GDPR Compliance Policy (European Union)
Last updated August 25, 2022
Effective September 6, 2022
Introduction to GDPR Compliance Policy (European Union)
This European Union Compliance Policy is effective from September 6, 2022. By continuing to use The Polaris School from September 6, 2022, you understand and agree to this Privacy Policy. The Polaris School reserves the right to ammend or replace this GDPR Compliance Policy at any time without notice, however if you at any time no longer agree to the GDPR Compliance Policy, you can request for your account to be deleted here and your account with The Polaris School (and any personal data, as well as purchased content) will cease in accordance with our Privacy Policy and GDPR (UK), GDPR (EU) and CCPA (California) Policies for data protection. “The Polaris School”, “We”, “Our” and “Us” refers to The Polaris School platform and its associated entities - including the site administrators, contractors and respective owners. “You”, “Your” and “Yourself” refers to you, the site visitor (at any capacity, depending on context). “Platform”, “Website”, “Site”, “Service”, “Services” and “Polaris” refers to The Polaris School website accessible at https://thepolaris.school. “User”, “Users’, “Customers”, “Students”, “Parents”, “Account holder”, “Account holders” and “Licensees” refers to the site visitor with or without a respective The Polaris School account (depending on context). “Administrators”, “Staff”, “Owners” and “Teachers” refers to the owners, staff or contractors of The Polaris School. “Subscription” refers to a paid ongoing contract with The Polaris School, which provides access to “content”. “Content”, “Materials”, “Lessons”, “Blocks” and “Purchases” refers to digital materials made available to a user with or without a purchase (depending on context). “Personal data”, “Data”, “Personal information” and “Account data” refers to personal information belonging to a user made available to, or collected by, the Polaris School “Enrolled” and “Enrolling” refers to a student with, or in the process of obtaining, an active The Polaris School account. This Privacy Policy is in place in line, dictated by, and in compliance with local laws. In the event that information made available on this page is not in compliance or is not compatible with the laws of a user’s relevant jurisdiction, the law overrides the policy outlined on this page.
Addition to Privacy Policy and Terms of Service, and Effective In Applicable Regions
This GDPR Compliance Policy (EU) is applicable only to lawful residents currently residing in the European Union (excluding the UK and former EU residents with UK nationality or residence, where its own separate GDPR Compliance Policy overrules this policy), in compliance with EU laws. This Compliance Policy is in addition to, and overrides where applicable, the general Privacy Policy and Terms of Service. Where this Compliance Policy is not in compliance or is not compatible with the laws of the European Union, the law overrides the Compliance Policy and that overrides the general Privacy Policy. Unless stated and overriden in this Compliance Policy, all processes and information outlined in the general Privacy Policy apply to users in the European Union.
Users in the United Kingdom; State of California, United States and Internationally have different Compliance Policies. In the event that a user moves between different jurisdictions, the user may request for their personal data to be handled in accordance with the laws of the new current local jurisdiction (in accordance with section 1c.v in the general Privacy Policy).
1a) Handling of Personal Information in Compliance with GDPR
GDPR applies to processing of personal data that is:
- wholly or partly by automated means; or
- the processing other than by automated means of personal data which forms part of, or is intended to form part of, a filing system.
Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information.
- Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.
- Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.
- If personal data can be truly anonymised then the anonymised data is not subject to the UK or EU GDPR. It is important to understand what personal data is in order to understand if the data has been anonymised.
- Information about a deceased person does not constitute personal data and therefore is not subject to the UK or EU GDPR.
- Information about companies or public authorities is not personal data.
- However, information about individuals acting as sole traders, employees, partners and company directors where they are individually identifiable and the information relates to them as an individual may constitute personal data.
The Polaris School collects both personally identifiable and non-personally identifiable data. The personally identifiable data we collect is stored on Outseta’s servers and the categories of data we collect are accessible on our general Privacy Policy. We do not collect any further information from users in the European Union than is outlined on the general Privacy Policy and collected worldwide.
1b) Handling of Personally Identifiable Data
An individual is ‘identified’ or ‘identifiable’ when we can distinguish them from other individuals. The categories of data collected on users as outlined in the general Privacy Policy are the only identifiable categories that we collect from users. All other information that we collect is anonymous and unidentifiable.
In the event that further personal information that is identifiable is collected, the Privacy Policy and/or the GDPR Compliance Policy (EU) will be updated to reflect this.
1c) Handling of Unidentifiable (Random/Anonymous) Data
In addition to the identifiable data we collect as outlined in the general Privacy Policy, we also collect and handle unidentifiable random data that cannot be tied to a specific user, and is used more broadly to track overall site statistics. You can view the categories of information in the general Privacy Policy. In the event that further unidentifiable information is collected, the Privacy Policy and/or the GDPR Compliance Policy (EU) will be updated to reflect this.
1d) Your Rights Under GDPR
The EU GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
The Polaris School makes every effort to comply with these rights and ensure users are in control of their personal data. Users can request a Copy of Account Data here, request for Deletion of Account Data here, request for Rectification of Account Data here and make a request for any other GDPR Compliance here. At any time users can request for deletion of their account, recification of account details, a copy of their account data or to exercise any others of their GDPR rights.
1e) Compliance With The EU Under GDPR
The Polaris School complies with the European Union for users in the EU - with extensive reviews of GDPR and data handling in accordance with relevant authorities’ best practices and EU law. In the event of a breach, as outlined in the general Privacy Policy, it is immediately reported to the relevant authorities or privacy protection organisations in accordance with the GDPR guidelines, within 72 hours.
1f) Making a Complaint To Relevant Authorities or Privacy Protection Organisations
In the event that you feel The Polaris School is not operating data handling correctly under GDPR or that we are not fulfilling our obligation to provide, update or delete personal data when requested and in accordance with EU laws, you may freely make a complaint to the ICO. We make every effort to comply with the rules set out in GDPR and work hard to make it easy to request, rectify and delete data from within our Support dashboard, and hope that you experience no issues with compliance.
1g) Direct Data Protection Enquiries
For more information about what The Polaris School is doing to protect your personal data and to comply with GDPR in the European Union, you can submit a general inquiry here if you’re an existing user. For public enquiries regarding GDPR for non-users, contact us here.