Privacy Policy

Introduction

We take your privacy seriously and are committed to protecting your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) or Canadian provincial laws were applicable such as the Personal Information Protection Act of British Columbia and other relevant international laws and frameworks. In this Privacy Policy, we provide information on the data we collect, the purposes for which we use your data, your rights, and how to exercise them.

Data Controller

The Data Controller is Edvisor Technologies Inc. located at 2F - 342 Water St., Vancouver, BC, CANADA V6B 1B6. If you have any inquiries or concerns regarding this Privacy Policy, contact us at privacy@edvisor.io.

Purposes and Legal Grounds for Processing Personal Data

We process personal data for the following purposes:

1. To provide, improve and measure the performance of our services
2. To communicate with you and respond to inquiries
3. To process payments and manage bookings
4. To personalize your user experience
5. To market our services
6. To identify and prevent fraud or security threats
7. To comply with legal obligations

We process personal data on the following legal grounds:

1. Performance of a contract
2. Legitimate interests
3. Consent

How We Collect Personal Data

We collect personal data when you:

1. Visit our website, complete a public form or survey, sign up for newsletters, updates or contests and contact us via chat or email
2. Create an account
3. Create or update a student record, quote, booking, or message
4. Interact with our content on third-party platforms

What Personal Data We Process

When you visit our website

When you interact with the Edvisor website, we collect information in order to evaluate site performance, determine your preferences, analyze user behaviour, and improve our content, marketing, and services. This information may include site interactions including recordings, your IP address and location, referral sources, browser cookies, device type, locale and similar device and browser technical data collected during your visit. You can control what information is collected using the cookie preference controls.

When you complete a public form or contact us

When you contact Edvisor or submit a form on our public website such as registering to receive updates from Edvisor, entering a contest, completing a survey or submitting a ticket, we collect additional information in order to respond to your request and offer personalized assistance or marketing. By submitting a form or contacting us, you grant explicit consent for Edvisor to collect and process this information. This information may include your full name and email, any information you voluntarily provide in the email or form, language and communication preferences.

When you create an account

When you create an account on the Edvisor platform, we collect information about you and your business in order to verify, register and secure your account, connect you with other users and optimize your user experience. By registering an account, you grant explicit consent for Edvisor to collect and process this information, which may encompass your personal and business full name, phone numbers, mailing addresses, social media profiles, payment and billing information, and security-related data such as your username, password, and security questions.

When you create or update a student record, quote, booking, or message

You have the ability to input student information into the Edvisor platform in order to effectively provide services and manage your business operations. As the data owner and controller of any student information entered into the Edvisor platform, you are responsible for obtaining the necessary consents and ensuring compliance with all applicable data protection laws and regulations.

As a sub-processor, we will process this data on your behalf, adhering to GDPR guidelines and ensuring the safety of the data as per the Data Protection Measures outlined in this Privacy Policy.

This student information may include the student's: full name, date of birth, gender, nationality, email address, phone number, mailing address, education history, academic transcripts, standardized test scores, visa information, accommodation preferences, arrival and departure dates, parent information, and study preferences.

Interact with our content on third-party platforms

When you interact with our content on third-party platforms, such as social media sites or other websites, we collect information to better understand your behavior, preferences, and interests in order to improve our content, marketing, and services. We may also use this information to identify trends, measure the effectiveness of our campaigns, and tailor our marketing strategies to better engage with our audience on third-party platforms.

The information may include social media profile information, engagement data, technical data, referral data, and content viewed or interacted with.

Sharing Your Personal Data with Third Parties

As part of our business operations, we may share your personal data with the following categories of recipients:

1. Service providers: We may disclose your personal data to third-party service providers who support our business operations, such as payment processors, IT services, and marketing providers. These service providers are required to process your data in compliance with the GDPR and are subject to strict confidentiality agreements.
2. Business Partners: We may share your personal data with our affiliated companies and subsidiaries to provide you with a seamless experience and relevant products or services.
3. Legal and regulatory authorities: We may disclose your personal data to comply with legal or regulatory obligations, enforce our terms of service, or protect the rights, property, and safety of our company, users, and the public.
4. Business transactions: In the event of a merger, acquisition, or asset sale, we may share your personal data with the relevant parties, provided that they comply with GDPR data protection requirements.

Transfers of Personal Data Outside the European Economic Area (EEA)

As part of our business operations, we transfer your personal data to countries outside the European Economic Area (EEA). In accordance with the GDPR, we implement suitable safeguards for such transfers, including reliance on adequacy decisions, the use of standard contractual clauses where there is no recognition of the destination country's adequacy by the European Commission, or binding corporate rules. Additionally, we ensure that any recipient of your personal data outside the EEA maintains a level of data protection equivalent to that required by the GDPR and implements robust security measures to protect your data.

Data Protection Measures

We are committed to ensuring the security and protection of the personal data we process, and to providing a compliant and consistent approach to data protection. We have implemented robust data protection measures to safeguard the privacy and integrity of the personal data we collect and process through our SaaS product. These measures include:

1. Encrypted Data Storage and Transfer: We use industry-standard encryption methods, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), to protect data transmitted between our servers and your device. Additionally, we encrypt sensitive data, like passwords and payment information, when stored on our servers.
2. Access Control: We limit access to personal data to authorized personnel only, based on their job responsibilities and the principle of least privilege. We employ strict authentication and authorization processes, including unique login credentials and multi-factor authentication, to ensure only authorized users can access the data.
3. Limited Data Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. Details in the Data Retention section of this Privacy Policy.
4. Regular Audits and Monitoring: We conduct regular security audits and continuously monitor our systems to detect and prevent security vulnerabilities, breaches, and unauthorized access. Our security measures are reviewed and updated regularly to ensure they remain effective and aligned with industry best practices.
5. Data Processing Agreements: We enter into data processing agreements with all our subprocessors and service providers who process personal data on our behalf. These agreements outline their obligations to protect personal data in line with our privacy policy and GDPR requirements.
6. Data Breach Response: We have implemented a data breach response plan to ensure timely identification, reporting, and mitigation of any data breaches or incidents. In case of a breach, we will notify the relevant supervisory authority and affected individuals, as required by the GDPR, PIPEDA and other relevant laws.
7. Privacy by Design and Default: Our SaaS product is designed with privacy and data protection in mind from the outset. We incorporate data protection principles and measures into the development and maintenance of our product, ensuring that personal data is processed securely and minimally by default.
8. Employee Training and Awareness: We provide regular training and resources to our employees to ensure they are aware of their data protection responsibilities, GDPR and PIPEDA requirements, and best practices for handling personal data securely.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the principles of data minimization and storage limitation. Our data retention policy ensures that personal data is managed responsibly and securely, and that we comply with legal, regulatory, and contractual obligations.

1. Purpose-Driven Retention: We retain personal data based on the specific purposes for which it was collected, such as providing our services, responding to inquiries, maintaining customer accounts, or managing our legal and financial records. Once these purposes have been fulfilled, the data is securely deleted or anonymized.
2. Legal and Regulatory Compliance: We adhere to applicable laws, regulations, and industry standards that may require us to retain personal data for a specific period of time. For example, we may be obligated to keep financial records for tax or audit purposes, or to maintain records related to legal disputes or contractual agreements.
3. Retention Periods: Our data retention periods are determined based on the nature of the data, the purpose for which it is processed, and any relevant legal or regulatory requirements. We regularly review and update our retention periods to ensure they remain appropriate and compliant.
4. Secure Deletion and Anonymization: When personal data is no longer needed for its original purpose or required by law, we securely delete or anonymize the data using industry-standard methods. This ensures that the data cannot be traced back to an individual and protects the privacy of our users.
5. Data Archiving: In some cases, we may archive personal data for historical, statistical, or research purposes. When archiving data, we ensure that appropriate safeguards are in place to protect the data from unauthorized access, disclosure, or alteration.

Individual Rights

If you are an EU or Canadian resident, you have the following rights concerning your personal data, as established and limited by the relevant regulatory frameworks:

1. Access: You have the right to access the personal data we hold about you.
2. Rectification: You have the right to request that we correct any inaccuracies in your personal data.
3. Erasure: You have the right to request that we delete your personal data in certain circumstances.
4. Restriction of processing: You have the right to request that we restrict the processing of your personal data in certain situations.
5. Data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
6. Objection to processing: You have the right to object to the processing of your personal data in certain circumstances, such as direct marketing.
7. Withdraw consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes upon applicable privacy laws.

Exercising Your Rights

To exercise any of your data subject rights, please contact our Data Protection Officer at privacy@edvisor.io.

In order to ensure the security of your personal data and prevent unauthorized access, we may require you to provide proof of your identity before we can process your request. We will process your request in accordance with applicable data protection laws and regulations. Please be aware that the time it takes to fulfill your request may vary depending on the nature and complexity of the request, as well as any legal or technical constraints. We will strive to respond to your request within a reasonable timeframe.

If, after contacting Edvisor, you are not satisfied with our response, you may lodge a complaint with the relevant data protection authorities such as the European Data Protection Board or the Office of the Privacy Commissioner of Canada.

Please note that we may be unable to fulfill your request in certain circumstances, such as when it conflicts with our legal or regulatory obligations, or when it would involve a disproportionate effort or expense. In such cases, we will inform you of the reasons for our decision and any available recourse.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we do, we will revise the updated date at the top of this page, and post a notification for registered users. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.

Acceptance of These Terms

By accessing and using the Edvisor platform or accessing the website, you acknowledge and agree to the terms set forth in this privacy policy. If you do not agree with any part of this policy, please refrain from using the platform or website. Your continued use of the platform or website, following the posting of any changes or updates to this policy, constitutes your acceptance of those modifications. We encourage you to periodically review our privacy policy to stay informed about any changes and how we are protecting your personal information.

Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: privacy@edvisor.io