1. PURPOSE OF OUR POLICY
Our company, Xenios Academy Inc. [company number 6944072], values the privacy of our users and takes it seriously. We collect Personal Information to process orders, enhance our content and services, keep you informed of any changes to our products and services, and provide a tailored experience. Rest assured that we do not disclose, exchange or lease Personal Information to any third party.
If you have any questions about this Policy, please feel free to contact us at firstname.lastname@example.org.
2. To whom and to what this Policy is applicable.
If an individual provides Personal Information or other data concerning someone other than themselves, they must warrant that they have the person's consent to provide this information for the specified purpose.
At Xenios Academy, we consider protecting the privacy of children to be of utmost importance. As a result, individuals under 18 years of age are not allowed to access or use Xenios Academy. If we become aware that we have obtained Personal Information from individuals under 18 years of age, we will take appropriate measures to remove such information and delete the account.
3. How we collect information
Personal information will be primarily collected when an individual uses Xenios Academy, sets up an account with us, or contacts us for inquiries. Nonetheless, we may also obtain personal information from other sources such as advertising, public records, mailing lists, contractors, staff, recruitment agencies, and business partners. This includes information collected through registrations/subscriptions, comments/testimonials on our website, referrals, the supply of goods or services, physical access, online access through cookies or analytical services, and pixel tags. We will ensure that individuals are always aware when their personal information is being collected, whether through electronic or physical means.
If we obtain personal information without an individual's knowledge, we will either delete/destroy the information or inform the individual that we possess such information in accordance with the GDPR.
4. When do we use or disclose personal information
Our primary principle is to use Personal Information only for the purpose for which it was collected, and with the individual's permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted. We will only process Personal Information when we have a lawful basis to do so, and we will keep a record of the basis for each processing purpose.
The most common lawful bases we rely on are Consent and Legitimate interests. We will only use Personal Information based on express, clear, and informed consent, which can be withdrawn at any time. We will also rely on legitimate interests only when necessary and balance them against the individual's interests, rights, and freedoms.
We will retain Personal Information for as long as necessary, and we will inform individuals if we need to disclose their Personal Information to third parties. We will not sell or disclose Personal Information to unrelated third parties unless we have obtained the individual's consent.
We may use Personal Information to operate our business, provide goods and services, verify identity, communicate with individuals, investigate complaints, and comply with the law. Individuals have the right to object to the processing of their Personal Information for direct marketing purposes.
We may disclose Personal Information if we reasonably believe an individual is engaged in fraudulent or unlawful activity, if required by law, or if we sell our business. We will not disclose Personal Information to any entity outside the United Arab Emirates without the entity's written agreement to safeguard the information.
5. The collective information
As part of our business operations, it is necessary for us to gather Personal Information, which helps us to identify individuals, communicate with them, and conduct transactions. The Personal Information that we may collect includes an individual's name, location, date of birth, nationality, family details, and other identifying details. Additionally, we may collect an individual's contact information such as email, telephone and fax numbers, usernames, and residential or business addresses. We may also gather information related to an individual's qualifications or certificates of compliance, financial information such as bank or credit card details, and statistical information about their preferences, habits, and finances. Furthermore, we may collect any Personal Information that an individual provides us or that is sent to us by others about their activities.
6. THE SAFETY & SECURITY OF PERSONAL INFORMATION
To safeguard an individual's Personal Information from unauthorized access, we take reasonable precautions, including securing our physical facilities and electronic networks. We use SSL encryption to store and transfer Personal Information, but we cannot guarantee the security of online transactions or communications sent electronically or by post. Any individual who submits information to us via the internet or by post does so at their own risk, and we cannot be held liable for any misuse, loss, or unauthorized access to Personal Information outside of our control.
We are not responsible for the privacy or security practices of any third party, including those we are authorized to disclose Personal Information to in accordance with this policy or any applicable laws. The collection and use of an individual's information by such third parties may be governed by separate privacy and security policies.
If an individual suspects any misuse, loss, or unauthorized access to their Personal Information, they should notify us immediately.
We are not liable for any loss, damage, or claim resulting from another person's use of Personal Information that we were authorized to provide to them.
In the event of a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information, we will take the following steps:
Assess the likelihood and severity of the resulting risk to individuals' rights and freedoms immediately.
If there is a risk from the breach, we will notify the relevant supervisory authority and provide all relevant information on the breach within 72 hours of becoming aware of it.
If there is a high risk from the breach, we will notify affected individuals immediately and provide all relevant information on the breach without undue delay.
We will document the facts related to the breach, its effects, and the remedial action taken, as well as investigate the cause of the breach and take measures to prevent similar incidents in the future.
7. OPTING “IN” OR “OUT”
If an individual decides not to allow us to collect and/or process their Personal Information, it may result in the limitation or termination of their access to some or all of the services offered by us. The individual will be informed of this when:
(a) Opting In. If applicable, the individual will have the option to choose to have their information collected and/or receive information from us (it should be noted that consent must involve an unambiguous positive action to opt-in); or
(b) Opting Out. If applicable, the individual will have the option to choose to exclude themselves from some or all of the information collection and/or receiving information from us.
If an individual receives information from us that they did not choose to opt in or out of, they should contact us using the details provided in section 11 below.
8. HOW TO ACCESS, UPDATE AND/OR REMOVE INFORMATION
Xenios Academy users have the option to update their Personal Information through their account or profile at any time to ensure accuracy and completeness. As per GDPR regulations, an individual can request their Personal Information from us, and we must provide it as soon as possible, but no later than 28 days after receiving a written request. The individual is free to keep and reuse their Personal Information for their own purposes, and we may be required to transmit it directly to another organization if feasible.
If a user cannot update their own information, we will correct any errors in their Personal Information within 28 days of receiving written notice, or two months for complex requests. It is the individual's responsibility to provide us with accurate and truthful Personal Information, and we cannot be held liable for any incorrect information provided to us.
We may refuse to respond or charge a reasonable fee if a request for Personal Information is manifestly unfounded, excessive, or repetitive. We will explain the reason for refusal and the individual's right to complain to the supervisory authority and seek a judicial remedy within 28 days.
We may be required to delete or remove all Personal Information we have on an individual in certain circumstances, such as when the information is no longer necessary or when the individual withdraws consent. However, we may refuse to delete Personal Information in cases where it is necessary for public interest, legal obligations, or the exercise of legal claims.
9. COMPLAINTS AND DISPUTES
To ensure that an individual's Personal Information is handled appropriately, any complaints should be submitted in writing to the contact details provided below.
In the event of a dispute over an individual's Personal Information, both parties should first attempt to resolve the issue directly between themselves.
If an individual believes that their rights under the GDPR have been violated due to the processing of their Personal Information in a manner that does not comply with the GDPR, they have the right to seek a judicial remedy. Such legal proceedings should be initiated either in Dubai, UAE, or in the jurisdiction where the individual normally resides.
Should we become aware of any unauthorized access to an individual's Personal Information, we will inform them at the earliest feasible opportunity after we have identified what information was accessed and the method used to gain access.
10. CONTACTING INDIVIDUALS
Occasionally, we may transmit significant notifications to an individual, such as revisions to our terms, conditions, and policies. In cases where this information is materially relevant to the individual's interactions with us, they may not choose to decline receiving such communications.
11. CONTACTING US
All correspondence with regard to privacy should be addressed to the following:
The Data Protection Officer
Xenios Academy Inc.
[611 South DuPont Highway Suite 102, Dover - Kent, 19901]
United States of America
Email may be used for correspondence in the first instance.
12. ADDITIONS TO THIS POLICY