Recent Changes: Initial privacy policy for Global Tech & Innovation Awards

1. Introduction & Scope

This Privacy Policy explains how AwardsFlow (trading as "Global Tech & Innovation Awards") collects, uses, discloses, stores, and protects personal data through the Global Tech & Innovation Awards Platform (the "Platform"). This Policy applies to all users including entrants, nominators, team members, judges, sponsors, partners, administrators, and visitors.

By accessing or using the Platform, you accept this Policy. If you do not agree, do not use the Platform.


2. Controller & Roles

Data Fiduciary/Controller: AwardsFlow (trading as "Global Tech & Innovation Awards") determines the purposes and means of processing personal data for awards programs we operate.

Processors: We engage service providers (hosting, payments, analytics, messaging, support) who process data under our instructions and are bound by confidentiality and security obligations.

Third-Party Programs: If we host an awards program on behalf of a third-party sponsor who controls processing, that third party acts as controller and we act as processor. This Policy governs our handling of all personal data on the Platform.


3. Key Definitions

  • Personal data: Information relating to an identified or identifiable individual.
  • Sensitive data: Categories of personal data that require enhanced protection, including government identifiers, health or disability information, financial account details, biometric data, and any data treated as sensitive under applicable law.
  • Processing: Collection, storage, use, sharing, deletion, or any operation on personal data.
  • Data Principal: The individual to whom the personal data relates, under the Indian Digital Personal Data Protection Act, 2023.
  • Data Fiduciary: The entity that determines the purpose and means of processing personal data, under the Indian Digital Personal Data Protection Act, 2023.

4. Data We Collect

4.1 Data You Provide

  • Account & Profile: Name, email, password (hashed), organization, job title, phone, country, preferences, consent records.
  • Applications: Organization details, team member information, referees, narratives, metrics, attachments (documents, images, videos), category selections, eligibility declarations.
  • Judging: Biography, expertise, affiliations, conflict disclosures, scores, rubric responses, review comments.
  • Sponsor/Partner: Organization contacts, billing information, tax identifiers, brand assets.
  • Communications: Inquiries, feedback, survey responses, testimonials (with consent).

4.2 Data Collected Automatically

  • Device/browser/OS information, IP address, approximate location (city/country), language, referrer URL, session identifiers, page views, timestamps, error logs, performance metrics.
  • Security telemetry: Login attempts, MFA events, unusual activity flags.

4.3 Payment Data

Payments are processed via PCI DSS-compliant processors. We do not store full card numbers. We retain minimal transaction metadata: amount, currency, status, masked card number (last four digits), invoice details, tax information where required.

4.4 Data From Third Parties

  • Nominators or referees may submit information on your behalf.
  • Publicly available sources (company websites, public registers) may be used to verify claims.
  • Event partners may provide limited business contact data (with consent).

4.5 Sensitive Data

We minimize collection of sensitive data. We may collect government tax identifiers for invoicing or disability accommodation information when requested. Where collected, we provide explicit notice, obtain consent where required, and apply enhanced safeguards. Do not upload sensitive data unless specifically requested.


5. Purposes & Legal Basis

We process personal data for the following purposes:

  • Service Delivery / Contract Performance: Account creation, application processing, judging, award fulfillment, communications, support, billing.
  • Platform Security and Integrity: Fraud prevention, security monitoring, preventing duplicate or abusive entries, judging integrity.
  • Service Improvement: Analytics to improve the Platform, aggregated reporting, business contact management.
  • Legal Compliance: Tax and invoice retention, responding to lawful requests, regulatory compliance.
  • Consent-Based Processing: Marketing communications, cookies and analytics (where required), publication of testimonials and case studies, use of logos or submission excerpts for publicity, and processing of sensitive data beyond legal requirements.

We process personal data based on your consent or on the permissible legitimate uses defined under the Indian Digital Personal Data Protection Act, 2023, including performance of a contract, compliance with legal obligations, and specified legitimate uses as defined under the Act.


6. Judging & Software-Assisted Processing

Our judging process is human-led. We may use software tools to organize submissions, calculate score totals, detect duplicate entries, and assist judges with content summarization. Final award decisions are made by human judges. No award decision is based solely on automated processing. If you believe a software-assisted process has adversely affected you, please contact us for review.


7. How We Share Data

We share personal data only as necessary:

  • Service Providers (Processors): Hosting, email and messaging, analytics, customer support, payment processing, content delivery, security vendors. All processors are bound by contracts requiring confidentiality and data protection.
  • Judges: Application content and minimal contact details required for evaluation, subject to confidentiality obligations.
  • Sponsors and Partners: Where applicants have provided the optional showcase consent during entry submission, sponsor-relevant submission content may be shared with sponsors as part of sponsorship deliverables (case studies, snippets, marketing materials). Otherwise, only aggregated or de-identified data is shared.
  • Public Disclosures: Winner names, organizations, award category, tier, and year may be publicly announced on the Platform. Personal contact details will not be published without consent. Separate consent is obtained for case studies, media use, or extended showcase content.
  • Legal and Compliance: Where required by law, to protect rights, safety, or security, or in business restructure (merger or acquisition) under equivalent protection.

We do not sell personal information.


8. International Data Transfers

Personal data may be transferred to servers or personnel outside India to enable Platform operations including cloud hosting, support services, and judging by international jury members. Under the Indian Digital Personal Data Protection Act 2023, such transfers are permitted unless the Central Government has notified specific country restrictions. Where applicable, we implement contractual safeguards with our service providers, including data protection clauses and confidentiality obligations.


9. Data Retention

We retain personal data only as long as necessary:

  • Account and profile data: While active plus 3 years of inactivity, then deletion or anonymization.
  • Applications and judging content: Three years after the awards cycle for jury evaluation, audit, and research purposes, after which it is archived in de-identified form or deleted.
  • Financial and tax records: Retained as required under applicable Indian tax and accounting laws, typically 7 years, then anonymization or deletion.
  • Consent and opt-out records: Retained as required for compliance purposes.
  • Security logs and backups: Backups retained up to 90 days; security logs retained 12 to 24 months.

If you request deletion, we will comply unless legal or regulatory obligations require continued retention.


10. Security

We implement industry-standard technical and organizational security measures appropriate to the sensitivity of the data, including:

  • Encryption of data in transit
  • Secure password hashing
  • Role-based access controls
  • Audit logging
  • Network and infrastructure security measures
  • Incident response procedures

Specific security controls are reviewed and updated regularly as appropriate to evolving threats.

No system is perfectly secure. Users share responsibility for security: use strong passwords, enable available authentication features, keep devices updated, and report suspected misuse promptly. We are not liable for unauthorized access resulting from your failure to secure your credentials or devices.


11. Your Rights

As a data principal under the Indian Digital Personal Data Protection Act, 2023, you have rights including: access, correction, completion, updating, erasure (in permitted circumstances), withdrawal of consent, and lodging grievances.

To exercise your rights: Email demo@awardsflow.com with your account email and request type. We respond within applicable statutory timeframes. We may require proof of identity. We may refuse manifestly unfounded or excessive requests and will explain the reasons.


12. India - Digital Personal Data Protection Act, 2023

You are a "data principal" and we are a "data fiduciary" under the Indian Digital Personal Data Protection Act, 2023. You have rights including:

  • Access to a summary of processing activities concerning your personal data
  • Correction of inaccurate or incomplete data
  • Completion or updating of incomplete data
  • Erasure of data in circumstances permitted under the Act
  • Withdrawal of consent at any time, with effect for the future
  • Lodging grievances through our grievance mechanism
  • Nominating another individual to exercise rights

We will appoint a Grievance Officer when required by law under the DPDP Act and will adhere to statutory timelines for response. Grievances may be submitted to demo@awardsflow.com.

For users from other jurisdictions, we will respect rights under applicable law to the extent required, and you may contact us at the email above for any data-related requests.


13. Children's Privacy

The Platform is intended for users 18 years or older. Applicants must be at least 18 years of age. We do not knowingly collect data from minors under 18. If we discover a child's data has been submitted without parental consent, we will delete it and terminate the account. Parents or guardians may contact demo@awardsflow.com to request deletion.


14. Marketing Communications

We send marketing emails only with your explicit opt-in. You may withdraw consent anytime by clicking "Unsubscribe" in emails or by emailing demo@awardsflow.com. Essential service emails (confirmations, invoices, password resets, system alerts) cannot be opted out.


15. AI & Machine Learning

We may use AI and similar tools to assist in evaluation, content preparation, case study drafting, and administrative tasks. We do not use AI to determine final award decisions. Submission content is not provided to third parties for AI model training purposes. AI services used are configured with privacy-preserving terms. Material changes to AI usage will be notified.


16. Cookies & Similar Technologies

  • Strictly necessary cookies: Login and session management, fraud prevention, security.
  • Preferences cookies (optional): Language, display settings.
  • Analytics cookies (optional, consent-based): Usage analysis, Platform improvement.

We do not use behavioral advertising cookies. Manage preferences via the cookie banner or browser settings. Disabling necessary cookies may impair login or functionality.


17. Data Subject Request Workflow

Email request: Send to demo@awardsflow.com with subject "Data Subject Request – [type]". Include your account email and request details.

Response timeframe: Within applicable statutory timeframes, typically 30 days.

Verification: We may require identity verification to process your request.

Denial: If we decline a request, we provide reasons and, where required by law, appeal options.


18. Third-Party Links & Social Features

The Platform may include links to external websites or embedded media. We are not responsible for the privacy practices of third parties. Please review their policies before submitting personal data on their platforms.


19. Changes to This Policy

We may update this Privacy Policy from time to time. The changes could be material changes (new data sharing categories, processing purposes, or external partners) or non-material changes. It is your responsibility review this changes periodically. Continued use of the Platform after the effective date constitutes acceptance.


20. Limitation of Liability

We implement reasonable security measures, but we are not liable for:

  • Unauthorized access resulting from your failure to secure credentials or devices.
  • Data breaches caused by third-party service providers beyond our reasonable control, subject to our processor agreements.
  • Losses arising from your violation of this Policy or providing false or misleading information.
  • Force majeure events or circumstances beyond our reasonable control.

To the maximum extent permitted by applicable law, our total liability for any privacy-related claims is limited to the amount you paid us in the 12 months preceding the claim, or INR 10,000, whichever is lower, except where prohibited by law or in cases of gross negligence or willful misconduct.


21. Indemnification

You agree to indemnify and hold harmless AwardsFlow, its directors, officers, employees, agents, and affiliates from any claims, losses, damages, liabilities, and expenses (including reasonable legal fees) arising from:

  • Your violation of this Privacy Policy or applicable data protection laws.
  • Your submission of false, misleading, or unlawful information.
  • Your unauthorized disclosure of other users' personal data.
  • Your breach of any third-party rights, including intellectual property or privacy rights.

22. Contact & Grievance Officer

Controller contact: demo@awardsflow.com

Postal address:
AwardsFlow
Global Tech & Innovation Awards
Office 1022, 10th Floor
Gera's Imperium Rise
Hinjawadi Phase 2
Pune 411057
Maharashtra, India

For residents in India: Once required under the DPDP Act, we will publish details of our appointed Grievance Officer.


23. Dispute Resolution & Jurisdiction

Governing Law: This Privacy Policy is governed by the laws of the Republic of India.

Jurisdiction: Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra, India.

Arbitration: Parties may mutually agree to resolve disputes through arbitration under the Indian Arbitration and Conciliation Act, 1996, with the seat of arbitration in Pune, Maharashtra.


24. Summary of Key User Choices

  • Access, correct, or delete your data: Email demo@awardsflow.com
  • Manage cookies: Use the cookie banner or browser settings
  • Opt-out of marketing: Click "Unsubscribe" in any marketing email or contact us
  • Report security concerns: Email demo@awardsflow.com with subject "Security Concern"
  • Withdraw consent: Email demo@awardsflow.com with your account email and request type

Global Tech & Innovation Awards | Organized by AwardsFlow