EasyA Privacy Notice

1. Who are we?

We are EasyA Ltd: ("we", "us"). We are an online live learning platform and we operate the website www.easya.io, (the "website").

We are a registered fee payer with the Information Commissioner's Office (registration number ZA754626). If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the following details:

C/O Pkf Littlejohn, 15 Westferry Circus, Canary Wharf, London, United Kingdom, E14 4HD

hello@easya.io

We deliver live learning through our online platform (our "services"). This notice describes how we process your personal data if you are a student, parent to a student, tutor, candidate, mentor, mentee, parent to a mentor/mentee, source or referee, or visitor to our website. For the purposes of this notice:

· Student – means an individual who is over the age of 16 and uses our services.

· Parent – means the holder of parental responsibility over a child who is under the age of 16 and uses our services.

· Prospective customer – means those looking to learn more about our services.

· Tutor – means our tutors who we hire to tutor the students.

· Candidate – means an individual who has applied for a job to become a tutor or is a candidate to become a tutor.

· Mentor – means an individual who is over the age of 16 and volunteers to teach mentees as part of our mentorship programme.

· Mentee – means an individual who participates as a student in our mentorship programme, learning from mentors.

· Mentor/Mentee parent – means the holder of parental responsibility over a child who is under the age of 18 and participates in our mentorship programme either as a mentor or mentee.

· Source and referee – a person who provides us with information about a candidate, or who provides a personal or work reference.

· Website Visitors – or anyone who visits our website.

‍

2. What is Personal Information, and which Personal Information do we collect about you?

For the purposes of this Privacy Notice "Personal Information" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.

We may collect use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:

· Identity and Contact Data includes first name, last name and title, address, email address, telephone number (and may include information from identity documents such as passports and driving licences).

· Career History and Education Data includes CV, professional experience, academic and professional qualifications, reference information, employment history, interview notes, test results and training notes.

· Financial Data includes bank account/credit card details, and information relating to salary and remuneration.

· Technical Data includes internet protocol (IP) addresses, usage session dates, duration and page recordings, page views, click maps, RAM, device name, operating system, how you use our website the type of browser used while visiting our website and the numbers of users who visit our website.

· Services Data includes information about how you use our services, details of which services you have received from us, our correspondence and communications with you and information about any complaints or enquiries you make to us.

· Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We may also collect, use and share anonymous or pseudonymised data, such as statistical or demographic data for any purpose. This data could be derived from your Personal Information but is not considered personal data in law as it does not directly or indirectly reveal your identity. However, if we combine any of this data with your Personal Information so that it can directly or indirectly identity you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

‍

3. How is your Personal Information collected?

We use different methods to collect data from and about you.

A. Students

Personal Information that you provide directly. You may give us your Identity and Contact Data, Financial Data, Technical Data, Marketing and Communications Data, and Services Data, by signing up to use our services, using the services to contact tutors, or corresponding with us by email, phone or otherwise.

B. Parents

Personal Information that you provide directly. We collect your Identity and Contact Data, Financial Data, Technical Data, Marketing and Communications Data, and Services Data, by signing up for you and your child to use our services, your child using the services to contact our tutors, or corresponding with us by email, phone or otherwise. We may collect your child's Identity and Contact Data, Technical Data, Marketing and Communications Data, and Services Data when they use our Services or correspond with us or our tutors.

C. Prospective customers

Personal Information that you provide directly. We collect your Identity and Contact Data, Services Data and Marketing and Communications Data when you are considering subscribing to our services.

D. Tutors

Personal Information that you provide directly. We collect your Identity and Contact Data, Career History and Education Data, Financial Data, Technical Data, Marketing and Communications Data and Services Data.

Third parties or publicly available sources. We may collect Career History and Education Data from publicly available sources such as LinkedIn and your previous employer's website (if applicable).

E. Candidates

Personal Information that you provide directly. You may give us your Identity and Contact Data, Education and Career History Data, Financial Data and Marketing and Communications Data when applying for a job with us.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, such as your employer's website or third party databases such as LinkedIn.

F. Mentors

Personal Information that you provide directly. You may give us your Identity and Contact Data, Educational Data, Technical Data, and Services Data, by signing up to use our services, using the services to teach mentees, or corresponding with us by email, phone or otherwise.

G. Mentees

Personal Information that you provide directly. You may give us your Identity and Contact Data, Educational Data, Technical Data, and Services Data, by signing up to use our services, using the services to learn from mentors, or corresponding with us by email, phone or otherwise.

H. Mentor/Mentee parent

Personal Information that you provide directly. We collect your Identity and Contact Data, Technical Data, and Services Data, by signing up via our consent form for you and your child to use our services, your child using the services to connect with mentors/mentees, or corresponding with us by email, phone or otherwise. We may collect your child's Identity and Contact Data, Technical Data, and Services Data when they use our Services or correspond with us or mentors/mentees.

I. Source and Referee

We will obtain your Identity and Contact Data as well as information regarding your credentials as a source or referee, details of your relationship and your opinions of Candidates, either directly from your or from publicly available information.

J. Website Visitors

When you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Information by using cookies and other similar technologies. Please see section 10 below.

‍

4. How do we use your information?

We will only use your Personal Information when the law allows us to do so. Most commonly, we will use your Personal Information in the following circumstances:

· Where we need to perform the contract we are about to enter into or have entered into with you.

· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The legitimate interests we rely on are set out next to each purpose below.

· Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your Personal Information. If we rely on your consent to process Personal Information, you may withdraw your consent at any time (see section 8 below).

Purposes for which we will use your Personal Information

We may use the Personal Information that we collect for the following purposes. For each purpose, we describe the legal bases we rely on to justify such use of your Personal Information. These purposes are set out here.

Marketing communications

We may use your Personal Information to provide you with email notifications and other communications by email, on the basis that it is in our legitimate interests to use your Personal Information for these purposes in developing our services. If you are a Mentor or Mentee or Mentor/Mentee Parent, we will only use your Personal Information for sending you information about the mentorship programme and not for our paid services. For further information on this, see the 'Your Choices' section of this Privacy Notice.

Combining Personal Information

We may combine the Personal Information that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Information to allow us to provide better support services and more personalised content.

Change of purpose

Where we need to use your Personal Information for another reason other than for the purpose for which we collected it, we will only use your Personal Information where that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

‍

5. To whom do we disclose your information?

We will only use your Personal Information for our internal business purposes, some of which are mentioned above. We may disclose your information to the following entities:

I. Service Providers

We use third party service providers to help us to administer certain activities and services on our behalf, such as IT and cloud services, administration services and marketing services. We may share Personal Information about you with such third party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use:

a. IT Service Provider and Administration Services – we use Google Cloud, Google Analytics, Hotjar, Facebook Analytics, Tapfiliate to provide us with IT and cloud services.

b. Marketing services – we use Mailchimp, Facebook, Google and Nextdoor to provide us with marketing services.

II. Anonymous statistics

We prepare and develop anonymous, aggregate or generic data and statistics for various reasons (such as aggregate usage statistics including "page views" on the website, and analysing how users use our content). As this data is anonymous (i.e. you cannot be identified from it) we do not consider this information to be Personal Information. As such, we may share it with any third party.

III. Third parties when required by law

We will disclose your Personal Information to comply with applicable law or respond to valid legal process, including from our regulators, law enforcement or other government agencies (in which case such agencies or regulators will be acting as controllers as well); to protect the users of the website (e.g. to prevent spam or attempts to defraud them); to operate and maintain the security of the website (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property.

IV. Other Parties in Connection with Corporate Transactions

We may disclose your Personal Information to a third party in the event that all or substantially all of our business or assets are or are intended to be sold or otherwise assigned to another entity.

V. Other Parties at Your Direction

We may share Personal Information about you with third parties when you request such sharing, such as to prospective employers, or to your legal or other professional advisers.

VI. Schools/Institutions

We may share Personal Information about mentees and mentors with your school/institution so that we can deal with safeguarding concerns and allow them to provide enhanced support for you.

‍

6. What do we do to keep your information secure?

We have put in place appropriate physical and technical measures to safeguard your Personal Information. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. When we use service providers to assist us in processing your Personal Information, we have written contracts in place with such service provider which means that they cannot do anything with your Personal Information unless we have instructed them to do it.

However, please note that although we take appropriate steps to protect your Personal Information, no website or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of Our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

International Transfer of Data

The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the UK or European Economic Area ("EEA").

By using the website and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside the UK or EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Privacy Notice and the requirements of applicable law wherever the data is located.

Where we transfer your Personal Information outside the UK or EEA to third parties, we will ensure that appropriate transfer agreements and mechanisms, such as the EU Standard Contractual Clauses, are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the UK or EEA in accordance with applicable laws or where you have given us your consent to do so.

‍

7. Data Retention – How long we will store/keep your Personal Information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We retain Candidates' personal data for 3 years since the last contact with such Candidate.

When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.

In some circumstances you can ask us to delete your Personal Information (see section 8 below).

‍

8. Accessing your Personal Information and other rights you have

We will collect, store and process your Personal Information in accordance with your rights under any applicable data protection laws. Under certain circumstances, you have the following rights in relation to your Personal Information:

I. Subject Access - you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.

II. Right to Withdraw Consent – where you have consented to our processing of your Personal Information, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in section 1.

III. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation or to you.

IV. Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.

V. Erasure ('right to be forgotten') - you have the right to have your Personal Information 'erased' in certain specified situations.

VI. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information.

VII. Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.

VIII. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.

Enforcing your rights

If you wish to enforce any of your rights under applicable data protection laws, then please see section 1 above. We will respond to your request without undue delay and by no later than one month from receipt of any such request, unless a longer period is permitted by applicable data protection laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable data protection laws.

Complaints

If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the Information Commissioner's Office (www.ico.gov.uk) which is the data protection regulator in the UK which is where we are located. The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.

‍

9. Third-Party Links

Our website contains links to other third party websites that are not operated by us. These linked sites and applications are not under our control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites, any Personal Information collected by the third party’s website will be controlled by the Privacy Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.

‍

10. Cookies

What are cookies?

We may use cookies on our website. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. Cookies are assigned to and stored in a user's internet browser on a temporary (for the duration of the online session only) or persistent basis (cookie stays on the computer after the internet browser or device has been closed). Cookies collect and store information about a user’s preferences, product usage and content viewed which allows for us to provide users with an enhanced and customised experience when engaging with the website.

‍

11. Your Choices (e.g. marketing-related emails or otherwise)

When you request information on or from the website, or otherwise communicate with us, we may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number) to send you marketing-related correspondence by email related to our products. When we process your Personal Information for marketing purposes, we do so on the basis that it is in our legitimate interests to use your Personal Information for these purposes.

We may also use your Personal Information to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.

We do not share your Personal Information for marketing purposes with third parties without obtaining your prior consent.

If you are a Mentor or Mentee or Mentor/Mentee Parent, we will only use your Personal Information for sending you information about the mentorship programme and not for our paid services.

To opt out of receiving marketing-related correspondence from us, please click "Unsubscribe" from any marketing or promotional email you receive from us.

‍

12. Changes to this Privacy Notice

It also is important that you check back often for updates to the Privacy Notice, as we may change this Privacy Notice from time to time. The “Date last updated” legend at the bottom of this page states when the notice was last updated, and any changes will become effective upon our posting of the revised Privacy Notice.

We will provide notice to you if these changes are material and, where required by applicable law, we will seek your consent. We will provide this notice by email or by posting notice of the changes on our website.

Date last updated: February 2021