GENERAL DATA PROTECTION REGULATION (GDPR) POLICY

FOR EU RESIDENTS

As part of our services, College Prep Masterclass (“Service Provider”) collects and processes personal data relating to the USER. The organization is committed to being transparent about how it collects and uses that data of EU Residents and to meeting its data protection obligations. The GDPR will apply to data from which any living individual is identified or identifiable (by anyone) whether directly or indirectly.

OVERVIEW

The need to retain data varies widely with the type of data. Some data can be immediately deleted and some must be retained until reasonable potential for future need no longer exists. Since this can be somewhat subjective, a retention policy is important to ensure that the Service Provider's guidelines on retention are consistently applied throughout the organization.

PURPOSE

The purpose of this policy is to specify the Service Provider's guidelines for retaining different types of data. This policy sets out the obligations of College Prep Masterclass regarding data protection and the rights of USER (“data subjects”) in respect of their personal data under the General Data Protection Regulation (“the Regulation”).

DEFINITION

    1. a) Personal Data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    2. b) Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
    3. c) Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    4. d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
    5. e) Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
    6. f) Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
    7. g) Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    8. h) Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with laws and regulations shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
    9. i) Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
   10. j) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

SCOPE

This policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by the College Prep Masterclass, its employees, agents, contractors, or other parties working on behalf of the College Prep Masterclass. We are committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.

The scope of this policy also covers all Service Provider data stored on Service Provider-owned, Service Provider-leased, and otherwise Service Provider-provided systems and media. Note that the need to retain certain information can be mandated by local, industry regulations and will comply with General Data Protection Regulation GDPR and the Data Protection Act. Where this policy differs from applicable regulations, the provisions specified in the regulations will apply.

THE DATA PROTECTION PRINCIPLES

This policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:
1. processed lawfully, fairly, and in a transparent manner in relation to the data subject;
2. collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject; and
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

ACCURACY OF DATA

The Service Provider shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at regular intervals thereafter. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.

CUSTOMER TESTIMONIALS AND COMMENTS

We post students testimonials and comments on our website, which may contain Personal Information. You (the “Parents”) hereby give your consent for posting the student's name and testimonial.

USE OF PERSONAL INFORMATION

We may collect user’s personal and other personal information from a range of sources, including from user itself. Wherever reasonable and practicable, we collect personal information from the individual to whom the information relates. Providing personal information about someone other than yourself is prohibited under the Law.

When you visit our website, you may be asked to enter your personal details including email for business billing or other purpose. We collect information about you if you make use of any of the interactive features within our website that rely on a personalized response, or where you ask us to respond to a query you have. The information we collect is limited to the details we need to provide the specific service you have asked for. The types of information we collect includes:

• Name, Phone Number, E-mail, Contact Address and other personal information for billing purpose; and
• Other personal information in content you provide to us, such as through emails you send us.

HOW WE USE COOKIES TECHNOLOGY

We use cookies and similar technologies to:

• Support the functioning of our websites;
• Enhance your experience on our websites by remembering your preferences (including recent searches);
• Understand how our websites are functioning and inform improvements to our websites and services; and
• Gather data that helps us to deliver information relevant to your interests.

HOW TO MANAGE COOKIES

You can manage cookies on your computer or device through your browser settings. Please refer to your browser’s “help” section for more information on how to delete saved cookies and allow or block cookies.

DATA PROCESS AND CONSENT

We need to process data to take steps at your request. We may also need to process your data to enter into an agreement with you. In some cases, we need to process data to ensure that we are complying with its legal obligations. College Prep Masterclass has a legitimate interest in processing personal data during the service process and for keeping records of the process. Processing data allows us to manage the service process. We may also need to process data received from user to respond to and defend against legal claims.
College Prep Masterclass may keep your personal data on its server for any specific purpose. We will ask for your consent before we keep your data for any specific purpose and you are free to withdraw your consent at any time.

DATA ACCESS
Your information may be shared internally. This includes employees involved in the service process and IT staff, if access to the data is necessary for the performance of their roles.

DATA PROTECTION

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees or partners in the proper performance of their duties. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

DATA RETENTION

The criteria used to determine the period of storage of personal data is the respective statutory retention period. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.

YOUR RIGHTS

As a data subject, you have a number of rights. You have:

1. The right to be informed including the identity and contact details of the data processor; the purpose and legal basis for processing the data, how the data is to be processed; the parties involved in processing the data and how long the data will be kept;
2. The right to request that any personal data held is rectified if inaccurate or incomplete;
3. The right to restrict processing;
4. The right to object or stop processing personal data, including for direct marketing purposes;
5. You have the right to access your personal data to see what data is held and how it is being processed;
6. You have the right to request for delete or remove your personal data if it’s no longer needed, consent is withdrawn, the data was unlawfully processed or to comply with a legal obligation;
7. You may request a copy of the data, and may also request that this data be sent to another data controller in a format they can use.
If you would like to exercise any of these rights, please contact our Data Protection Officer.

YOUR STATUTORY OBLIGATION

You are under no statutory or contractual obligation to provide data to us during the service process. However, if you do not provide the information, we may not be able to provide our services to you properly or at all.

LINKS TO OTHER WEBSITES

From time to time, our website may contain links to and from websites of our partner networks, advertisers, social media sites etc. If you follow a link to any of these websites, please note that these websites may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites.

IMPLEMENTATION

This Policy shall be deemed effective as of 20th July, 2021. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date. We may update this Policy from time to time by posting a new version online. You should check this page occasionally to review any changes in GDPR.

IDENTITY AND CONTACT DETAILS OF CONTROLLER

Controller: Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws and other provisions related to data protection is:

College Prep Masterclass
collegeprepmasterclass@gmail.com

  • Collegeprepmasterclass.com
  • ​Collegeprepmasterclass@gmail.com
© 2022 College Prep Masterclass