General Data Protection Regulation (GDPR) Privacy Notice

Last updated: January 2, 2025

Zernixo ("we," "our," or "us") is committed to protecting your privacy and ensuring transparent data processing practices. This GDPR Privacy Notice explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (EU) 2016/679.

1. Data Controller Information

Zernixo is the data controller responsible for your personal data. You can contact us at:

• Email: [email protected]
• Phone: +27738628278
• Address: Factory no 6, 36 Anvil Rd, Boltonia, Krugersdorp, 1739, South Africa

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Account registration data: name, email address, password, country of residence
• Profile information: educational background, areas of interest, learning preferences
• Payment information: billing address, payment method details (processed by third-party payment processors)
• Communication data: messages sent through contact forms, support tickets, or email correspondence
• Course enrollment data: selected courses, progress tracking, completion status

2.2 Information Collected Automatically

• Technical data: IP address, browser type, device information, operating system
• Usage data: pages visited, time spent on platform, navigation patterns, interaction with course materials
• Cookies and tracking technologies: session cookies, analytics cookies, preference cookies
• Learning analytics: quiz results, assignment submissions, video watch time, interaction frequency

2.3 Information from Third Parties

• Authentication services: if you register using social media accounts
• Payment processors: transaction confirmation and payment status
• Analytics providers: aggregated usage statistics and performance metrics

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing is necessary to provide educational services you have requested, including course delivery, progress tracking, and certification issuance.

3.2 Legitimate Interests

We process data to improve our platform, develop new educational content, prevent fraud, ensure platform security, and communicate service updates.

3.3 Consent

For marketing communications, non-essential cookies, and sharing success stories or testimonials, we rely on your explicit consent, which you may withdraw at any time.

3.4 Legal Obligations

We process data when required to comply with legal obligations, including tax reporting, accounting requirements, and responding to lawful requests from authorities.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing access to online courses and learning materials
• Managing your account and authenticating your identity
• Processing payments and maintaining transaction records
• Tracking course progress and issuing certificates of completion
• Personalizing learning recommendations based on your interests
• Communicating course updates, platform changes, and important notices
• Responding to support requests and troubleshooting technical issues
• Analyzing platform usage to improve educational content and user experience
• Preventing fraud, abuse, and unauthorized access
• Sending promotional materials and course recommendations (with consent)
• Conducting research to enhance educational methodologies
• Complying with legal and regulatory requirements

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We engage third-party service providers who process data on our behalf, including:

• Cloud hosting and infrastructure providers
• Payment processing services
• Email communication platforms
• Customer support software providers
• Analytics and performance monitoring tools
• Content delivery networks

5.2 Educational Partners

We may share relevant data with course instructors, academic institutions, or certification bodies to facilitate course delivery and credential verification.

5.3 Legal Requirements

We disclose personal data when required by law, legal process, litigation, or requests from governmental authorities.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the relevant third party, subject to equivalent privacy protections.

We do not sell your personal data to third parties for their marketing purposes.

6. International Data Transfers

As a transnational learning platform, we may transfer your personal data to countries outside the European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for intra-group transfers
• Your explicit consent for specific transfers

We ensure all international transfers comply with GDPR requirements and maintain the security and confidentiality of your data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this notice:

• Active account data: retained while your account remains active
• Course enrollment records: retained for seven years after course completion for certification verification
• Payment records: retained for ten years to comply with accounting and tax obligations
• Marketing consent records: retained until consent is withdrawn
• Technical logs: typically retained for 12 months unless required for security investigations

After the retention period expires, we securely delete or anonymize your personal data. You may request earlier deletion subject to our legal obligations.

8. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request confirmation of whether we process your personal data and obtain a copy of that data along with supplementary information about the processing.

8.2 Right to Rectification

You may request correction of inaccurate personal data and completion of incomplete data.

8.3 Right to Erasure

You may request deletion of your personal data when processing is no longer necessary, consent has been withdrawn, or processing is unlawful. This right is subject to legal retention obligations.

8.4 Right to Restriction of Processing

You may request limitation of processing when you contest data accuracy, processing is unlawful, or you need the data for legal claims.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

8.6 Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significant impacts.

8.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at [email protected]. We will respond to your request within one month, with possible extensions for complex requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using TLS protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response procedures and breach notification protocols
• Regular backups and disaster recovery planning

While we strive to protect your personal data, no method of transmission or storage is completely secure. We encourage you to use strong passwords and protect your account credentials.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance platform functionality and analyze usage patterns:

10.1 Essential Cookies

Necessary for platform operation, including session management, authentication, and security features. These cookies cannot be disabled without affecting platform functionality.

10.2 Analytics Cookies

Used to understand how visitors interact with our platform, measure performance, and identify areas for improvement.

10.3 Preference Cookies

Remember your settings, language preferences, and customization choices to enhance user experience.

10.4 Marketing Cookies

Track visitors across websites to display relevant advertisements and measure campaign effectiveness. These require your explicit consent.

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may limit platform functionality.

11. Children's Privacy

Our platform is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data, contact us immediately at [email protected], and we will delete such information promptly.

12. Changes to This Privacy Notice

We may update this GDPR Privacy Notice periodically to reflect changes in our practices, legal requirements, or platform features. We will notify you of material changes through email or prominent platform notices. The updated notice will indicate the revision date at the top. Continued use of our services after changes constitutes acceptance of the updated notice.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. You may contact the supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

While we encourage you to contact us first to resolve concerns, this right exists independently and does not require prior contact with us.

14. Data Protection Officer

For questions about this GDPR Privacy Notice, data protection practices, or to exercise your rights, you may contact our data protection team at:

• Email: [email protected]
• Subject line: GDPR Data Protection Inquiry

We are committed to addressing your concerns and responding to requests in accordance with GDPR timelines and requirements.

15. Additional Information for Specific Processing Activities

15.1 Email Communications

We send transactional emails necessary for service delivery without requiring consent. Marketing emails require explicit opt-in consent. You may unsubscribe from marketing communications at any time using the unsubscribe link in emails or by contacting us directly.

15.2 Learning Analytics

We analyze learning patterns to improve educational outcomes and personalize recommendations. This processing is based on legitimate interests and contractual necessity. You may object to analytics processing by contacting us.

15.3 Video and Multimedia Content

When you interact with video lectures and multimedia materials, we collect viewing data to track progress and improve content delivery. This data is processed based on contractual necessity and legitimate interests.

15.4 Community Features

If we offer forums, discussion boards, or peer interaction features, information you share publicly is visible to other users. Exercise caution when sharing personal information in public areas.

Thank you for trusting Zernixo with your personal data. We are committed to transparency, security, and respecting your privacy rights throughout your learning journey.