ZYDII'S PRIVACY POLICY

INTRODUCTION

Welcome to Zydii’s Privacy Policy. Zydii respects the right to privacy and is committed to maintaining our Customers' trust. As a Data Processor, we assure that all personal data provided by individual Users, to whom our Customers grant access, will be treated confidentially and processed strictly as per relevant legislation, including the General Data Protection Regulation 2016/679 (the “GDPR”), California Consumer Privacy Act (“CCPA”), and the Data Protection Act, 2019 of Kenya. For the purpose of this Privacy Policy, our Customers are defined as for-profit, not-for-profit organizations, and public offices. We urge you to read this Privacy Policy carefully as it forms part of the written agreement between Zydii and each of our Customers.

1. WHO WE ARE AND PURPOSE OF THIS PRIVACY POLICY

Zydii Limited, hereafter referred to as "Zydii", "we", "us", or "our", is a data processor, providing Services to our Customers. These Services involve the collection of personal data through our Websites, Apps, Social Media Pages, and offline interactions. The purpose of this Privacy Policy is to explain the nature, scope, and purpose of the data processing involved in our Services, in accordance with our obligations under the GDPR, CCPA, and the Data Protection Act, 2019 of Kenya. Users based in the European Economic Area should note that we, as a 'data processor' under the GDPR, respect your rights as stipulated in the GDPR. As Data Controllers, our Customers are responsible for ensuring the legal compliance of any data processing, and for providing necessary disclosures to Users about their rights concerning Personal Information, as per the Data Protection Act, 2019 of Kenya, the GDPR, CCPA, and other applicable laws. Please note, our website is not designed for, nor do we intentionally collect data from, children.

Data Processor

As a Data Processor, Zydii processes Users’ personal data solely to provide the Services to our Customers, following the instructions of our Customers. Customers, as Data Controllers, decide which of their employees or authorized personnel have access to the Services. The designated Zydii account or group administrators ("Administrator") act on behalf of the Customer to manage individual User accounts and populate the Customer account with content, where applicable. Customers bear sole responsibility for complying with all relevant laws and regulations relating to the collection and use of personal information of individual Users selected for accessing the Services. Individual Users should direct any queries or requests regarding their personal data to their respective Customer (their employer), as Zydii does not have a direct relationship with individual Users. For any questions about this Privacy Policy, including requests to exercise legal rights, please contact our designated [data protection officer (DPO)].

Changes to the Privacy Policy

We will provide updates if there are significant changes in our processing of Personal Information that affect our Services to Customers.

Third-Party Links

Our website may contain links to third-party websites, plug-ins, and applications. Interaction with these links may result in third parties collecting or sharing your data. We have no control over these third-party websites and are not responsible for their privacy policies. We recommend reading the privacy policy of each website you visit after leaving our site.

2. DEFINED TERMS

For the purpose of this policy, the following terms are defined as follows:
Personal Information or Personal Data: Information about an individual User that enables the identification of the individual. It excludes data from which the identity has been removed (anonymous data). Examples include, but are not limited to, name, postal address, telephone number, email address, credit card number or other payment details, and social media account ID. Browser cookie IDs and similar codes are not included.
Other Information: Information that does not specifically identify a User or is not directly associated with an individual, such as data related to Services usage.
Policy: Refers to this Privacy Policy.
Consent: The User's approval for the processing of their Personal Data, given in the format required by the respective Customer, forms the basis for the User's access to our Services.
Cookies: Small data files transferred to your computer or mobile device, enabling the retention of account log-in information, IP addresses, web traffic, number of site visits, browser type/version, device details, date/time of visits.
User: An individual who accesses the Websites and utilizes the Services, having consented to the end services. The term "information" may refer to either Personal Information or Other Information in this Privacy Policy.
User Terms: These are the rules for using each of our Services. The rules are product-specific and each product provides them separately, seeking consent to them independently of this Policy.

3. PERSONAL INFORMATION PROCESSED UNDER THIS POLICY

Upon being granted access to the Services by an Administrator, a User may set up an individual account. We will collect Personal Information from the User to provide the requested Services. The types of data requested may include, but are not limited to:

• Identity Data: First name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender.

• Contact Data: Delivery address, email address, telephone numbers.

• Transaction Data: Details about payments to and from the Customer and details of products and services the Customer has purchased from us, including credit card information, card authentication data, billing address, ZIP code.

• Technical Data: Internet protocol (IP) address, login data, browser type/version, time zone setting/location, browser plug-in types/versions, operating system/platform, other technology on the devices used to access this website.

• Profile Data: User’s username and password, interests, preferences, job skills, goals and role, feedback, survey responses.

• Usage Data: Information about how the User uses our website, products, and Services, content viewed, searched for, accessed; interactions with instructors, teaching assistants, Administrators, other Users; answers, essays, other items submitted by Users to satisfy training content requirements.

• Marketing and Communications Data: User’s preferences regarding receiving marketing from us and our third parties.

• Aggregated Data: Statistical or demographic data derived from the Users' Personal Information but not directly or indirectly revealing the Users' identity.

User profile pages may be viewable by other Users within the same organization but are not accessible to individuals outside of the organization.

4. INFORMATION COLLECTION PROCEDURES

We collect User data through various methods as they engage with our Services. These include:

• Direct interactions: Personal information, including identity, contact, and financial data, may be collected when Users fill forms, correspond via post, phone, email, or other methods. This happens when Users:

  1. Create an account on our Websites

  2. Subscribe to our services or publications

  3. Request marketing materials

  4. Participate in competitions, promotions, or surveys

  5. Provide feedback or reach out to us

• Automated technologies or interactions: As Users interact with our Websites, we automatically collect and store certain information, including technical data about their device and browser. This information is gathered via server log files and tracking technologies, including cookies and other tracking mechanisms.

• Third-party sources: We may acquire personal information about Users from third parties and public sources if they visit other websites using our cookies. Please refer to our Cookies Policy for more details.

The inability to collect and process respective User's personal information may hinder our capacity to provide some or all of the Services. 

We use third-party payment processors for online payment services. If payment is made using these services, the User's Personal Information might be collected directly by the processor, not us, and is subjected to that third party's privacy policy.

5. USAGE OF PERSONAL INFORMATION

We use Personal Information to offer Services to our Customers as per applicable data processing terms, including to:

• Execute Customer’s instructions regarding User's personal information.

• Facilitate access to the Services, manage transactions and account preferences, offer assistance (e.g., technical support), and create and manage accounts for Customers and Users.

• Communicate with Users through various means including emails, responding to queries, sending administrative messages and information, providing updates about courses, and recommending personalized content.

• Enable interaction between Users and instructors or teaching assistants.

• Incorporate feedback to improve Services, resolve support requests, send administrative information, market communications, facilitate social sharing (if chosen by the User), analyze trends and statistics, ensure compliance, monitor fraud and security, and respond to legal duties.

6. DISCLOSURE OF PERSONAL INFORMATION

Your Personal Information may be disclosed to:

• Strategic partners and third-party service providers who offer services like data analysis, SMS transmission, payment processing, information technology provision, bulk email communication, auditing, and similar services. These parties are contractually obliged to use data only as directed by us, offer protection for Personal Information, and inform us if they can no longer ensure this protection.

• Legal entities in response to warrants, court orders, or relevant laws, or to establish or exercise our rights, defend against a legal claim, investigate, prevent or take action regarding illegal activities, suspected fraud, or a violation of our Terms.

• Instructors who upload content on our Websites, and their teaching assistants, for communication purposes, but without sharing User email addresses.

• Other service providers of a Customer, upon the Customer’s instruction.

• We may also choose external data centers and cloud hosting services for hosting certain content and Personal Information of Users. If these centers are outside Kenya, we ensure Personal Information transfer is compliant with applicable data protection laws.

Features like chat rooms, message boards, news groups, or other public forums are available, but Users should share confidential or proprietary information according to their organization’s policies.

Other Information may be used and disclosed for any purpose unless prohibited by applicable law. If required to treat Other Information as Personal Information under applicable law, we will use it as we use and disclose Personal Information. Sometimes, we may combine Other Information with Personal Information. If we do so, the combined information is treated as Personal Information.

Any other sharing of User Personal Information is subject to the consent and instructions of the Customer.

7. OPT-OUT

Users have the ability to opt-out of receiving non-transactional electronic communications from us. This can be achieved by clicking on the unsubscribe link in any marketing-related emails we send. While we aim to comply with a User's requests as promptly as possible, Users should note that we may still send them necessary administrative messages relating to their use of the Services.

8. THIRD-PARTY SIGN-IN SERVICES

Users have the option to log in to some of the Services using third-party sign-in services such as Facebook Login, Google OAuth, or an Open ID provider. These services authenticate a User’s identity and offer the option to share certain Personal Information, like name and email address, with us.

9. TESTIMONIALS, RATINGS, AND REVIEWS

Should a User submit testimonials, ratings, or reviews to the Services, any Personal Information included may be publicly displayed. If a User wishes to have their testimonial removed, they may contact us at tech@zydii.com.

10. LIMITATION

We are not accountable for the data collection, usage, and disclosure policies and practices of other organizations such as app developers, social media platform providers, operating system providers, wireless service providers, or device manufacturers.

11. DATA RETENTION

We retain your Personal Information for a period that is in line with the instructions from the Customer and as required by law. We also delete certain or all Personal Information relating to Users upon the request of the Customer.

12. SECURITY OF INFORMATION

We prioritize the security of Personal Information and have implemented reasonable security measures to protect this data from loss, misuse, unauthorized access, alteration, and destruction.

13. ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

This paragraph provides additional details about the Personal Information we may collect and receive about California consumers and the rights afforded to such consumers under the California Consumer Privacy Act or (“CCPA”) For more details about the Personal Information we may collect, including the categories of sources, please see paragraph 3 above. We collect and receive this information for the business and commercial purposes described in 4 We disclose this information as described in paragraph 5 above. We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in this Privacy Policy and our Cookies Policy.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. California consumers may make a request through the process provided by your respective institution or through our contact details below. We will verify your request and may request Government identification or other information in order to do so. Consumers can also designate an authorized agent to exercise these rights on their behalf.

14. DATA SUBJECTS IN THE EU AND UK

Rights and requests

Data subjects in the EU and United Kingdom may have certain rights regarding the processing of their Personal Information. You can obtain information about the applicable rights and how to exercise them from the relevant Customer that is the Data Controller of your Personal Information.

Access

Within the scope of our authorization to do so, we will work with our Customers, the Data Controllers, to support the Customers in providing their Users (Data Subjects) access to their Personal Information that we hold on their behalf.

Corrections

We will take reasonable steps to enable individuals, in connection with their Customers, to correct, amend, or delete Personal Information that is demonstrated to be inaccurate.

Questions and Other Requests

If a User has further questions about the collection, retention and use of their Personal Information, about their choices and rights regarding such collection, retention and use, or wish to exercise their rights under applicable law, the User should contact their respective Customer that is the Data Controller of the User’s Personal Data (this may be the User’s employer). We will forward any such communications to our Customer, provide the User with contact information for the Customer, and work with the Customer to address Users’ questions and/or facilitate Users’ choices and rights as appropriate. If you have questions about our role as a Data Processor, you can contact us via email at tech@zydii.com.

Complaints

We may be able to assist you in resolving any complaints about the collection or use of your Personal Data. We will forward your complaint to the relevant Customer (often the employer associated with that account), which is the Data Controller of that Personal Data. You may wish to reach out to the Data Controller before contacting us, as the Data Controller may be in the best position to resolve your issue.

15. INTERNATIONAL DATA TRANSFERS

Our servers and sub-processors are located in the Netherlands and the United States of America. In order to provide the Services to our Customers, we transfer and process User data there. If we process Personal Information originating from a User or Administrator in the EEA, we will ensure that such processing will only take place if: (a) the non-EEA country in question ensures an adequate level of data protection; (b) the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between us and the Customer.

16. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or change this Privacy Policy at any time. Any updates will be posted on our Websites and a notification sent to the Customer

17. THIRD PARTY SUB PROCESSORS

The following is a list of current third-party vendors that may either directly or indirectly collect information from you in their capacity as a sub processor. Please review the relevant privacy policies (links current as of the date of publication of this Privacy Policy) for further information on how each third party handles your Personal Information:

18. CONTACT US

If you have any questions regarding this Privacy Policy you can contact us via email at tech@zydii.com.