Privacy Policy

Effective date: 10th March 2025

1. Introduction

At Skooly ("We", "Us", "Our"), we are committed to protecting and respecting your privacy. This Privacy Policy ("Policy") outlines how we collect, use, discole, and safeguard your personal data when you access and use our platform ("Platform") available at www.skooly.cosup.eu ("Website")

This Policy applies to all users of the Platform, including Tutors, Students, and visitors ("Users", "You", "Your"). It provides important information about your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By accessing or using the Platform, you agree to the collection and use of your personal data as descrived in this Policy. If you do not agree with this Policy, please do not use the Platform.

2. Data Controller Information

For the purposes of the GDPR and applicable data protection laws, Skooly is the Data Controller responsible for the processing of your personal data.

• Data Controller: Skooly
• Contact Email: [email protected]

If you have any questions or concerns regarding this Policy or our data processing practices, please contact us using the infromation provided above.

3. Legal Basis for Data Processing

We process your personal data based on the following legal grounds, as outlined by Article 6 of the GDPR:

3.1 Performance of a Contract

• To procide and manage our services, including lesson scheduling, communication tools, and profile management.
• To fulfill our contractual obligations when you create an account or use the Platform's features.

3.2 Legitimate Interests

• To maintain and improve the Platform's functionality and security.
• To analyze usage patterns and enhance the user experience.
• To monitor compliance with our Terms and Conditions and prever misuse.

3.3 Consent

• When you provide consent, such as for receiving marketing communications or when we process certain optional information in your profile.
• You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.4 Legal Obligation

• TTo comply with legal requirements, such as responding to lawful requests from public authorities, including law enforcement.

If you have any questions regarding the legal bases for our data processing, please contact us for futher information.

Information We Collect

We collect both personal data and non-personal data to provide and improve our services.

4.1 Personal Data

Personal data refers to any information that can directly or indirectly identify you. We may collect the following categories of personal data:

• Account Information: Name, email address, password (encrypted)
• Profile Information: Grade (for Students), subjects taught (for Tutors), language section, languages spoken
• Lesson and Scheduling Data: Tutor availability, lesson history, scheduling preferences
• Communications: Messages exchanged between Tutors and Students through the Platform
• Review Data: Ratings and comments provided as part of the review system
• Technical Data: IP address, browser type, device information, and usage data

4.2 Non-Personal Data

We may also collect data that does not directly identify you, including:

• Aggregated Data: Statistical data about Platform usage
• Anonymized Data: Personal data that has been modified to remove personally identifiable information

We may use non-personal data for research, analysis, and to improve our services.

5. How We Collect Your Data

We collect personal data through the following methods:

5.1 Directly from You

• During account registration and profile setup
• When scheduling or attending lessons
• Through communications and feedback, including reviews and ratings

5.2 Automatically

• When you access and use the Platform, including via cookies and similar technologies
• Through server logs, which may capture data such as IP addresses, browser types, and access times

5.3 From Third Parties

• If you interact with external services, such as Microsoft Teams, for conducting lessons (limited data may be collected in accordance with Microsoft Teams' privacy policy)

We take steps to ensure that any third-party data is collected and processed in compliance with GDPR and relevant data protection laws.

6. Purpose of Data Processing

We process your personal data only when necessary to:

6.1 Provide Our Services

• Facilitate lesson scheduling and communication between Tutors and Students
• Maintain and operate the Platform's features effectively

6.2 Improve Our Platform

• Analyze usage data to enhance the user experience
• Develop new features and improve Platform functionality

6.3 Ensure Safety and Compliance

• Monitor user activity to prevent fraud, abuse, and violations of our Terms and Conditions
• Respond to legal requests and comply with applicable laws

6.4 Communicate with You

• Send administrative notifications, such as updates to this Policy
• Provide support and respond to inquiries

We do not use personal data for purposes incompatible with those described unless we obtain your explicit consent.

7. Use of Cookies And Tracking Technologies

Skooly uses only essential cookies necessary for the proper functioning of the Platform.

For detailed information, please refer to our Cookie Policy, available on the Website.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. However, we may share your information in the following circumstances:

8.1 With Your Consent

• When you provide explicit consent for specific data-sharing activities.

8.2 With Service Providers

• We May share data with third-party service providers who perform services on our behalf, such as:
  • Website hosting and infrastructure services provided by netcup GmbH.
  • Technical support and maintenance services.
• Service providers are obligated to handle personal data in accordance with our instructions and data protection laws.

8.3 For Legal Compliance

• To comply with applicable laws, regulations, legal processes, or governmental requests.
• To enforce our Terms and Conditions, protect our rights, or defend against legal claims.

8.4 In Business Transfers

• In the event of a merger, acquisition, asset sale, or restructuring, your personal data may be transferred to the successor entity.
• We will notify you of any such transfer and any choices you may have regarding your data.

8.5 To Protect Rights and Safety

• Where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, fraud, safety threats, or violations of our policies.

9. Third-Party Services

9.1 Microsoft Teams

• Lessons facilitated through the Platform are conducted using Microsoft Teams, a third-party service.
• When using Microsoft Teams, your data is subject to Microsoft's Privacy Policy, which can be reviewed on the Microsoft website.

9.2 External Links

• The Platform may contain links to external websites not operated by Skooly.
• We are not responsible for the content, privacy practices, or policies of any third-party sites.

9.3 Limitation of Liability

• Skooly disclaims any responsibility or liability for the processing of your data by third-party services.
• We encourage you to review the privacy policies of any external sites you visit.

10. International Data Transfers

10.1 Data Storage and Processing

• Personal data is primarily stored and processed within the European Union (EU).

10.2 Transfers Outside the EU

• If your data is transferred outside the EU, we will ensure it is protected by:
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions, where applicable, ensuring the receiving country provides an adequate level of data protection.

10.3 Safeguards for International Transfers

• We implement technical and organizational measures to ensure the security of transferred data.
• You have the right to request more information about data transfer mechanisms by contacting us.

11. Data Retention Policy

11.1 Retention Periods

We retain personal data only for as long as necessary to:

• Provide the services through the Platform.
• Comply with legal obligations.
• Resolve disputes and enforce agreements.

11.2 Specific Retention Periods

• Account Information: Retained as long as your account is active.
• Lesson Data: Maintained to provide historical records of lessons.
• Reviews and Feedback: Kept to maintain the integrity of the Platform's review system.
• Technical Data: Retained for security and analytics purposes, typically in aggregated or anonymized form.

11.3 Data Deletion and Anonymization

• When personal data is no longer needed, we will securely delete, anonymize, or aggregate it.
• You may also request the erasure of your data under certain conditions, as outlined in Section 13 of this Policy.

12. Data Security Measures

We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, alteration, disclosure, or destruction, including:

12.1 Technical Measures

• Encryption: Personal data is encrypted both in transit and at rest.
• Firewalls and Antivirus Software: Protect against unauthorized access and malware.
• Secure Data Transmission: Using HTTPS and TLS protocols to secure data exchanges.

12.2 Organizational Measures

• Access Controls: Limiting access to personal data to only those employees and service providers who need it for legitimate business purposes.
• Staff Training: Ensuring all staff are trained on data protection practices and security protocols.
• Incident Management Procedures: Established protocols for responding to data breaches or security incidents.

12.3 Data Breach Response

• In the event of a personal data breach, we will:
  • Notify the relevant data protection authorities within 72 hours if the breach is likely to result in a risk to your rights and freedoms.
  • Inform you directly if the breach poses a high risk to your personal data.

13. User Rights Under GDPR

Under the GDPR, you have specific rights regarding your personal data:

13.1 Right to Access

• You have the right to request access to the personal data we hold about you, along with information about how we process it.

13.2 Right to Rectification

• You can request correction of inaccurate data or completion of incomplete data.

13.3 Right to Erasure ("Right to be Forgotten")

• Under certain conditions, you may request the deletion of your personal data, such as when it is no longer needed for the purposes it was collected.

13.4 Right to Restrict Processing

• You may request to restrict or limit how we process your data, particularly when you contest the accuracy of the data or the lawfulness of the processing.

13.5 Right to Data Portability

• You are entitled to receive your data in a structured, commonly used, and machine-readable format and have the right to transfer it to another data controller.

13.6 Right to Object

• You can object to the processing of your personal data for specific purposes, such as direct marketing or when processing is based on legitimate interests.

13.7 Right to Withdraw Consent

• Where processing is based on consent, you may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

14. Exercising Your Rights

14.1 How to Make a Request

To exercise your data protection rights, please contact us at:

• Email: [email protected]

14.2 Response Time

• We aim to respond to all valid requests within one month, as required by the GDPR.
• If your request is complex or if you have made multiple requests, we may need more time. In such cases, we will notify you and provide an explanation for the delay.

14.3 Verification Requirements

• We may ask you to verify your identity before processing your request to protect your data security.
• We may refuse requests that are manifestly unfounded or excessive, particularly if repetitive.

15. Children's Privacy

15.1 Protection of Minors

• The Platform is intended for use by individuals aged 11 and older.
• Users under 16 years of age may require parental or guardian consent to use certain features of the Platform, as per applicable laws.

15.2 Data Collection from Minors

• We may collect personal data from children aged 11 to 15 only with verifiable parental consent.
• If we become aware that we have inadvertently collected personal data from a child under 11, we will take steps to delete the data promptly.

15.3 Parental Rights

• Parents or guardians may review, modify, or delete their child's personal data by contacting us at:
  • Email: [email protected]
• We may request verification of identity and proof of parental authority before fulfilling such requests.

16. Data Breach Notification

16.1 Internal Response Procedures

• In the event of a personal data breach, Skooly has established protocols to:
  • Identify and contain the breach.
  • Assess the impact and take corrective actions.

16.2 Notification to Authorities

• We will notify the relevant data protection authority within 72 hours of becoming aware of a breach, as required by the GDPR, if the breach is likely to result in a risk to the rights and freedoms of data subjects.

16.3 User Notification

• If the breach poses a high risk to your personal data, we will inform you directly without undue delay.
• The notification will include:
  • The nature of the breach.
  • Categories and volume of data affected.
  • Likely consequences of the breach.
  • Measures taken or proposed to addreass the breach.

17. Automated Decision-Making and Profiling

17.1 No Automated Decision-Making

• Skooly does not use automated decision-making processes that have a legal or significant impact on Users.

17.2 No Profiling

• We do not engage in profiling activities that analyze or predict personal aspects such as performance, economic situation, health, preferences, or behavior.

18. Updates to This Privacy Policy

18.1 Right to Modify Policy

• Skooly reserves the right to update or modify this Privacy Policy at any time.
• We will provide notice of changes through:
  • Updates on the Platform.
  • Notifications via email (where applicable).

18.2 Material Changes

If we make material changes, we will:

• Obtain your consent, where legally required.
• Provide clear information about the impact of changes on your data.

18.3 User Responsibility

We encourage you to review this Policy periodically to stay informed about how we are protecting your personal data.

19. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

• Email: [email protected]

If you wish to exercise any of your GDPR rights, including accessing, correcting, or deleting your data, please contact us directly.

20. Complaints to Supervisory Authority

20.1 Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR or applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.

20.2 Contacting the Belgian Data Protection Authority

• Belgian Data Protection Authority (APD/GBA)
• Address: Rue de la Presse 35, 1000 Brussels, Belgium
• Website: www.dataprotectionauthority.be
• Phone: +32 (0)2 274 48 00
• Email: [email protected]