Corporate Wellness Privacy Policy

This Corporate Wellness Privacy Policy (“Policy”) describes in detail the data protection and privacy practices of Art Gharana LLC, a United States entity registered at 13717 Camp Comfort Lane, Austin, Texas 78717, together with its wholly owned subsidiary Artgharana Global Private Limited, headquartered at 178 Panchvati Vastra Nagar, Roshni Ghar Road, Jayendraganj, Lashkar, Gwalior 474001, India. Both entities collectively operate under the global brand name “Art Gharana” and jointly deliver corporate wellness programs comprising online interactive classes, live sessions, recorded sessions, digital learning content, creative wellbeing activities, and other related services.

The purpose of this Policy is to clearly explain how Art Gharana collects, uses, stores, processes, records, discloses, transfers, protects, and manages information belonging to corporate clients, their employees, contractors, and all other authorized participants in Art Gharana’s corporate wellness programs (“Programs”). This Policy is intended to be consistent with the requirements of global data protection regulations, including the General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Texas Data Privacy and Security Act (TDPSA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Singapore Personal Data Protection Act, the Australian Privacy Act, the New Zealand Privacy Act, and India’s Digital Personal Data Protection Act of 2023 (“DPDP Act”).

This Policy applies exclusively to corporate wellness customers and their authorized participants. It does not apply to individual consumers who enroll directly into Art Gharana’s B2C programs, which are governed by a separate privacy policy. By entering into a corporate agreement with Art Gharana or by authorizing employees or other individuals to participate in the Programs, the corporate client acknowledges that it has reviewed, understood, and accepted the terms contained in this Policy, and furthermore confirms its authority to provide such acceptance on behalf of all its participating employees.

For clarity, Art Gharana LLC is the primary data controller for all personal information collected from participants and client organizations located outside India. Artgharana Global Private Limited is the data controller for all personal information collected from participants and client organizations located within India. While each entity acts as a controller for its respective region, both entities operationally collaborate to deliver the Programs, and they may share information between them strictly for purposes described in this Policy. All inter-entity data transfers occur under a formal Intercompany Data Transfer Agreement (IC-DTA), ensuring that the same level of privacy and security protections are maintained across jurisdictions.

Art Gharana may act as a data processor or service provider to the corporate client when handling participant data on behalf of the client, depending on the applicable law and the nature of processing. Where applicable, the corporate client shall remain responsible for ensuring internal compliance with its own privacy obligations regarding the disclosure of employee information to Art Gharana.

Art Gharana collects information necessary for delivering the Programs, ensuring quality and safety, providing customer support, analyzing performance, fulfilling contractual obligations, and meeting compliance requirements. Information may be collected directly from corporate representatives, directly from participants, automatically through digital platforms, or through recordings of live sessions.

Information related to the corporate client includes the organization’s legal name, business addresses, corporate domain information, HR or authorized representative names, email addresses, phone numbers, billing and invoicing details, tax-related identifiers, employee rosters or authorized user lists, internal departmental structures, program objectives, session preferences, and documentation exchanged during contract negotiation, compliance audits, or support escalations.

Information related to participants includes identifiers such as name, email address (corporate or personal, depending on client policy), phone number if voluntarily provided, job title, department, region, country, time zone, employee ID, team assignment, and any other information necessary for proper enrollment, access, and participation in the Programs. Art Gharana may also collect engagement information such as attendance records, session usage statistics, chat messages, survey responses, interactions with instructors, digital submissions, or wellness preferences shared voluntarily by participants during the course of Program activities.

Art Gharana automatically collects technical information such as IP address, browser type, device identifiers, operating system details, system logs, timestamps, and session navigation data. This automated information enables access authentication, platform optimization, security maintenance, fraud detection, and troubleshooting.

A critical aspect of information collection relates to session recordings. Art Gharana records all live sessions conducted under its corporate wellness programs. These recordings include audio, video, chat interactions, screen content shared by instructors, and any other participant interactions visible or audible during the session. Recordings are mandatory for all participants and cannot be disabled by participants or by individual client request unless explicitly stated in a separate contractual exemption. If a participant does not wish to be recorded, the appropriate course of action is to refrain from attending the live session. The corporate client is responsible for informing employees of these recording requirements in accordance with applicable laws.

Art Gharana processes collected information solely for legitimate business purposes related to the delivery and administration of corporate wellness programs. The primary purpose is to provide access to live wellness sessions, personalized content, instructional guidance, session recordings, feedback summaries, and other wellness-related activities requested by the corporate client.

Information is processed to authenticate participants, assign instructors, schedule sessions across time zones, deliver reminders and communications, enable attendance tracking, analyze engagement, generate participation reports, and provide aggregated wellness metrics. Art Gharana also processes information for the purpose of improving the quality, effectiveness, and relevance of its Programs; this includes analyzing aggregated usage patterns, training instructors, refining curriculum, evaluating program outcomes, identifying improvement areas, and ensuring the Programs remain responsive to corporate wellness goals.

Session recordings serve multiple purposes, including allowing participants to review past sessions for practice, enhancing quality control, enabling instructor evaluation, supporting compliance monitoring, and ensuring that sessions remain safe and appropriate for all participants. Recordings may also be used to investigate misconduct or resolve disputes between instructors, participants, or client organizations. Certain recordings may be retained as legal evidence when necessary to defend a claim or satisfy a statutory obligation.

Art Gharana may process information for administrative operations such as customer service, complaint resolution, technical support, fraud detection, system troubleshooting, trend analysis, policy enforcement, and management of contractual obligations. Additionally, Art Gharana may process information to comply with legal obligations in different jurisdictions, respond to court orders or regulatory authorities, enforce contractual rights, resolve payment-related issues, and maintain audit records.

Art Gharana may use aggregated and de-identified information to conduct internal research, perform statistical analysis, identify wellness trends, and develop new modules or program enhancements. Aggregated information does not identify any individual participant or corporate client and may be used broadly for improving Art Gharana’s services.

Art Gharana processes personal information on various legal bases depending on the jurisdiction and nature of the processing. The most common legal basis is the necessity of processing to perform a contract with the corporate client or to take steps at the request of the client prior to entering into a contract. Processing may also be based on legitimate interests, such as conducting audits, ensuring platform security, improving service quality, and maintaining safety and compliance in sessions. Certain processing activities may be performed to comply with legal obligations, such as maintaining tax records, responding to regulatory inquiries, or fulfilling statutory retention requirements.

Where applicable, Art Gharana may process personal information based on consent, particularly where required under GDPR, UK GDPR, or local privacy laws. However, processing of recordings, attendance information, and core program delivery information generally does not rely on consent because they are strictly necessary to fulfill the service agreement with the corporate client. Participants may withdraw consent for optional data processing activities but may not withdraw consent for essential activities that are required for delivering the Programs.

Art Gharana may disclose information to third parties under circumstances described in this Policy. Information may be shared internally between entities within the Art Gharana corporate group to facilitate Program delivery, technical support, data analysis, and operational efficiency. Disclosure may occur to service providers who support Art Gharana in operating its platforms, including cloud hosting providers, IT security specialists, CRM systems, email delivery services, analytics platforms, and similar vendors. These service providers are contractually obligated to implement adequate technical and organizational measures to safeguard information and are prohibited from using information for their own purposes.

Art Gharana may disclose information to the corporate client for legitimate operational reasons, including providing attendance and engagement reports, responding to compliance queries, resolving misconduct or performance concerns, addressing employee behavior issues, and enabling the corporate client to evaluate the effectiveness of the Programs. Disclosure to the corporate client will always be proportional, appropriate, and consistent with contractual obligations.

Information may also be disclosed in response to lawful requests by government authorities, regulators, or courts. Disclosure may occur where necessary to detect, prevent, or investigate fraud, security incidents, harassment, abuse, or violations of law or internal policy. Art Gharana may share information with legal counsel, auditors, or other professional advisors when necessary to obtain legal or compliance guidance. In the event of a merger, acquisition, restructuring, or sale of assets, information may be transferred to the successor entity subject to adherence to the principles of this Policy.

Aggregated and de-identified information may be shared publicly or with corporate clients, partners, or industry groups for research, benchmarking, or informational purposes. Such information cannot be used to identify individual participants.

Because Art Gharana operates globally, information may be transferred to or processed in countries outside a participant’s or corporate client’s home jurisdiction. Information relating to clients and participants located outside India is primarily processed in the United States. Information relating to clients and participants located in India is primarily processed in India. However, technical operations, instructor assignments, support services, and analytics may result in information being transferred across the United States, India, and other regions where Art Gharana’s subprocessors operate.

All international transfers are performed in compliance with applicable data protection laws. Where required by GDPR or UK GDPR, Art Gharana enters into Standard Contractual Clauses or equivalent safeguards with its subprocessors. Cross-border transfers involving India adhere to the requirements of the DPDP Act. Additional safeguards such as encryption, limited access controls, and data minimization are applied consistently across jurisdictions.

Art Gharana retains personal information for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, enforce rights, resolve disputes, and maintain business records. Corporate client information, including contracts, invoices, communication records, and operational data, is retained for the duration of the business relationship and for at least seven years thereafter to comply with accounting, taxation, regulatory, and legal obligations.

Participant information is retained for the duration of active participation in the Programs and for three years after a participant becomes inactive, unless a longer retention period is required by law or contractual obligations. Session recordings are retained for three years but may be retained longer if necessary to comply with legal requirements, support investigations, address claims, or satisfy a contractual obligation agreed between Art Gharana and the corporate client.

Following the expiration of applicable retention periods, information may be securely deleted, de-identified, or archived in accordance with Art Gharana’s internal retention and destruction policies.

Art Gharana implements a wide range of administrative, technical, and physical safeguards to protect information from unauthorized access, alteration, disclosure, or destruction. These safeguards include encryption of data at rest and in transit, access controls based on least privilege, multi-factor authentication for administrative access, intrusion detection systems, continuous security monitoring, vulnerability management, regular audits, background checks for employees and instructors, secure development practices, data minimization techniques, and strict access logging.

Art Gharana maintains a formal incident response plan to promptly identify, assess, and respond to data breaches or security incidents. If a breach affects information covered by this Policy, Art Gharana will notify the corporate client in accordance with applicable law and contractual obligations. The notification will include relevant details about the incident, steps taken to mitigate harm, and recommended steps for the client.

While Art Gharana implements robust security measures, no system can guarantee absolute security. Corporate clients are encouraged to maintain strong internal controls over employee access to Art Gharana systems and to educate employees about responsible online practices.

Participants may have rights under applicable laws to request access to their personal information, request corrections to inaccurate information, request deletion of information where legally permissible, request restriction of processing, object to processing, withdraw consent where processing is based on consent, or request data portability. Requests may be restricted or denied in certain circumstances, including where the information must be retained to fulfill contractual obligations, comply with legal requirements, or defend against legal claims.

Participants who wish to exercise such rights may contact their corporate HR or privacy contact or may reach out to Art Gharana directly through the contact information provided at the end of this Policy. Some jurisdictions may require participants to submit requests through their employer rather than directly to Art Gharana. Art Gharana may request additional information to verify identity before fulfilling a request.

Corporate clients may request information related to the processing of participant data, request exports of participant information in a structured format, request deletion of information belonging to participants who have left employment, request modifications to retention or access configurations where technically feasible, request audit logs demonstrating access to sensitive information, request evidence of Art Gharana’s security measures, or request Art Gharana’s compliance documentation including subprocessors lists and data transfer agreements.

Requests from corporate clients must be made by authorized representatives. Art Gharana may impose reasonable conditions or limitations where necessary to protect other participants, maintain security, or comply with legal obligations.

All participants are expected to adhere to standards of respectful conduct during the Programs. Art Gharana may monitor sessions through recordings and instructor oversight to ensure compliance. Any participant engaging in harassment, discrimination, inappropriate behavior, abusive language, disruptive conduct, or violations of safety protocols may be removed from a session, suspended from further participation, or reported to the corporate client. Art Gharana may use session recordings to substantiate findings and to assist the corporate client in conducting internal investigations.

The Programs may contain links or integrations with third-party platforms, scheduling tools, video conferencing systems, or external resources. These third-party services operate independently of Art Gharana and have their own privacy practices. Art Gharana is not responsible for the content or privacy practices of such third parties, and participants are encouraged to review their privacy policies before interacting with them.

Art Gharana may modify this Policy to reflect changes in legal requirements, regulatory guidance, operational practices, technological developments, or program enhancements. When changes are material, Art Gharana will notify the corporate client and provide reasonable time for review. Continued participation in the Programs after changes are published constitutes acceptance of the revised Policy.

For corporate clients and participants located outside India

Privacy inquiries may be directed to:
Art Gharana LLC, 13717 Camp Comfort Lane, Austin, Texas 78717, USA
Email: support@artgharana.com
Grievance Officer: Mr. Nitin Kumar

For corporate clients and participants located within India

Inquiries may be sent to:
Artgharana Global Private Limited, 178 Panchvati Vastra Nagar, Roshni Ghar Road, Jayendraganj, Lashkar, Gwalior 474001, India
Email: support@artgharana.com
Grievance Officer: Mr. Nitin Kumar