Privacy Policy

MYDRASA LTD, (hereinafter "Service", “we” or “us”) treats everything that is related to personal data with respect and integrity. We are committed to safeguarding the privacy of our website, of our services as data protection is of a particularly high priority for the management of our company.

It is very important for us to accurately inform the users of this website about our Privacy Policy, so in the following, we provide you with precise information on what kind of data we collect from you, how we use it, for what purpose we use it and what your rights are, in this context.

First, we need to define, and it is important for you to understand, the expression: "Personal Data". It generically represents any kind of information about a physical person, whose particularities can lead, directly or indirectly, to its identification. Here you have, by way of example, but not limited to: name and surname, geographical address, any identification number, political orientation, sexual orientation, email address, any location information and any other online identifier such as the device used to access the Internet, IP address, or cookie information.

With regards of your agreement on collection and use of personal data, we have taken all the necessary technical measures to provide you with this detailed agreement, so you can have a crisp clear experience, from the first to the last interaction with our website or our services.

Visitors and Users agree and accept that the use of our website is not possible without any indication of personal data.

Definitions

Our data protection policy should be legible and understandable for the general public, as well as for our Users and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

• Data Subject or Data Principal - is any identified or identifiable natural person, whose personal data is collected and processed by us.
• Processing - is any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, etc.
• Restriction of processing - is the marking of stored personal data with the aim of limiting their processing in the future.
• Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
• Data Controller or Data Fiduciary - is the natural or legal person, public authority, agency or other body, which determines the purposes and means of the processing of personal data;
• Processor - is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient - is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
• Third party - is a natural or legal person, public authority, agency or body other than the ones above, who, under the direct authority of the controller or processor, are authorized to process personal data.
• Consent - is any freely given, specific, informed and unambiguous indication of data subject’s acceptance to the processing of their personal data.

Compliance

The processing of personal data will be in line with these main international legislations:

• General Data Protection Regulation (GDPR), applicable in Europe;
• California Consumer Privacy Act (2018) and Privacy Act U.S.C. 552a (Privacy Act of USA);
• Australian Privacy Principles contained in the Privacy Act 1988;
• Indian Personal Data Protection Bill (2018);
• Singapore PDPA (2012);
• Privacy Acts in Latin America;
• Any other country-specific data protection regulations are applicable.

We are able to sell our products and services worldwide. For the purpose of avoiding any compliance conflict with any terminology used by any particular legislation, in this document: “Users” are the “data subjects” or the “data principals” and MYDRASA LTD is the “data controller” or “data fiduciary”

By this Privacy Policy we clearly explain:

1. What Personal Data we collect and why we collect it;
2. How we use Personal Data;
3. Who we share Personal Data with;
4. The choices we offer, including how to access, update, and remove Personal Data;

By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. This document describes the protection of our users and Users personal data.

MYDRASA LTD collects, stores, uses and discloses certain information when the visitors use our website. As a data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website.

Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you will not receive direct marketing communications and will limit the publication of your information.

In your relationship with us through the website, controller, for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection, is:

MYDRASA LTD, with its principal office at Astrolabs, Lakeside, Cluster R, JLT, Dubai, UAE

This Policy does not apply to other companies’ or organizations’ sites to which we may link to or may link to us. You should carefully review the privacy policies of those sites in order to determine how they treat your personal information.

If you do not agree to this Privacy Policy, please exit, and do not access or use our website.

We have kept this simple for your understanding, but if you’re not familiar with terms like “cookies” or “IP addresses,” feel free to contact us. Your privacy is really important to us, so whether you’re new to mydrasa or a long-time user, please take the time to get to know our practices.

Use Cases

Please take a moment to understand which use case(s) set out in this Privacy Policy apply to you:

• Website Visitor

You are a “Website Visitor” by definition when you visit our website https://www.mydrasa.com and any other eventual subdomains associated with our principal domain. As a website visitor, we use your information for our own purposes, primarily for improving the use of our website and to provide you with more relevant content.

• User

You become a “User” if you create an account on our website in order to buy one of our products or services. If you are a User, our primary purpose of using your personal data is for providing the service and the services to you. We retain your personal information for a limited time and for limited purposes, such as to make it easier for you to re-join our service in the future or to wish you offers for services that we think you may be interested in.

Types of Personal Data we collect

1. a)   Personal Information

When you access the website, register a User Account or avail the Services, we may ask you to voluntarily provide us certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: first and last name, gender, physical address, contact number, email or other contact information and other relevant data as desired by us. Questions or comments submitted by visitors may also be regarded as Personal Information.

Please do not supply any other person's personal data to us, unless we prompt you to do so.

1. b)   Non-Personal Information

We may additionally collect and track Non-Personal Information about your website visit including the domain name and the name of the web page from which you use our Services, how much time you have spent on each of our web pages, the Internet Protocol (IP) address associated with your computer, tablet or mobile phone, operating system and platform, pages viewed, information searched for or requested for and other relevant statistics. We will use this information for the purposes of improving the performance and operations of our website and Services. If you send mydrasa a message, this message can be stored to process it, to compile statistical information, to improve our services and support, or to get in touch with you. Further communication between you and a Care Provider made via email will have no connection to mydrasa.

Upon acquisition of our services, we will ask for your full name and a valid e-mail address, which will be included in our mailing list, for future maintenance, updates, and eventual marketing promotions. In addition, we will ask you to provide us with secure payment data, which will be used for processing the order. This particular set of data will be legally processed by our payment processor, and will not be stored by us.

All credit/debit cards details and personally identifiable information will NOT be stored, sold, shared, rented or leased to any third parties. mydrasa will not pass any debit/credit card details to third parties

mydrasa takes appropriate steps to ensure data privacy and security including through various hardware and software methodologies. However, we cannot guarantee the security of any information that is disclosed online

Purpose of collection

To fulfill our commercial purpose.

Our commercial purpose, by reference to the subject matter of our business, is provision of consulting and investment services, and also intermediation services between data subjects and/or other adjacent or complementary third-party service providers, and the new rules of personal data protection (GDPR, CCPA, etc.) are part of this context.

To improve our services.

We always want to offer you the best online experience and for this we can collect and use certain information about your behavior and preferences when using the website, or we can conduct market research directly or through partners.

To improve your marketing activity

We want to keep you informed about the best offers for the products / services you may be interested in. In this sense, we may send you any type of message (such as: email / SMS / phone / mobile push / web push / etc.) containing general and thematic information about products or services, information on offers or promotions, as well as other commercial communications.

To defend our legitimate interests

There may be situations in which we use or transmit information to protect our rights and our commercial activity. These situations may include:

• measures to protect the website and platform Visitors and Users against cyber-attacks;
• measures to prevent and detect fraud attempts;
• transmission of information to the competent public authorities;
• other risk management measures.

We therefore commit ourselves:

• to protect the privacy of your data, which is a top priority for our company’s management;
• to use this data for the sole purpose of providing you with a personalized experience on our website as well as on the online platforms that we promote our products and services (Facebook and Google, etc.).

We may process data about your use of our website and services, or the User’s website ("usage data"). The usage data may include your IP address, geographical location, browser type, and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services.

We may process your personal data that are provided in the course of the use of our services ("service data"). The service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information contained in any inquiry you submit to us regarding services and/or services ("inquiry data"). The inquiry data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information relating to our User relationships, including User contact information ("User relationship data"). The User relationship data may include your name, your employer, your job title or role, all your contact details, and information contained in communications between us and you or your employer. The User relationship data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our services ("transaction data"). The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

“Automatically Collected" Information:

The website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files, and it is collected regardless of your quality: Website Visitor or User.

Collected may be:

• the ISP,
• the operating system used by the accessing system
• the website from which an accessing system reaches our website (so-called referrers)
• the sub-website
• the date and time of access to the website
• an Internet Protocol address (IP address)
• screen Resolution
• locale Preferences
• web page visited before you came to our website
• information you search for on our website
• date and time stamps associated with transactions
• system configuration information and other interactions with the website.
• social networking information (if we are provided with access to your account on social network connection services);
• any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to:

• deliver the content of our website correctly;
• optimize the content of our website as well as its advertisement;
• ensure the long-term viability of our information technology systems and website technology;
• provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack;

In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person's personal data to us, unless we prompt you to do so.

Obviously, the access to our website for website visitors is free; however, we inform you that for the use of the website via mobile device the charges and the standard tariffs provided in the service contract that you have stipulated with them will still be applied by the telephone operators.

How we use your personal information

We use the Order Information that we collect generally to fulfill any orders placed through the website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations).

Additionally, we use the information:

• to screen our orders for potential risk or fraud;
• when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services;
• communicate with you about our Services, including to tell you about products and services that may be of interest to you
• respond to your requests, inquiries, comments, and suggestions;
• facilitate your engagement with the Services, including to enable you to post comments and reviews;
• offer contests, sweepstakes, or other promotions;
• conduct or administer surveys and other market research;
• protect against, identify, investigate, and respond to fraud or other illegal activity.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our website (for example, by generating analytics about how our customers browse and interact with the website, and to assess the success of our marketing and advertising campaigns).

Data Retention and Data Deletion

We only retain the personal information collected from Data Subjects:

• for as long as they are active Users;
• for as long as their email address is active on our mailing list;
• otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.

In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 2-year criteria, after your relationship with us ends, after you unsubscribe from our mailing list, or after your last interaction with us, if you are a Website Visitor.

We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Server locations

All Personal Data that is collected through the use of the website is stored on secure Azure and Amazon.

Use and Disclosure of personal data to others

We do not rent or sell your information to third parties outside of MYDRASA LTD without your consent. We may share your information, as well as information from tools such as cookies or similar, with third-party organizations that help us provide you with the services, but only as far as is reasonably necessary.

Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside mydrasa, files stored in our database and personal data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect mydrasa’s intellectual property rights. If we provide your files to a law enforcement agency as set forth above, we will remove mydrasa’s encryption from the files before providing them to law enforcement.

Business Transfers: In case we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, but we will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control or use of your personal data or Files, or if either become subject to a different Privacy Policy.

In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store - you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site - you can read more about how Google uses your Personal Information here:

https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

We can access your information as well as store and share it in response to a request when the law requires us to do so. In addition, we may access your information, as well as store and share it, if we believe in good faith that this is necessary to: detect, prevent and manage fraud and other illegal activities; protect ourselves, you and other people, even in the context of any investigations; prevent events that could cause imminent physical damage or death

Behavioral advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by visiting the following links depending upon the service(s) you are using:

• FACEBOOK - https://www.facebook.com/settings/?tab=ads
• GOOGLE - https://www.google.com/settings/ads/anonymous
• BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

For information on how our advertising partners allow you to opt out of receiving ads based on your web browsing history, please visit: http://optout.aboutads.info/.

European users may opt out of receiving targeted advertising through the European Interactive Digital Advertising Alliance.

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Links to Other Websites

The Platform may, from time to time, contain links to and from the Platforms of advertisers and affiliates. The fact that mydrasa links to a website is not an endorsement, authorization or representation of mydrasa affiliation with that third party. mydrasa does not exercise control over third party websites. These other websites may place their own cookies or other files on the User’s device, collect data or solicit personally identifiable information from the User. If the User follows a link to any of these third-party websites, he does so at his own risk, these Applications have their own privacy policies and he waives any claim against mydrasa for any responsibility or liability for these policies.

Personal Data Breaches

Sub-processor will notify the Controller as soon as possible after it becomes aware of any Personal Data Breach affecting any Personal Data. At the Controller’s request, Sub-processor will promptly provide the Controller with all reasonable assistance necessary to enable the Controller to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Controller is required to do so under the Data Protection Law.

Data Subject Requests

If it is the case, sub-processor will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Controller to respond to any request from Data Subjects seeking to exercise their rights under the Data Protection Law with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law. If such request is made directly to sub-processor, it will promptly inform Controller and will advise Data Subjects to submit their request to the Controller. The controller shall be solely responsible for responding to any Data Subjects’ requests. The controller shall reimburse sub-processor for any potential costs arising from this assistance.

Privacy of minors

Given the nature of our business, we do collect information from Users under the age of 16 with parental consent. Our educational services and their contents are intended inclusively for children under the age of 16.

If we learn that we have collected personal information from a child under the age of 16 without parental consent, we will delete this information as soon as possible. If you believe we have any information about a child under the age of 16, without parental consent, please contact us.

Cookies and Tracking Technologies

This website uses cookies to better the Data Subject’s experience while visiting the website. Where applicable this website uses a cookie control system allowing the Data Subject on their first visit to the website to allow or disallow the use of cookies on their computer / device. This Cookie Popup Message complies with recent legislation requirements for websites to obtain explicit consent from Data Subjects before leaving behind or reading files such as cookies on a computer or device.

Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages, servers or apps can be assigned to the specific app or server in which the cookie was stored.

Through the use of cookies, mydrasa can provide the Data Subjects visiting the website or using our services with a more user-friendly experience, that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our websites can be optimized with the Data Subject in mind. Cookies allow us, as previously mentioned, to recognize our website Visitors and Users, collectively Data Subjects. The purpose of this recognition is to make it easier for Data Subject to utilize our website. The website’s Data Subjects that use cookies e.g. do not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookies is thus stored on the Data Subject's computer system.

We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the platform.

Some web browsers may transmit “do-no-track” signals to websites with which the browser communicates. Our website does not currently respond to these “do-not-track” signals.

The cookies in use can be categorized as follows (cookies may pertain to one or more categories):

Strictly necessary cookies

These cookies are essential, as they enable you to move around the Site and use its features, such as accessing secure areas. Without these cookies, some services you have asked for, such as account creation and administration, can’t be provided.

Product cookies

These cookies are also very important as they help us make our website work as efficiently as possible, they remember your registration and login details, remember your settings preferences and they also meter the number of pages you view for the purpose of administering subscriptions.

Performance cookies

These cookies collect information about how you use the website, for example, which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather the information that identifies you. All information these cookies collect is anonymous and is only used to improve how the Site works.

Analytics cookies

These cookies anonymously remember your computer or mobile device when you visit our website. They keep track of browsing patterns and build up a profile of how our readers use the website. We might use that information to target advertisements to you on our and other websites.

Functionality cookies

These cookies allow the Site to remember choices you make (such as your username, language, or the region you are in). For instance, the Site uses functionality cookies to remember your language preference. These cookies can also be used to remember changes you have made to text size, font and other parts of pages that you can customize, or any kind of form that you left in between or unsubmitted. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites.

Targeting cookies

These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. They remember that you have visited a website and this information may be shared with other organizations such as advertisers. This means after you have been to the Site you may see some advertisements about our services elsewhere on the Internet.

Third party cookies

These cookies are advertising and analytics cookies, which are placed by or on behalf of independent advertisers who are advertising on our site. These cookies may be placed within the advertisement and elsewhere on our site. They are anonymous – they cannot identify individuals. They are used for statistical analysis by allowing the advertiser to count how many people have seen their advertisement or have seen it more than once. They might also allow the advertiser to tailor advertising to you when you visit other websites. We have no access to third party cookies and third-party organizations have no access to ours. The third-party organizations that place cookies have their own strict privacy policies.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the browser or app, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time. If the user or the visitor deactivates the setting of cookies in the browser or app, then not all functions may be entirely usable.

We use automatically collected information and other information collected during the Services through cookies and similar technologies to:

• personalize our Service, such as remembering a User’s or Visitor’s information or login details so that the User or Visitor will not have to re-enter it during a visit or on subsequent access;
• provide customized content and information;
• monitor and analyze the effectiveness of websites and third-party activities;
• monitor site usage metrics such as the number of visitors.

Disabling Cookies

If you would like to restrict the use of cookies you can control this in your Internet browser.

You can disable cookies by adjusting the settings on your browser (see your browser Help for how to do this). mydrasa is not liable for any information provided on the third-party websites.

Data Processor

We may use a third-party Data Processor who may process your information on behalf of us by which they may perform a set of operations on your information. They may be identified as follows:

• Service Providers - We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
• Communications - We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
• Payment Provider - We may use a Third-Party Payment–provider who processes all payments you may make to us and we may provide them with relevant data to facilitate the payment process.

Data Quality

We will take reasonable steps to ensure that personal information we have about you is accurate, complete and up to date when we use it. Generally, we rely on you to assist us in keeping your personal information accurate and up to date.

Data Security

We have taken reasonable steps to keep your personal information secure at all times and in accordance with our Information Security Policies.

We also take steps to reasonably protect your personal information from misuse and loss, unauthorized access, modification or disclosure and maintained in an accurate, complete and up-to-date manner.

Openness

We will be honest and open with you about the type of personal information that we collect about you and the actual use of any such information. We will let you know at the time we collect your personal information, or soon after, how we will treat it.

If you require any details of the personal information held by us about you, then please contact us by e-mail.

Opting out from Communications

If you receive emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “Contact” section.

Please be aware that if you opt-out of receiving emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Please note that you may still receive administrative messages from us regarding our Services.

Sensitive Information

We do not believe in an intrusive collection of your personal details and will not collect information that is considered highly personal or highly sensitive about you without your prior consent.

Data Retention and Data Deletion

We only retain the personal information collected from a User for as long as the User’s email address is active on our mailing list, or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.

In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 2-year criteria, after your relationship with us ends.

We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Authorization

You authorize us to exchange, share, part with all information (Personal and Non-Personal), across borders and from your country and jurisdiction to any other countries and jurisdictions across the world, with any agent/third party service provider/ tutors / educational entities / partners / banks and financial institutions/credit bureaus and agencies/ participation in any telecommunication or electronic clearing network as may be required to provide Services to you or as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold us liable for use or disclosure of this information.

For instance, when you apply for Services on the Website, with any of our partners or third-party service providers, the information in your online application form will become subject to that partner's or third-party service provider’s privacy policy, which may differ with the Policy of mydrasa. We encourage you to read the privacy policies of our partners and third-party service providers.

Security

The security of your Information is important to us. We have reasonable security measures to safeguard and protect your personal information from unauthorized access. We restrict access to your personal information to our employees, agents, tutors, educational institutions, third party service providers, partners, banks and financial institutions, credit bureaus and agencies as may be required who need to know that information in order to process it on our behalf. These individuals may be bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

While we will endeavor to take all reasonable and appropriate steps to keep secure any information which we hold about you and prevent unauthorized access, you acknowledge that the internet is not 100% secure and that we cannot provide any absolute assurance regarding the security of your personal information. We will not be liable in any way in relation to any breach of security or unintended loss or disclosure of information due to the website being linked to the internet.

Your rights

Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

1. the right to access;
2. the right to rectification;
3. the right to erasure;
4. the right to restrict processing;
5. the right to object to processing;
6. the right to data portability;
7. the right to complain to a supervisory authority; and
8. the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes, and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data by written notice to us.

California Privacy Rights

In addition to the rights provided for above, if you are a California resident, you have the right to request information from us regarding whether we share certain categories of your personal information with third parties for the third parties' direct marketing purposes. To the extent we share your personal information in this way, you may receive the following information:

1. the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and
2. the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

Effective January 1, 2020, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this California Privacy Rights section.

• For personal information collected by us during the preceding 12 months that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. mydrasa will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.
• To the extent we sell your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold, and (ii) the categories of third parties to whom your personal information was sold. You have the right to direct us not to sell your personal information. mydrasa does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.

Should mydrasa engage in any of the activities listed in this section, your ability to exercise these rights will be made available to you in your account settings. You can exercise your rights by going contacting us via email so that we may consider your request.

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.

Complaints Resolution

We are committed to providing our Users with a fair and responsive system for handling and resolving complaints concerning the handling of their personal information. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal information.

If at any time you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by us, you may do so by contacting us directly.

We aim to investigate and advise you of the outcome of the complaint promptly.

If you are not satisfied with our handling of your complaint, you may contact the us at:

complaint@mydrasa.com

Amendments

We may update this policy from time to time by publishing a new version on our websites.

You should check this page occasionally to ensure you are happy with any changes to this policy.

We may notify you of significant changes to this policy by email, as a website notice or through the private messaging system within our service system.