+91 888 276 0684Home » GDPR Compliance
General Data Protection Regulation (GDPR) (tuition-ed.com)
Effective Date: 5 March 2024
Introduction
Tuitioned ("Tuitioned," "we," "us," or "our") is firmly committed to the protection of your personal data in full compliance with the General Data Protection Regulation (GDPR). This Privacy Policy provides a comprehensive and transparent explanation of our data practices, including:
● Types of Personal Data Collected: We detail the specific data elements collected from each user category (tutors, consumers).
● Lawful Basis for Processing: We clarify the legal justification (e.g., contract, consent, legitimate interest) for each type of data processing.
● Purpose of Data Processing: We provide a granular explanation of how data is used for specific functions of the service.
● Data Security Measures: We outline the robust technical and organizational safeguards implemented to protect your information. ● Data Retention Practices: We describe how retention periods are determined based on operational needs and legal obligations.
● Your GDPR Rights: We detail your individual rights under the GDPR and how to exercise them.
● International Data Transfers: We explain the mechanisms used for transferring data outside your jurisdiction and the safeguards employed.
● Lawful Basis for Processing: We clarify the legal justification (e.g., contract, consent, legitimate interest) for each type of data processing.
● Purpose of Data Processing: We provide a granular explanation of how data is used for specific functions of the service.
● Data Security Measures: We outline the robust technical and organizational safeguards implemented to protect your information. ● Data Retention Practices: We describe how retention periods are determined based on operational needs and legal obligations.
● Your GDPR Rights: We detail your individual rights under the GDPR and how to exercise them.
● International Data Transfers: We explain the mechanisms used for transferring data outside your jurisdiction and the safeguards employed.
Types of Data Collected
We collect the following categories of personal data:
● Tutors:
○ Full name, email address, phone number, physical address.
○ Educational qualifications, professional certifications, and work experience.
○ Payment processing information, such as bank account details or third-party payment platform identifiers.
○ Tutoring preferences, subject expertise, and availability.
○ Educational qualifications, professional certifications, and work experience.
○ Payment processing information, such as bank account details or third-party payment platform identifiers.
○ Tutoring preferences, subject expertise, and availability.
● Consumers (Students/Parents):
○ Full name, email address, phone number.
○ Physical address (optional, if required for logistical purposes).
○ Student's academic information (grade level, subjects of interest).
○ Payment processing information.
○ Physical address (optional, if required for logistical purposes).
○ Student's academic information (grade level, subjects of interest).
○ Payment processing information.
● General Website Users:
○ IP address, browser and device type, operating system.
○ Website interaction data (pages viewed, searches, actions taken).
○ Cookies and similar tracking technologies (with user consent).
○ Website interaction data (pages viewed, searches, actions taken).
○ Cookies and similar tracking technologies (with user consent).
Purpose and Lawful Basis for Processing
We process your data for the following purposes and under these lawful bases:
| Purpose | Lawful Basis |
|---|---|
|
Establishing and managing user accounts |
Contractual Necessity |
|
Facilitating tutor-student matching |
Legitimate Interest |
|
Scheduling and conducting online tutoring sessions |
Contractual Necessity |
|
Processing payments and financial transactions |
Contractual Necessity, Legal Obligation |
|
Sending service updates and notifications |
Contractual Necessity, Legitimate Interest |
|
Providing customer support and resolving issues |
Contractual Necessity, Legitimate Interest |
|
Website analytics and personalization |
Legitimate Interest, Consent |
|
Marketing communications and promotions |
Consent |
|
Compliance with legal and regulatory requirements |
Legal Obligation |
|
Fraud prevention and security |
Legitimate Interest |
Your GDPR Rights
The GDPR grants you the following rights over your personal data:
● Right to Access: You have the right to request confirmation of whether we hold your personal data and to access a copy of the information.
● Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
● Right to Erasure (Right to be Forgotten): Under certain circumstances, you have the right to request that we delete your personal data.
● Right to Restriction of Processing: You may request that we limit the processing of your personal data in specific situations.
● Right to Data Portability: You may request a portable copy of your data in a commonly used format.
● Right to Object: You have the right to object to certain types of data processing, such as direct marketing.
● Right to Withdraw Consent: Where we process data based on your consent, you may withdraw that consent at any time.
● Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
● Right to Erasure (Right to be Forgotten): Under certain circumstances, you have the right to request that we delete your personal data.
● Right to Restriction of Processing: You may request that we limit the processing of your personal data in specific situations.
● Right to Data Portability: You may request a portable copy of your data in a commonly used format.
● Right to Object: You have the right to object to certain types of data processing, such as direct marketing.
● Right to Withdraw Consent: Where we process data based on your consent, you may withdraw that consent at any time.
Exercising Your Rights
To exercise any of your GDPR rights, please contact us at: https://tuition-ed.com/contact-us/
Data Security
We implement robust technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:
● Encryption: Data is encrypted at rest and in transit using industry-standard protocols.
● Access Controls: Only authorized personnel have access to personal data on a need-to-know basis.
● Network Security: Firewalls, intrusion detection systems, and vulnerability scanning are employed.
● Data Breach Incident Response: We maintain a comprehensive incident response plan in the unlikely event of a data breach.
● Staff Training and Awareness: All personnel are regularly trained on data protection principles and best practices.
● Access Controls: Only authorized personnel have access to personal data on a need-to-know basis.
● Network Security: Firewalls, intrusion detection systems, and vulnerability scanning are employed.
● Data Breach Incident Response: We maintain a comprehensive incident response plan in the unlikely event of a data breach.
● Staff Training and Awareness: All personnel are regularly trained on data protection principles and best practices.
Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Retention periods are determined based on the following factors:
● Active Account: Data is retained while your account remains active.
● Legal Obligations: Data may be retained to comply with tax, accounting, or other legal requirements.
● Dispute Resolution: Data may be retained to manage potential legal claims or disputes.
● Legal Obligations: Data may be retained to comply with tax, accounting, or other legal requirements.
● Dispute Resolution: Data may be retained to manage potential legal claims or disputes.
Upon termination of your account or expiry of the retention period, your personal data will be securely deleted or anonymized.
Data Sharing
We may share your personal data with the following categories of recipients under limited circumstances:
● Third-Party Service Providers: We may engage trusted third parties to assist with payment processing, email communication, website hosting, and analytics. These providers have contractual obligations to ensure the confidentiality and security of your data.
● Legal Compliance: We may disclose your data if required to do so by law, a court order, or other legal process.
● Business Transactions: In the event of a merger, acquisition, or sale, we may transfer your data as part of the transaction, subject to appropriate safeguards.
● Legal Compliance: We may disclose your data if required to do so by law, a court order, or other legal process.
● Business Transactions: In the event of a merger, acquisition, or sale, we may transfer your data as part of the transaction, subject to appropriate safeguards.
International Data Transfers
If your personal data is transferred outside of your jurisdiction, we will ensure that adequate safeguards are in place to protect your information. These safeguards may include:
● Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission for data transfers to third-party processors outside your jurisdiction.
● Other Approved Mechanisms: Transfers may be made to countries that have been deemed to provide an adequate level of data protection or under other approved transfer mechanisms.
● Other Approved Mechanisms: Transfers may be made to countries that have been deemed to provide an adequate level of data protection or under other approved transfer mechanisms.
Children's Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal data from individuals under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us immediately.
Updates to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by posting the revised policy on our website with a new effective date. We encourage you to review the Privacy Policy periodically for updates.
Contact Information
If you have any questions about this Privacy Policy, your personal data, or your GDPR rights, please contact our Data Protection Officer at: https://tuition-ed.com/contact-us/