GDPR Compliance – Edvand.com

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union that came into effect on 25 May 2018. It grants individuals greater control over their personal data and imposes strict obligations on organisations that collect or process personal data of individuals in the EEA.

Although Edvand is headquartered in India, we respect and uphold the principles of GDPR for all users, regardless of their location. We believe that strong data protection practices benefit everyone.

2. Data Controller

The data controller responsible for your personal data is:

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws.

3. Legal Basis for Processing

Under the GDPR, we must have a valid legal basis to process your personal data. Depending on the specific processing activity, we rely on one or more of the following:

• Consent (Article 6(1)(a)): Where you have given clear, informed, and voluntary consent for us to process your data for a specific purpose — for example, subscribing to our newsletter or opting in to marketing communications.
• Contract Performance (Article 6(1)(b)): Where processing is necessary to fulfil a contract with you — for example, providing access to Edvand's platform, processing subscriptions, and delivering educational services.
• Legitimate Interest (Article 6(1)(f)): Where we have a legitimate business interest that does not override your rights — for example, improving our services, ensuring platform security, and conducting analytics.
• Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation — for example, maintaining records for tax or regulatory purposes.

4. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data. These rights apply to all personal data we hold about you:

5. Data We Collect

We collect and process the following categories of personal data. For full details, please refer to our Privacy Policy:

• Identity Data: Name, username, date of birth, profile picture, and user type (student, teacher, parent, school administrator).
• Contact Data: Email address, phone number, and mailing address.
• Account Data: Login credentials, authentication tokens, and session information.
• Usage Data: Information about how you use our platform, including pages visited, features used, and interaction patterns.
• Technical Data: IP address, browser type and version, device information, operating system, and timezone.
• Transaction Data: Payment information, subscription details, and purchase history (payment card details are processed by third-party payment processors and are not stored by Edvand).
• Educational Data: Academic records, assessment results, and learning progress (for students and teachers).

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

• Active Accounts: Data is retained for the duration of your account activity.
• Inactive Accounts: Data is retained for up to three years after the last account activity, after which it is securely deleted or anonymised.
• Legal Requirements: Certain data may be retained longer where required by applicable laws (e.g., tax records, transaction logs).
• Deletion Requests: Upon receiving a valid erasure request, we will delete your data within 30 days, except where retention is legally required.

7. International Data Transfers

Edvand's servers and databases are located in India. If you are accessing our platform from the EEA or any other jurisdiction with data transfer regulations, please be aware that your personal data will be transferred to and processed in India.

To ensure adequate protection for international data transfers, we implement the following safeguards:

• Encryption: All data is encrypted in transit using TLS/SSL (256-bit encryption) and at rest using industry-standard encryption algorithms.
• Access Controls: Strict role-based access controls ensure that only authorised personnel can access personal data.
• Contractual Safeguards: We enter into data processing agreements with all third-party service providers that process personal data on our behalf.
• Security Audits: Regular security assessments and audits are conducted to ensure the integrity and confidentiality of personal data.

8. Children's Data

As an educational technology platform, Edvand processes data of students, including minors. We take special care to protect children's data in accordance with GDPR requirements:

• For users under the age of 16, we require parental or guardian consent before collecting or processing personal data.
• Schools and educational institutions using Edvand are responsible for obtaining appropriate consent from parents or guardians before enrolling students on the platform.
• We collect only the minimum data necessary to provide educational services to student users.
• Children's data is never used for marketing purposes or shared with third parties for advertising.
• Parents and guardians can request access to, correction of, or deletion of their child's data at any time.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• 256-bit SSL/TLS encryption for all data transmitted between your browser and our servers.
• Encrypted storage of sensitive data including passwords (hashed using industry-standard algorithms).
• Regular security testing and vulnerability assessments.
• Access to personal data restricted to authorised employees on a need-to-know basis.
• Incident response procedures in place to handle data breaches promptly, including notification to affected individuals and supervisory authorities within 72 hours where required.

10. How to Exercise Your Rights

To exercise any of the rights described in Section 4, please contact us using the details below. We will respond to your request within 30 days, as required by GDPR.

To verify your identity and protect your data, we may ask you to provide additional information before processing your request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in your country of residence.

11. Updates to This Page

We may update this GDPR compliance information from time to time. When we make changes, we will update the “Last Updated” date at the bottom of this page. We encourage you to review this page periodically.

12. Contact Us

For any GDPR-related queries, data access requests, or to exercise your rights, please contact us: