07500780088
Empty notifications
Login Register

1. Introduction


At Kurdistan Academy, safeguarding the privacy and personal data of our users is of paramount importance. This Privacy and Policy document outlines how we collect, use, store, and protect personal information. We adhere to the highest standards of data protection, consistent with international legal frameworks, including the General Data Protection Regulation (GDPR) and other recognized global privacy standards (European Union, 2016).



2. Information We Collect


We collect personal data to provide, improve, and personalize our educational services. The data we collect includes:



  • Personal Information: such as full name, date of birth, gender, nationality, and contact information (email address, phone number).

  • Academic Information: including course enrolments, grades, feedback, and academic interests.

  • Technical Information: including IP addresses, browser type, device information, and browsing patterns within our platform.

  • Payment Information: for students purchasing courses or subscriptions, secure payment details are collected through trusted third-party services (PCI Security Standards Council, 2018).



3. How We Use the Information


Collected information is used strictly for the following purposes:



  • Service Provision: To manage student registrations, course access, and academic records.

  • Communication: To send educational materials, notifications, updates, and promotional offers with explicit consent.

  • Platform Improvement: To analyze user behavior and improve website functionality and user experience.

  • Security Enhancement: To detect, prevent, and address fraudulent activities, breaches, and misuse of our platform (Information Commissioner’s Office, 2021).



4. Legal Basis for Data Processing


Our processing of your personal data is based on the following legal grounds:



  • Consent: When users voluntarily provide personal information.

  • Contractual Necessity: To fulfill obligations under enrollment agreements.

  • Legitimate Interests: To operate, maintain, and improve Kurdistan Academy services.

  • Legal Obligations: Compliance with legal requirements related to education, taxation, and consumer protection (European Data Protection Board, 2020).



5. Data Sharing and Third-Party Services


We do not sell, rent, or lease user data. However, we may share personal data with trusted third-party service providers solely for operational purposes, including:



  • Payment processors (e.g., Stripe, PayPal).

  • Cloud hosting providers.

  • Educational partners and accreditation bodies (where applicable).


All third parties are contractually obliged to maintain strict confidentiality and data protection standards (National Institute of Standards and Technology, 2020).



6. International Data Transfers


Where user data is transferred across borders, Kurdistan Academy ensures that adequate data protection measures are implemented, such as:



  • Standard Contractual Clauses (SCCs).

  • Binding Corporate Rules (BCRs).

  • Certifications under recognized frameworks such as the EU–US Privacy Shield (before its invalidation) (Court of Justice of the European Union, 2020).



7. Data Retention Policy


We retain personal data only for as long as necessary to fulfill the purposes described above, or as required by law:



  • Student academic records: retained indefinitely for accreditation and reference purposes.

  • Payment records: retained for 7 years in accordance with financial regulations.

  • User accounts: retained for as long as the user remains active, and deleted within 90 days upon user request.



8. Your Data Protection Rights


Users have several rights under applicable privacy laws, including:



  • Right to Access: Obtain a copy of your personal data.

  • Right to Rectification: Correct inaccuracies in your data.

  • Right to Erasure (Right to be Forgotten): Request deletion of your data under certain conditions.

  • Right to Restriction: Limit the way your data is processed.

  • Right to Data Portability: Receive your data in a structured, commonly used format.

  • Right to Object: Object to the processing of your data based on legitimate interests (Information Commissioner’s Office, 2021).


Requests to exercise these rights can be submitted to our Data Protection Officer (DPO) at [Insert Contact Email].



9. Security Measures


Kurdistan Academy implements a comprehensive set of technical and organizational security measures, including:



  • SSL/TLS encryption for all data transmissions.

  • Multi-factor authentication for administrative access.

  • Regular vulnerability assessments and penetration testing.

  • Data anonymization and pseudonymization techniques (National Institute of Standards and Technology, 2020).



10. Cookies and Tracking Technologies


We use cookies and similar technologies to enhance user experience, analyze site usage, and assist in marketing efforts. Users are provided the ability to manage cookie preferences directly through our platform (European Data Protection Board, 2020).



11. Changes to This Policy


We reserve the right to update this Privacy and Policy page as necessary to reflect changes in legal, regulatory, and operational requirements. Users will be notified via email and/or prominent platform notices before any substantial changes become effective.