Third Parties: We may receive personal data about you from third parties, such as analytics providers (e.g., Google Analytics) or social media platforms if you choose to link your account.

5. How and Why We Use Your Data (Lawful Basis)

We only use your personal data when the law permits. Here are the main reasons and legal bases for using your data:

Purpose of Use

  • To register you as a new user
  • To provide and manage the Service (including Harbans)
  • To improve our Service and user experience
  • To manage our relationship with you
  • To send you marketing communications
  • To comply with legal obligations

Type of Data Used

  • Identity, Contact
  • Identity, Contact, Profile, Usage
  • Technical, Usage, Aggregated
  • Identity, Contact, Marketing
  • Identity, Contact, Marketing
  • All Categories

Lawful Basis (UK GDPR)

  • Performance of a contract with you.
  • Performance of a contract with you.
  • Legitimate Interests (to keep our Service updated and relevant).
  • Performance of a contract with you; Necessary to comply with a legal obligation.
  • Consent (where required) or Legitimate Interests (to develop our products/services).
  • Necessary to comply with a legal obligation.

6. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes described in Section 5:

  • Internal Use Only: We do not share your personal data with any third parties for their own marketing or commercial purposes. Your data is used strictly within the Sahedra ecosystem (including Harbans) to provide and improve the Service.
  • Service Providers: We may share data with trusted third-party service providers (e.g., cloud hosting, IT support) who act on our instructions and are bound by strict confidentiality agreements.
  • Legal Requirement: We may disclose data if required by law or to protect our rights (e.g., to regulators or law enforcement).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. International Transfers

We do not routinely transfer your personal data outside the UK. However, if we do, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
  • Where we use certain service providers, we may use specific contracts approved by the UK government which give personal data the same protection it has in the UK.

8. Data Security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We also limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.

10. Your Legal Rights (Data Subject Rights)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data where we are relying on a legitimate interest.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party (data portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you want to use any of these rights, please contact us at help@sahedra.com.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to resolve your concerns first, so please contact us before approaching the ICO.

11. Children's Privacy

Our Service is intended for users aged 16 and over. Users aged 16 and 17 can use the Service without parental consent. If you are under the age of 16, you must have the explicit permission of your parent or legal guardian to use the Service. We do not knowingly collect personal data from children under 16 without parental consent. If we learn that we have collected personal data from a child under 16 without parental consent, we will take steps to delete the information as soon as possible.

12. Changes to the Privacy Policy

We keep our Privacy Policy under regular review. Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. We encourage you to frequently check this page for any changes.

© 2025 Sahedra. All rights reserved.