PRIVACY POLICY

1.1.1 In this Privacy Policy, unless the context otherwise requires, words importing the singular shall include the plural and vice versa, and words importing any gender shall include all genders.

1.1.2 References to any statute, regulation, or legislative provision shall include any statutory modification, amendment, or re-enactment thereof.

1.1.3 Headings are for convenience only and shall not affect the interpretation of this Policy.

2.1.1 We collect the following Personal Identification Information:

• Full legal name;
• Email address;
• Telephone number(s);
• Date of birth;
• Gender;
• Physical address, including country, province/state, city, and area/neighborhood;
• Password (encrypted and stored securely);
• Profile photograph (if provided).

2.2.1 We collect and process the following Academic Information:

• Education system (Cambridge, ECZ, or other);
• Grade level or academic stage;
• School/Partner or institution affiliation;
• Subject selections and preferences;
• Performance data, including examination results, homework scores, and assessment outcomes;
• Learning patterns and recommendations;
• Video viewing history and engagement metrics;
• Strengths and weaknesses analysis;
• Academic progress reports.

2.3.1 We collect the following Financial Information:

• Subscription tier (free or premium);
• Payment transaction records;
• Currency preferences;
• Subscription period and expiry dates;
• Payment status and history;
• Discount applications;
• Outstanding balances.

2.3.2 We do NOT directly collect or store full credit card numbers, CVV codes, or banking credentials. Payment processing is handled by third-party payment processors in accordance with PCI-DSS standards.

2.4.1 We automatically collect Technical Information, including:

• IP address and approximate geolocation;
• Browser type and version;
• Operating system;
• Device information;
• Access times and dates;
• Pages visited and features used;
• Referring website addresses;
• Session duration and interaction data.

2.5.1 We retain records of all communications between you and the Company, including:

• Email correspondence;
• Support tickets and inquiries;
• Feedback and survey responses;
• Communications with Partner Schools/Partners and Administrators.

3.1 Direct Collection: Information you provide directly through:

• Registration and account creation forms;
• Profile updates and modifications;
• Subscription purchases;
• Contact forms and support requests;
• Surveys and feedback mechanisms.

3.2 Automated Collection: Information collected automatically through:

• Cookies and similar tracking technologies;
• Server logs and analytics tools;
• Platform usage monitoring;
• Performance tracking systems.

3.3 Third-Party Sources: Information received from:

• Partner Schools/Partners and their Administrators;
• Payment processors;
• Authentication services;
• Public databases and directories where legally permissible.

4.1.1 We process your Personal Data for the following purposes:

(a) Service Delivery and Account Management

• To create, maintain, and manage your user account;
• To provide educational content, assessments, and learning materials;
• To track academic progress and generate performance reports;
• To facilitate communication between Students, Administrators, and the Platform;
• To enable access to subscribed services and features.

(b) Payment and Subscription Management

• To process subscription payments and transactions;
• To manage subscription renewals, upgrades, and cancellations;
• To apply discounts and calculate pricing;
• To issue invoices and payment confirmations;
• To maintain financial records for accounting purposes.

(c) Platform Improvement and Personalization

• To analyze usage patterns and improve user experience;
• To develop personalized learning recommendations;
• To identify areas for academic support;
• To enhance platform functionality and performance;
• To conduct research and development activities.

(d) Communication and Support

• To respond to inquiries and provide customer support;
• To send service-related notifications and updates;
• To communicate changes to policies or services;
• To provide educational updates and announcements.

(e) Legal and Regulatory Compliance

• To comply with applicable laws and regulations in the Republic of Zambia;
• To fulfill tax and accounting obligations;
• To respond to lawful requests from government authorities;
• To enforce our Terms of Service and other agreements;
• To protect the rights, property, and safety of the Company, Users, and others.

(f) Security and Fraud Prevention

• To detect, prevent, and investigate fraudulent activities;
• To protect against unauthorized access and security breaches;
• To maintain the integrity of the Platform;
• To enforce acceptable use policies.

4.2.1 We process your Personal Data on the following legal grounds:

4.2.2 Contractual Necessity: Processing is necessary for the performance of the contract between you and the Company, specifically the Terms of Service governing use of the Platform.

4.2.3 Consent: Where you have provided explicit and informed consent for specific processing activities, which may be withdrawn at any time.

4.2.4 Legal Obligation: Processing is necessary to comply with legal obligations under Zambian law, including but not limited to tax laws, data protection regulations, and educational standards.

4.2.5 Legitimate Interests: Processing is necessary for the legitimate interests pursued by the Company or third parties, provided such interests do not override your fundamental rights and freedoms.

5.1.1 We implement appropriate technical and organizational measures to protect Personal Data against:

• Unauthorized or unlawful processing;
• Accidental loss, destruction, or damage;
• Unauthorized access or disclosure;
• Alteration or corruption of data.

5.1.2 Our security measures include, but are not limited to:

• Encryption of data in transit using TLS/SSL protocols;
• Encryption of sensitive data at rest;
• Secure password hashing using industry-standard algorithms;
• Regular security audits and vulnerability assessments;
• Access controls and authentication mechanisms;
• Firewall protection and intrusion detection systems;
• Regular backup procedures;
• Employee training on data protection and security.

5.2.1 Your Personal Data is stored on secure servers which may be located within or outside the Republic of Zambia.

5.2.2 We ensure that all data storage facilities maintain security standards equivalent to or exceeding those required under Zambian law.

6.1 We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including:

6.1.1 Active Accounts: Personal Data associated with active accounts is retained for the duration of the account's existence plus any applicable legal retention period.

6.1.2 Inactive Accounts: Accounts inactive for more than 24 consecutive months may be archived or deleted, subject to legal and regulatory requirements.

6.1.3 Financial Records: Transaction and payment records are retained for a minimum of seven (7) years from the date of the transaction to comply with Zambian tax and accounting regulations.

6.1.4 Academic Records: Academic performance data may be retained indefinitely for historical and statistical purposes, subject to appropriate anonymization where legally required.

6.1.5 Legal Obligations: Data may be retained beyond standard retention periods where required by law, regulation, or legal proceedings.

6.2 Upon expiry of the retention period, Personal Data will be securely deleted or anonymized in accordance with data protection best practices.

7.1.1 We may disclose your Personal Data to the following categories of third parties:

(a) Partner Schools/Partners and Administrators

If you are enrolled through a Partner School/Partner, we share relevant academic and personal information with authorized Administrators of that school/partner to facilitate educational services.

(b) Service Providers and Processors

We engage third-party service providers to perform functions on our behalf, including:

• Payment processing services;
• Cloud hosting and infrastructure providers;
• Email and communication services;
• Analytics and performance monitoring;
• Customer support platforms;
• Security and fraud prevention services.

(c) Legal and Regulatory Authorities

We may disclose Personal Data to law enforcement agencies, regulatory bodies, courts, and other governmental authorities when:

• Required by law or legal process;
• Necessary to comply with a valid court order or subpoena;
• Required to protect the rights, property, or safety of the Company or others;
• Necessary to investigate potential violations of our Terms of Service.

(d) Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Data may be transferred to the successor entity, subject to the same privacy protections.

7.2.1 We do NOT sell, rent, or trade your Personal Data to third parties for marketing purposes.

7.2.2 All third-party service providers are contractually bound to:

• Process Personal Data only for specified purposes;
• Implement appropriate security measures;
• Comply with applicable data protection laws;
• Delete or return data upon termination of services.

8.1 Your Personal Data may be transferred to, stored, and processed in countries outside the Republic of Zambia where our service providers maintain facilities.

8.2 When transferring Personal Data internationally, we ensure adequate safeguards are in place, including:

• Standard contractual clauses approved for international data transfers;
• Verification that recipient countries provide adequate data protection;
• Binding corporate rules for intra-group transfers;
• Your explicit consent where legally required.

8.3 By using the Platform, you acknowledge and consent to the international transfer of your Personal Data as described herein.

9.1.1 Subject to applicable law, you have the following rights regarding your Personal Data:

(a) Right of Access

You have the right to request confirmation of whether we process your Personal Data and to obtain a copy of such data, along with information about how it is processed.

(b) Right to Rectification

You have the right to request correction of inaccurate Personal Data and completion of incomplete data.

(c) Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your Personal Data where:

• The data is no longer necessary for the purposes for which it was collected;
• You withdraw consent and there is no other legal basis for processing;
• You object to processing and there are no overriding legitimate grounds;
• The data has been unlawfully processed;
• Erasure is required to comply with a legal obligation.

(d) Right to Restriction of Processing

You have the right to request restriction of processing where:

• You contest the accuracy of the Personal Data;
• Processing is unlawful but you prefer restriction to erasure;
• We no longer need the data but you require it for legal claims;
• You have objected to processing pending verification of legitimate grounds.

(e) Right to Data Portability

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

(f) Right to Object

You have the right to object to processing of your Personal Data based on legitimate interests or for direct marketing purposes.

(g) Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

(h) Right to Lodge a Complaint

You have the right to lodge a complaint with the Zambia Information and Communications Technology Authority (ZICTA) or other relevant supervisory authority if you believe your data protection rights have been violated.

9.2.1 To exercise any of the above rights, please contact us using the contact information provided in Section 15.

9.2.2 We will respond to your request within thirty (30) days of receipt, or such other period as required by applicable law.

9.2.3 We may require verification of your identity before processing requests to ensure data security.

9.2.4 Some rights may be subject to limitations under Zambian law, particularly where processing is necessary for legal compliance or the establishment, exercise, or defense of legal claims.

10.1 We use cookies and similar tracking technologies to enhance your experience on the Platform.

10.2 Types of Cookies Used

(a) Essential Cookies

Required for the Platform to function properly, including authentication and security features.

(b) Performance Cookies

Collect information about how you use the Platform to help us improve functionality and performance.

(c) Functionality Cookies

Remember your preferences and personalize your experience.

(d) Analytics Cookies

Help us understand user behavior and measure the effectiveness of our services.

10.3 You can control cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Platform.

10.4 We do not use cookies for third-party advertising purposes.

11.1 The Platform may contain links to third-party websites, applications, or services not operated by us.

11.2 We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before providing any Personal Data.

11.3 This Privacy Policy applies solely to Personal Data collected by the Company through the Platform.

12.1 The Platform is intended for use by individuals aged 18 years and older.

12.2 We do not knowingly collect Personal Data from individuals under the age of 18 without appropriate parental or guardian consent.

12.3 If we become aware that we have inadvertently collected Personal Data from an individual under 18 without proper consent, we will take steps to delete such information promptly.

12.4 Students under 18 may only use the Platform through registration by a Partner School/Partner Administrator or with verifiable parental/guardian consent.

13.1 We reserve the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs.

13.2 Material changes to this Privacy Policy will be communicated through:

• Email notification to registered Users;
• Prominent notice on the Platform;
• Update of the "Last Updated" date at the top of this document.

13.3 Continued use of the Platform after notification of changes constitutes acceptance of the updated Privacy Policy.

13.4 If you do not agree with changes to this Privacy Policy, you must cease using the Platform and may request deletion of your account and Personal Data, subject to legal retention obligations.

14.1 This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Zambia, including but not limited to:

• The Electronic Communications and Transactions Act, 2021;
• The Zambia Information and Communications Technology Authority Act;
• The Cyber Security and Cyber Crimes Act, 2021;
• Any other applicable data protection and privacy regulations in force in Zambia.

14.2 Any dispute arising out of or in connection with this Privacy Policy, including any question regarding its existence, validity, interpretation, or termination, shall be subject to the exclusive jurisdiction of the courts of the Republic of Zambia.

14.3 The parties irrevocably submit to the jurisdiction of the Zambian courts for the resolution of any such disputes.