General Data Protection Regulation (GDPR) Compliance

Last updated: June 30, 2024

Piova Academy is committed to protecting your personal data and respecting your privacy rights. This GDPR Compliance Notice explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller Information

Piova Academy acts as the data controller for personal information collected through our platform. You can contact us regarding data protection matters at:

Email: support@piovaacademy.com
Phone: +380509998068
Address: Panikakhy St, 2, Dnipro, Dnipropetrovsk Oblast, Ukraine, 49000

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide

Account registration details (name, email address, password)
Profile information (educational background, learning preferences)
Communication data (messages, support requests, feedback)
Payment information (billing address, transaction details)
User-generated content (quiz responses, test submissions, project work)

2.2 Automatically Collected Information

Technical data (IP address, browser type, device information)
Usage data (pages visited, time spent, interaction patterns)
Learning progress and performance metrics
Cookies and similar tracking technologies

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Processing Purpose	Legal Basis
Account creation and platform access	Contractual necessity
Course delivery and progress tracking	Contractual necessity
Payment processing	Contractual necessity
Marketing communications	Consent
Platform improvement and analytics	Legitimate interest
Legal compliance and dispute resolution	Legal obligation

4. How We Use Your Data

We use your personal data for the following purposes:

Providing access to educational content and interactive features
Managing your account and authenticating your identity
Processing payments and maintaining transaction records
Tracking learning progress and providing personalized recommendations
Sending course updates, notifications, and administrative messages
Responding to support requests and resolving technical issues
Improving platform functionality and user experience
Conducting research and analytics to enhance educational offerings
Complying with legal obligations and enforcing our terms
Preventing fraud and ensuring platform security

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We engage third-party service providers who process data on our behalf, including:

Cloud hosting and infrastructure providers
Payment processors and financial institutions
Email delivery and communication services
Analytics and performance monitoring tools
Customer support platforms

5.2 Legal Requirements

We may disclose personal data when required by law, legal process, or governmental request, or to protect our rights, property, and safety or that of our users.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

We do not sell your personal data to third parties for marketing purposes.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we implement appropriate safeguards, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions recognizing equivalent data protection standards
Binding corporate rules for intra-organizational transfers
Explicit consent where required by law

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no legitimate ground for processing.

7.4 Right to Restriction of Processing

You can request that we limit the processing of your personal data under certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

8. Exercising Your Rights

To exercise any of your data protection rights, please contact us at support@piovaacademy.com. We will respond to your request within one month, unless the request is complex or we receive multiple requests, in which case we may extend the response time by up to two additional months.

We may request specific information from you to confirm your identity before processing your request.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Active account data: retained while your account remains active
Learning progress records: retained for the duration of your enrollment plus seven years
Payment records: retained as required by tax and accounting regulations
Communication records: retained for three years after the last interaction
Marketing consent records: retained until consent is withdrawn

After the retention period expires, we securely delete or anonymize personal data.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

Encryption of data in transit and at rest
Regular security assessments and vulnerability testing
Access controls and authentication mechanisms
Employee training on data protection practices
Incident response and breach notification procedures
Regular backups and disaster recovery planning

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance platform functionality and analyze usage patterns. You can control cookie preferences through your browser settings. For detailed information, please refer to our Cookie Policy.

12. Children's Privacy

Our platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected personal data from a child under 16 without proper consent, we will take steps to delete that information.

13. Automated Decision-Making

We may use automated processing to personalize learning recommendations and assess quiz performance. You have the right to request human review of automated decisions that significantly affect you.

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

15. Changes to This Notice

We may update this GDPR Compliance Notice periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated notice on our platform and updating the "Last updated" date. Continued use of the platform after changes become effective constitutes acceptance of the revised notice.

16. Contact Information

For questions, concerns, or requests regarding this GDPR Compliance Notice or our data protection practices, please contact us at: