Data Protection & GDPR Compliance Policy

Last updated: Sept 14th, 2020

This Data Protection Policy will be effective from the date Sept 14th, 2020 forward.

At, we shall refer to ourselves as “Us”, “We”, “the Site” or “” and we shall refer to you as the “Customer” or “Website Visitor” for the purposes of this Data Protection Policy.

This Data Protection & GDPR Compliance Policy will be referred to throughout this Agreement simply as the “Agreement”, “Policy”, “Data Protection Policy” or “Data Protection Agreement”.

If you are accepting this Data Protection & GDPR Compliance Policy on behalf of another individual, partner, customer or party, you attest and warrant that:

  • You have dutifully read and understood our data protection policy here at

  • You have been granted the full legal authority to bind yourself, or the applicable entity, to these terms set forth in this policy

  • Furthermore, you acknowledge and agree, on behalf of the entity, person or party you represent

If you do not possess the granted legal authorization to bind the customer or affiliate, please do not, “Agree, Accept, Sign, Acknowledge, or Opt-in” pertaining to this agreement.

1. An Introduction To Data Protection & GDPR Compliance is committed to offering a remarkable learning experience for everyone we engage with and work with.

We know that our customers, students, users and participants are wholly committed to their own success and getting desirable results and is equally committed to making sure that each interaction that an individual has with our content is set up for maximizing the educational value, experience and potential for each student.

In order for to make this happen, it is necessary for us to gather and utilize certain data and information about individuals.

Individuals who we collect data or information about include: website visitors, paying customers, partnered affiliates, business contacts, employees and other people the company has a relationship with or may need to have contact with.

This policy shares and describes how this particular personal data is gathered, managed and stored to meet the company’s data protection standards — and to fully abide by the law.

This policy also sets out terms and/or conditions that will apply to’s processing and handling of the Customer’s Personal Data & Details under the Privacy Policy & Cookie Policy Agreements executed by “” and any “Website Visitor” or “Customer” who engages with the Site.

2. Why This Data Protection Policy Must Be In Place

This data protection policy provides oversight for the activities done within by making sure:

  • abides by all relevant data protection laws and follows industry standards and best practices

  • defends the rights of employees, customers, affiliates or partners

  • is transparent regarding how it stores and processes an individual’s data

  • defends itself from the consequences of a potential data breach

3. Interpretations, Terminology and Definitions

Here Set forth are the Terms Defined by the General Data Protection Regulation (GDPR):

A. “Policy Effective Date” is defined as the date on which Customer or Website Visitor clicked to acknowledge, accept or opt-in to this Data Protection Policy.

B. "Adequate Country" is defined as a country which is considered adequate by the European Commission under Article 25(6) of Directive 95/46/EC or Article 45 of the GDPR.

C. "Data Subject" is defined as the identified or identifiable person who is the source and therefore subject of Personal Data in question.

D. "Personal Data" is defined as any information or details included in the Customer’s Data relating to an identified or identifiable natural person or individual; an identifiable person is one who can be identified, directly or indirectly, specifically by reference to an identification number or to one or more factors specific to his or her physiological, mental, financial, ethnic, cultural, or social identity.

E. "Processing" is defined by the relevant EU Data Protection Law and "process", "processes" and "processed" will be interpreted as such.

F. "Data Controller" is defined as the entity or party that decides the purposes and methods of the Processing of any Personal Data.

G. "Data Processor" is defined as the party or entity that Processes Personal Data or details on behalf of, or under the guidance of, the Data Controller.

H. "Data Transfer Mechanism" is defined as an alternative data exporting solution for the ethical, lawful transfer or transmission of Customer Data ( as acknowledged under the EU Data Protection Law ) outside the EEA ( European Economic Area ).

I. "Data Protection Laws" are defined with respect to a party or entity, all privacy, data protection, information-security related and other laws, mandates or regulations that apply to such a party or entity, including, where relevant, European Union Data Protection Law.

J. "Data Protection Authority" is defined as having the responsibility and chief role of enforcement of and over any applicable Data Protection Law.

K. "EEA" stands for, represents and is referring too: the European Economic Area, United Kingdom, and Switzerland.

L. "EU Data Protection Law" is referring too:

  • Before the 25th of May 2018, European Union Directive 95/46/EC; and

  • On and after the 25th May 2018, European Union Regulation 2016/679 ("GDPR")

M. References alluding to "written instructions" and related terms refer to the Data Controller’s instructions for the Processing of Customer Data, which consists of:

  • The terms of this Policy & Agreement,

  • Processing enabled by the Data Controller through the Service, and

  • Other reasonable written instructions from the Data Controller, consistent with the terms of this Agreement.

N. "Model Contracts" are defined as the Standard Contractual Clauses for Data Processors as approved by the European Commission under the Decision 2010/87/EU in the form made available and accessible in the Platform.

O. "Security Incident" is defined as any unexpected, unplanned, unauthorized or unlawful confirmed breach of security that leads to the accidental or unlawful termination, loss, alteration, unauthorized disclosure of, or access to Personal Data and Information from within the Data Processor’s control.

P. "Sub-processor" is defined as any Third Party or entity that is engaged by the Data Processor or its affiliates to process or handle any Customer Data pursuant to this Agreement.

Q. "Third Party" shall refer to any natural or legal person, public authority, agency, or any other individual or company other than the Data Subject, Data Controller, Data Processor, Sub-processors, or other individuals who, under the direct authorization of, the Data Controller or Data Processor, are granted permission to access and process the data.

R. Other terms that are Capitalized that are not mentioned or defined herein have the appropriate meanings given within the Agreement.

4. Other Terms Defined by in Relation to GDPR:

A. "Data Subjects" are defined to reference and include the individuals who’s data is provided to via engaging with the Site and Services by the Customer.

B. "Processing Details of Subject Matter" is defined as the subject matter or core purpose of the data processing, which is the processing of the Customer Data.

C. "Duration of the Processing" is defined as the length of time the data will undergo processing which, will be lasting until termination of the Data Protection Agreement, plus the period from the expiry of the Agreement, until termination of all Customer Data by, in alignment with the terms of this Data Protection Policy.

D. "Nature and Purpose of the Processing" is defined as the purpose or reason for the Processing under this Policy, which is the provision of the Service to Customer and the performance of’s obligations under this Agreement or as otherwise agreed too by the parties involved “” and “Customer”.

E. "Categories of Data" is defined as data relating to individuals that is provided to when Customers register to sign up, login to the platform, engage with and use the product, interact with the website and its features and interact with any ads designed by

F. "Security Measures" are defined as the measures or standards that agrees to put into practice. They are commercially reasonable, technical and useful measures designed to stop or prevent unwarranted access, use, alteration, or disclosure of the Service or Customer Data.

5. European Union (EU) General Data Protection Regulation (GDPR) Protection Law

The GDPR (General Data Protection Regulation) protection law discusses and describes how organizations and companies who actively engage in business with individuals or other entities located within the EU (European Union) nations — including — must collect, handle and store the personal information of their users and contacts.

These rules are applicable irrespective of whether data is housed electronically, on paper, or in any other form or manner.

To abide by the law, personal data and information must be gathered and used fairly, stored safely, and not unveiled or disclosed in an unlawful manner.

The EU GDPR has eight foundational principles.

These eight principles state that personal information & data must:

1. Be handled and processed fairly and lawfully

2. Be acquired only for specific, law abiding purposes

3. Be adequate, relevant and not excessive

4. Be accurate and kept up to date

5. Not be stored or held for any longer than necessary

6. Handled and processed in accordance with the rights of data subjects

7. Be protected in effective and appropriate ways

8. Not be sent or transferred outside the European Economic Area (EEA) unless that country or region also can ensure a proper level of data protection

6. Data Protection Policy Statement

Each and every day our business will collect, use and store personal data and information about our customers, affiliates, partners, and colleagues.

It is of high importance that this data and information is used lawfully and appropriately, in line with the rules and procedures of the Data Protection Act 2018 and the General Data Protection Regulation (unanimously referred to as the ‘Data Protection Requirements’).

At, we take our data protection responsibilities seriously, because we respect the individuals and the trust they are placing into us, to use their personal data and information in an appropriate and responsible manner.

7. Describing This Data Protection Policy

This policy and any other documents of relevancy referred to in it, creates the foundation on which we will handle, use or process any personal data or information that we gather.

This policy does not compose part of any one single employee’s contract of employment and this policy also may be amended at any time to reflect updates. as a whole organism is responsible for making sure compliance with the Data Protection Requirements are met.

Any questions, concerns or feedback about the descriptions in this policy or if there are any concerns that the policy has not been strictly followed should be referred to the Data Protection Officer.

The Data Protection Officer’s Details:

Name: Justin Spencer

Mailbox: Attn: Justin Spencer
3104 E Camelback Rd #2124
Phoenix, AZ 85016

8. Scope and Applicability of this Data Protection Policy

A. This regulation is in reference to the processing and handling of the personal data in the context of the activities of the organization of a Controller or a Processor in the EU.

B. This Agreement applies where and to the extent that processes or handles Customer Data that originates or is sourced from the EEA ( European Economic Area ) or that is otherwise subject to the EU Data Protection Law, on behalf of the Customer in the course of rendering the Service pursuant to this Agreement.

9. What is The Definition of Personal Data?

Personal data is: information or details that help identify an individual. Whether this data is stored via physical or electronic options, makes no difference.

Data processing is: any activity that engages in the use of personal data. This includes acquiring, recording, or storing the data, organizing, amending, retrieving, using, disclosing, erasing, or terminating the data.

Data processing also: includes transmitting or transferring personal information or data to third parties under controlled and secure privacy conditions. Sensitive personal information or data includes:

  • Contact information

  • Residence or street address,

  • Session activity on the platform

  • IP address and geolocation

Sensitive personal data can only be processed under strict security conditions and used for the express purpose that it was originally received for.

10. Further Interpretation of the Eight Core Data Protection Principles & it’s employees whom handle or deal with data or data processing will ensure that:

1. All data is processed fairly, lawfully and in a transparent manner.

2. Any data that is received is only received for specific and legitimate purposes and any further processing to the data is completed for a specific and legitimate purpose.

3. Data collection is done in an adequate, relevant and limited way to only gather what is necessary for the intended legitimate outcome or purpose.

4. Data processed or stored will be kept up to date and accurate.

5. Data will be treated in such a way where it is kept in a form which allows personal identification for no longer than strictly necessary and for the intended purposes only.

6. The Data processed in line with the individual’s rights concerning his or her data and information.

7. The data is handled in a manner that ensures the appropriate security of the said data, including protection against unauthorized or unlawful processing or activities and against accidental loss, destruction, or damages by using the appropriate technical and organizational standards.

8. The data will not be transferred to people or organizations residing in specific countries that do not have adequate data protection protocols in place and without having notified the individual.

11. Ensuring Fair and Lawful Processing of Data

The Data Protection Requirements are not meant to stop or prevent the processing of personal information or data, but to rather to ensure that it is done so fairly and without adversely impacting or affecting the rights of the individual.

In line with the General Data Protection Regulation (GDPR), will only process personal information or data where it is required and for a lawful purpose only.

The lawful purposes include (amongst others): whether the individual has granted their consent, the processing is needed for performing a contract or obligation with the individual, for compliance with respect to a legal obligation or responsibility, or for the legitimate interest of the business. When sensitive details and/or personal data are being processed, there are additional conditions which must be met.

A. Regarding the Collection of Information

When you engage with, we receive and store information about you such as:

Type 1: Information you send to us or provide us:  We collect details and information you provide to us which includes: your first and last names, your specified email address, your mailing or residential address including your postal code, your payment method such as credit card details and your telephone number.

We receive this information in a range of ways, including your voluntarily manual entry while you are using our website or services, interacting with our customer service staff, participating in surveys or marketing promotions, submitting reviews, testimonials or ratings, setting preferences in your user account, or otherwise providing information to us through our website or services or elsewhere.

Type 2: Information we receive automatically:  We receive some information about you automatically when you access our website at, these include, your interactions with us in our interactive chat feature and in our advertising campaigns, as well as information regarding your computer, IP address, geolocation or other device used to access our website,

This information we receive automatically includes:

  • A. Your activities and behaviors on our website platform such as your progress with our education products and programs and any search queries you’ve submitted into our search features

  • Information regarding your engagements with our customer service team such as the date, time and the primary reason or motive for getting in touch with us

  • Transcriptions of any conversations that occurred in our chat feature that you initiated on our website

  • Under the circumstances of you utilizing a phone support option, then your phone number

  • Web browsing devices and or unique identifiers of these devices and software features such as operating system

  • Standard analytic tracking information such as: PageViews, Referral URLs, IP Addresses, and other statistics of an analytical nature which is used to improve our services

  • Data, details and information collected & received via the employment of cookies, web beacons and other like technologies, including advertising data like: impressions (views) connected to a cookie, the website URL where the impression was delivered, as well as the time and date.

B. Please refer to our Cookie Policy & Our Privacy Policy if you would more details on these aforementioned data collection techniques.

C. Regarding the Use of Information Collected

At, we use the data and information we receive or collect to provide, analyze, administer, improve, enhance, customize and personalize our services and marketing campaigns, to process your form submissions on our website such as: your registrations, your orders, your payments and your communication with us on these and other topics of relevancy.

Our primary objective is always to improve and enhance the experience for our users. We do so in numerous ways using the data and details that we receive and collect, but a few examples are:

Learning more about your general usage on the website and platform, required video module completion actions, task related action item completions, business building action item related completions and saving your login details.

This then helps us understand what challenges you are encountering while using the website and/or platform, these insights gathered allow us take the initiative to shorten the effort required on your end to use and get the most out of our website/platform and its services. also collects and receives other information and details, such as: the most visited links or pages on our website, which can help us understand what content was most popular which helps us to create more content related to our core user’s needs, interests and objectives.

12. Data Processing for Limited Purposes

In the course of our business activities conducted at, we may receive, collect and process personal data and details, which may include details and data that we receive directly from a data subject (‘individual or company’) and the data we receive in this kind of situation (from other sources) such as: location, data regarding business partners or subcontractors who work on relevant technical, payment related and delivery related services, credit agencies and other capacities. will only utilize or process the data and hold the data for the minimum amount of time necessary to compete the task at hand. will only process personal data or information for the needed specific purposes of relevancy or for any other purpose that is specifically allowed and in line with the Data Protection Requirements mandates.

We will notify the data subject of those purposes when we first gather or receive the data or as soon as possible thereafter.

13. The Role and Scope of the Processing of Data

A. The Customer will act as the Data Controller and will act as the Data Processor under this Agreement. Both the Customer and will be subject to any and all applicable Data Protection Laws in the line of carrying out of their obligations and responsibilities as set forth in this Agreement.

B. Each Customer retains all ownership rights in relation to their Customer Data, as set forth in this Agreement. Except as expressly authorized by the Customer in writing or as instructed by the Customer, shall have no right to directly or indirectly sell, rent, lease, combine, present, display, perform, alter, modify, transfer, transmit or disclose the Customer Data or any subsequent or derivative work thereof. shall act only in line with the Customer's instructions regarding the Processing and handling of the Customer Data, except to the extent prohibited by any relevant applicable Data Protection Laws.

C. Any additional instructions that may not be consistent with the scope of this Agreement may require prior written agreement and consent from both parties, including agreement on any additional fees payable by Customer where applicable.

D. Nevertheless, the Customer acknowledges and understands that will have the right to use Aggregated Anonymous Data which is data that is stripped of personally identifying information that identifies who you are and any details about you.

E. shall not share or disclose the Customer Data to any Third Party or entity in any circumstances other than in compliance with the Customer’s instructions or in compliance with a legal obligation or responsibility that makes disclosure necessary. shall notify the Customer in writing prior to making any such legally mandated disclosure, to the extent permitted by the Data Protection Laws.

F. For purposes of clarity, nothing in this Agreement limits from transferring or transmitting Customer Data ( including without limitation on Personal Data ) as instructed by the Customer through the Service.

14. Regarding Sub-processing of Data

A.’s obligations under this Agreement shall apply to’s employees, agents and Sub-processors who may have access to the Customer’s Personal Data and details.

B. The Customer agrees that is authorized to use Sub-processors ( including without limitation, cloud infrastructure providers ) in order to Process the Personal Data, under the condition that

  • Enters into a formally written agreement with any Data Sub-processor and also imposing data protection obligations and standards significantly similar to this Agreement; and

  • remains responsible for compliance with the obligations of this Agreement and for any acts or omissions of the Sub-processor that cause to breach any of its responsibilities under this Agreement.

C. Information about Sub-processors, including their functions, roles and locations, is accessible or available on request and may be updated by from time to time in line with this Agreement.

15. Informing Individuals Regarding Their Data

If we collect, receive or gather personal data and details directly from an individual, we will notify them about:

A. The purpose or purposes for which we intend to use that data or process that data as well as the legal basis for doing the specified processing purpose.

B. Where or when we rely predominantly upon the legitimate business interests of the company to process the personal data, otherwise stated: when the legitimate and sound interests are pursued.

C. When sharing is intended to be done with third parties, the kinds of third parties the data is being shared with, of which we share or disclose that personal data.

D. If or when intends to transmit or transfer personal details or data to a non-EEA country or international organization and furthermore, the specified and appropriate safeguards that are in place for such a data transfer like this.

E. How an individual can control and limit our use and our disclosure of their personal information and details.

F. Information concerning the time allotment or time period that their data or information will be stored and/or the criteria used to determine that length of time.

G. Their individual right to request that we, as the data controller, rectify or erase, their personal data or details or abide by a restriction on how their data or details are to be used or processed with our company.

H. Their individual right to decline their data being processed and their individual right to data portability.

I. Their individual right to retract their consent at any given time ( if consent was originally given ), without impacting the lawfulness of the data processing done before the consent was retracted.

J. Their right, if desired, to submit a complaint with the Information Commissioner's Office.

K. Other sources where personal data, information or details regarding the individual originated from and whether or not it came from a publicly accessible source.

L. Whether the provision of the personal data, information or details is a statutory or contractual obligation, or a mandatory requirement to enter into an agreement or contract, as well as whether the individual is obligated to provide the personal data or details and any ramifications of failure to provide the data.

M. Pointing out the existence of prearranged information such as automated decision-making, including profiling and relevant information about the logic involved, as well as the importance and the envisioned consequences or results of such processing for the individual.

If we receive personal data, information or details about an individual from other originating sources, we will provide our users who are composed in this data, as soon as possible, and we will remind or inform them of their rights and protections concerning their personal data and how it used and whether they wish to opt out.

We will inform them in a timely manner, no greater than 30 days after we receive such information.

We will also notify our data subjects whose personal data we process, or are intending to process, and that we are the data controller with regard to that data and,

Our contact details for any matter regarding data protection is:

Data Protection Officer Name: Justin Spencer

Data Protection Officer Email:

Mailing Address:
Attn: DPO - Justin Spencer
3104 E Camelback Rd. #2124
Phoenix, AZ 85016

16. Regarding Adequate, Relevant and Non-Excessive Data Processing will only collect personal data, information or details, to the extent that it is required for the specific purpose at hand, and notified to the data subject, or participating individual who engages with and it’s platform or services.

17. Regarding Keeping Data Accurate will take steps to ensure that the personal data, information and details that we store are accurate and kept up to date in a timely fashion. will check and attempt to verify the the accuracy of any personal data at the point of collection or receipt, and also at regular intervals afterwards to maintain accurate data. will take all reasonable and/or necessary steps to delete, amend or update inaccurate or out-of-date details or data.

18. Regarding Timely Processing will not hold onto the personal data, information or details for longer than necessary for the original purpose or purposes for which it the data was collected. will take all necessary and reasonable steps to delete or erase from our systems, all data, details or information which is no longer required.

19. Regarding Data Processing in line with the Individual’s Rights will process all personal data, information and details whilst abiding by the data subject’s ( the individuals’s ) rights and in particular their specific rights to:

A. The right to seek confirmation as to whether or not your personal data concerning is being processed.

B. The right to request access to any data held about the individual by the data controller in question.

C. The right to request modification, deletion or restriction on the processing of their personal data and details.

D. The right to file a complaint with an applicable data protection authority.

E. The right to data portability so the individual can maintain access to their data and transfer it if need be.

F. The right to decline or object to data processing for example purposes such as opting out of for direct marketing campaigns.

G. The right to not be subjected to automated decision making logic, including profiling if applicable, in certain situations or circumstances.

20. Regarding the Security of Your Data will take all necessary, reasonable and appropriate security and safety measures and executable standards for safeguarding against unlawful or unauthorized processing of personal data and to protect and defend against the accidental or unlawful termination, destruction, damage, loss, alteration, or other unauthorized disclosure of or access to personal data, details or information being transmitted, transferred, stored, or otherwise processed. will set in place systems, procedures and technologies to create and maintain the security of all personal data it holds or deals with or processes, from the point of the determination of the means for processing, and from the point of the means of the data collection activities, to/from the point of the destruction of the data if it’s considered applicable.

Your personal data will only be transferred or transmitted to another data processor if he or she agrees to comply with these procedures, protocols and policies himself/herself, or if he/she puts into place adequate measures to safeguard and protect all data. will foster and maintain data security by safeguarding and protecting the confidentiality, integrity and availability of all of it’s personal data it has collected and defined as follows:

A. Confidentiality: Only people who have a need to use that data are authorized to use or handle it.

B. Integrity: Personal data should be kept accurate and updated if needed and kept strictly in line with the purpose for which it is was collected and intended to be processed for.

C. Availability: Only authorized personnel or users will be able to access the data if they need access to it for legitimate purposes. Personal data, details and information should therefore be stored on the servers & databases and not individual personal computers.

Our Security Measures & Procedures:

  • Entry identification: Any stranger or unknown person seen in entry-controlled areas will be reported.

  • Desks, computers, cupboards or other containers of information, data or details will be kept locked if they hold any personal data, information or details that should be kept confidential or personal information of any kind that is meant to be safeguarded and protected.

  • Data processing minimization will be instituted and practiced.

  • Data stored or transferred will be encrypted to further assist with maintaining security.

  • Methods of deletion or disposal: Physical documents such as paper documents will be shredded. Digital data and storage devices will be physically destroyed when they are no longer being used for useful purposes. Any electronic data or details would be erased once its intended purpose has been completed or fulfilled.

  • Regarding Equipment: Employees have to ensure that individual screens or monitors do not show sensitive or confidential details or information to passers-by and that employees sign off from all of their personal computing devices before it is left unattended.

  • Regarding Transferring or Sending Personal Data Outside of the EEA: may transfer any personal data, information or details we are holding to a country outside the European Economic Area (‘EEA’) or to an international organization, so long as one of the subsequent conditions applies:

  • If the country in question to which the personal data is being transferred too possesses an adequate level of safeguards and protection systems in place so the individual’s rights are being protected and acknowledged

  • If the data subject ( ‘the individual’ ) has given his or her consent for doing so.

  • If the data transfer is necessary for one of the purposes or reasons set out in the Act, including the obligation, completion or performance of a contract between us and the data subject ( ‘the individual’ ), or to safeguard and defend the key interests of the individual.

  • If the transfer is legally mandated or required on important grounds of public interest or for the establishment, exercising or defending of any applicable legal claims.

  • If the transfer is granted permission by the relevant data protection authority where we have observed proper safeguards with respect to the protection of the individual’s privacy and their fundamental rights and the option of exercising their rights.

Subject to the requirements above, personal data we hold may also be used or processed by employees operating outside of the European Economic Area, who work with us, or for us or for one of our vendors.

Those employees may be involved in, among other things, the fulfillment of business dealings or contracts with the data subject ( ‘the individual’ ), the usage or processing of payment details and the oversight and provision concerning customer support services.

21. Data Security Continued


A. will implement and maintain the appropriate technical and organizational safety and security standards and measures to protect all Personal Data from Security Incidents and to maintain the security and confidentiality of the Personal Data, in line with’s security standards.

B. The Customer is responsible for reading, reviewing and acknowledging the information made available by relating to information and data security and making an independent conclusion as to whether the Service meets the Customer’s needs or requirements and legal obligations under the Data Protection Laws. The Customer acknowledges that the Security Standards and Measures are subject to technical progress and that may update or modify with the goal of improving, the Security Measures from time to time provided that such updates and modifications do not lead to a degradation or downgrade of the overall security standards of the Service purchased by the Customer.

C. shall ensure that any individual or person who is authorized by the Customer to process or handle any Personal Data ( including its employees, agents or Sub-processors ) shall be under an appropriate, binding or statutory mandate of confidentiality.

22. Regarding A Potential Security Breach

A. Upon becoming aware of a confirmed Security Incident or Breach, shall notify the Customer without undue delay, in line with the Security Measures.

However, in the event that a confirmed security breach took place, is also not required to make such notice to the extent prohibited by the Data Protection Laws and may delay such notice as requested by a legitimate law enforcement agency and/or in light of’s legitimate needs to investigate or remediate the matter at hand before providing such notice to the Customer.

B. Each notice of a Security Incident or Breach will include:

  • A detailed description to the extent of which any Personal Data has been, or is reasonably expected or believed to have been, used, accessed, acquired, or disclosed during the Security Breach;

  • A detailed description of the known facts regarding exactly what happened, including the approximate date and time of the the Security Breach and also date and time of the discovery of the Security Breach, and if also known;

  • A detailed description covering the scope of the Security Breach, to the extent available or understood; and

  • A detailed description of’s response and planned future actions to respond, to the Security Breach, also including the direct steps has taken already and will furthermore take, to mitigate the damage caused by the Security Breach.

C. will take every reasonable measure it can, to mitigate the harmful effects of the Security Breach or Incident and to prevent further unwarranted access or disclosure of data and information.

23. Regarding The Disclosure and Sharing of Personal Data may choose to share personal data, information or details we are holding with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as referenced and defined furthermore in: 

24. Regarding Individual Data Access Requests has a Privacy Policy explaining how personally identifying data relating to individuals is used by the company.

If you desire to know what information we may be storing about you, then you as the individual, must make a formal written request, via email preferably, to confirm the information we have about you.

Any employees in our company who receive a request data access request, will make sure forward it to the data department in a prompt manner. In the event of receiving phone inquires, will only disclose personal data, details or information that we hold on our systems, if the following conditions are met:

A. will take all reasonable steps and precautions to verify the caller’s identity to make sure that information is only handed out to a person who is justly entitled to it.

B. will recommend that the caller put their desired request into writing if we are unable to verify or confirm the caller’s identity.

C. When or if a request for access to an individuals data is submitted electronically, the data will be provided electronically whenever possible. Our customer support team will refer the request to the Data Processing Department or the Data Protection Compliance Manager for any help in trivial circumstances or situations.

25. Regarding Data Regulatory Compliance

A. At the Customer’s request and expense, shall reasonably assist or help the Customer as needed or necessary to meet its obligations or mandates to regulatory authorities, including Data Protection Authorities.

B. shall ( at the Customer's expense ) reasonably assist or help the Customer to respond to requests from other individuals in relation to their individual rights of and over data access, data rectification, data erasure, data restriction, data portability and data objection. In the case that any such request is made directly to, then shall not reply or respond to such a communication directly, without first obtaining or acknowledging the Customer's prior authorization, unless required by the Data Protection Laws.

26. Reviewing Data Standards, Data Processing and Handling Customer Data Requests

A. At The Customer’s request, will provide the Customer with written replies or responses to all reasonable requests for details, data or information made by the Customer, relevant to the handling and Processing of Personal Data pertaining to this Agreement, including replies or responses to security or audit surveys or questionnaires, in each case to the extent necessary to validate and confirm’s compliance with this Agreement.

B. will provide its response regarding this information within 30 days from receiving the Customer’s written request, unless shorter notice is otherwise mandated by the Customer’s regulatory authority or authorities.

C. Except as expressly mandated by Data Protection Laws, any review under this ‘Section 26’:

  • Will be conducted no more than one time per year, during’s normal operating business hours, in a way, so as not to interfere with regular business operations;

  • Will be subject to this section and agreement, and’s reasonable confidentiality standards and security constraints;

  • Will be conducted or performed at the Customer’s expense; and

  • Will not extend to any additional information, systems or facilities owned or operated by, or other customers, or the Third Party infrastructure providers uses.

D. Any information provided by under this ‘Section 10’ constitutes’s Confidential Details, Data and Information under this Agreement.

27. Cooperation with Data Protection Authorities

A. Where and whenever mandated by Data Protection Laws, will render the relevant Data Protection Authorities with data, details or information related to’s Processing and handling of Personal Data. further acknowledges and agrees that it will maintain such mandated registrations and where needed, renew them during the term of this Data Protection Agreement. Any alterations to’s status in this regard, shall be displayed to the Customer immediately either via an email communication or in-app alert notification.

B. To the extent is mandated under the Data Protection Laws, will ( at the Customer's expense ) render reasonably requested information or details pertaining to the Service or beforehand consultations with Data Protection Authorities to assist and help the Customer to carry out any data protection impact assessments where relevant or applicable.

28. Transferring of Data

A. may, subject to complying with, this: Section 28, store, handle and process Customer Data anywhere in the world where or Affiliates or Sub-processors maintain data handling and processing tasks and operations.

B. To the extent that processes or handles any Personal Data or details protected by GDPR and/or originating from an EEA location ( European Economic Area ) in the United States or a different country outside the EEA, that is not designated as an “Adequate” Country, then the parties shall sign the Model Contracts which are referenced hereunder.

C. All parties agree that is the “data importer” and the Customer is the “data exporter” in relation to the Model Contracts ( Even if that Customer may be an individual or entity located outside of the EEA ).

D. The parties acknowledge and agree that the data export solution referenced in ‘Section 8.B’ shall not apply if and to the extent that adopts an Alternative Transfer Mechanism. In which case, the Alternative Transfer Mechanism shall instead apply ( but only to the extent such Alternative Transfer Mechanism extends to the regions or territories to which the Personal Data is to be transferred ).

29. Regarding The Return or Termination of Data

A. shall, within 90 days after a request by a Customer at the termination or expiration of this Agreement, delete or return, at the Customer's decision, all of the Personal Data from’s systems.

Within a reasonable period of time, following termination, at the Customer’s request, will provide written validation and confirmation that’s responsibilities and obligations regarding the data termination or deletion have been satisfied and fulfilled.

B. In spite of the aforementioned ‘Section 11.A’, the Customer also acknowledges and understands that may retain Customer Data as required or mandated by Data Protection Laws, which data, will remain subject to the requirements of this Agreement.

30. Regarding Changes to Sub-processors

When any new Sub-processor becomes engaged with, will, at least 7 days before the new Sub-processor begins processing any Customer Data, inform the Customer of the new engagement with the new Sub-processing party, by sending an email or via any applicable in-app notifications or alerts.

31. Regarding Any Other Changes to this Policy may choose to alter or modify this Data Protection Policy at any time, but we will provide such notice of any material changes to this Data Protection Policy, such as publishing a notice on the relevant pages or services on our website,, and/or by sending you an written notification in the form of an email, to provide you with the opportunity to review and consider the changes made and to furthermore choose whether or not to continue engaging with our Services.

For other useful policy resources please see below: