Privacy Policy

Last updated : January 31, 2026

1. Data controller

The data controller for personal data collected via the eTaalim platform is the company operating the service, whose contact details (name, address, contact) are available on the site's Contact page.

For any questions regarding your personal data or the exercise of your rights (access, rectification, erasure, portability, objection, restriction), you may contact us at the address indicated in the legal notices or via the Contact page. We may designate a Data Protection Officer (DPO) whose contact details are published on the site or provided on request.

2. Data collected

We collect only the data strictly necessary for the operation of the service and our relationship with you.

  • Identity: name (or name of minor under parental responsibility).
  • Contact details: email address, phone and/or WhatsApp number for communications and reminders.
  • Account data: login credentials (email, hashed password), language and timezone preferences.
  • Enrollments and bookings: courses taken, slots chosen, status (pending, confirmed, completed), schedule preferences (availability).
  • Payment: transactional data (amount, date, reference); we do not store full card numbers; payment is processed by certified providers (credit/debit cards, including international).
  • Navigation and technical: IP address, browser type, pages visited, session duration, for security, abuse prevention and service improvement.
  • Sessions: video conference link (e.g. Zoom), attendance, session recordings when this option is enabled and communicated.

Data is collected when you create an account, enroll in a course, make a payment, use the dashboard (student or teacher) and attend sessions. We do not collect sensitive data (health, political opinions, racial or ethnic origin, etc.) unless you voluntarily provide it and the processing is justified (e.g. pedagogical adaptation you have requested).

3. Purposes and legal basis

Your data is processed for the following purposes:

  • Performance of the contract: account management, course enrollments, bookings, payments, access to courses and recordings, communication of slots and reminders, management of availability (students and teachers).
  • Compliance with legal obligations: accounting, retention of evidence (invoices, contracts), response to lawful requests from authorities.
  • Legitimate interest: site security and fraud prevention, service improvement (aggregate usage analysis), user support, sending service-related notifications (session reminder, enrollment confirmation).

The legal basis for processing is mainly performance of the contract (Article 6(1)(b) GDPR), consent where we explicitly request it (e.g. newsletter, non-essential cookies), and legitimate interest for security and service improvement (Article 6(1)(f) GDPR). We process your data only for specified, explicit and legitimate purposes and do not reuse it for incompatible purposes without prior notice.

4. Recipients and sharing of data

Your data is accessible to authorised internal teams (support, management, technical) in the course of their duties and on a need-to-know basis.

It may be disclosed to service providers acting on our behalf and under our control:

  • Site and data hosting (infrastructure, backups).
  • Secure payment provider for processing of card and other payment methods (PCI-DSS or equivalent compliance).
  • Video conferencing tool (e.g. Zoom) for conducting sessions and, where applicable, recording.
  • Analytics or support tools (subject to appropriate contractual and confidentiality safeguards).

We do not sell your data to third parties. We do not share it for third-party commercial prospecting. Any transfer to countries outside the European Union, where it occurs, is governed by the European Commission's standard contractual clauses (SCC) or equivalent guarantees (adequacy decision, BCR), in accordance with the GDPR.

5. Retention period

Data is retained for as long as necessary for the purposes for which it was collected.

  • Contractual relationship: duration of active account, enrollments and courses, plus the period necessary to settle any disputes or claims.
  • Legal obligations: retention period for evidence and accounting obligations (generally several years under applicable law, e.g. 6 to 10 years depending on country).
  • Session recordings: defined and communicated period (e.g. academic year or course duration), unless different consent or legal obligation applies.

After account closure or end of enrollments, data may be retained in anonymised or archived form to meet legal obligations. Beyond legal or communicated retention periods, data is deleted or irreversibly anonymised.

6. Your rights

In accordance with the General Data Protection Regulation (GDPR) and applicable law, you have the following rights:

  • Right of access: obtain a copy of your personal data and information about its processing.
  • Right to rectification: have inaccurate or incomplete data corrected.
  • Right to erasure (« right to be forgotten »): within the limits provided by law (e.g. retention obligation).
  • Right to restriction of processing: request that your data be used only for limited purposes (e.g. dispute, evidence).
  • Right to data portability: receive the data you have provided in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interest (e.g. prospecting).
  • Withdrawal of consent: for processing based on consent, without affecting the lawfulness of prior processing.

To exercise these rights, contact us via the Contact page or at the address indicated in the legal notices, specifying the subject of your request. We will respond within the timeframes required by regulation (generally one month, extendable by two months in case of complexity). You also have the right to lodge a complaint with the competent supervisory authority (e.g. ICO in the UK, CNIL in France, or the authority in your country of residence).

7. Data security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or alteration:

  • Restricted access to authorised persons and training in good practices.
  • Hosting with recognised providers, with contractual commitments on confidentiality and security.
  • Secure communications (HTTPS, encryption in transit).
  • Secure password management (hashing, no storage in plain text).
  • Access monitoring and logging of sensitive events.
  • Regular backups and recovery procedures.

Payments are processed by certified providers (PCI-DSS or equivalent); we do not store full card numbers. In the event of a security incident likely to affect your data (breach, unauthorised access), we undertake to inform you and the supervisory authority in the conditions and timeframes required by regulation (e.g. 72 hours for the authority under the GDPR).

8. Cookies and trackers

The site may use cookies or trackers for:

  • Technical operation: login session, language preferences, security (CSRF protection, authentication). These cookies are necessary for the service and may not require your prior consent in countries where the law so provides.
  • Audience analysis and personalisation: these cookies may be used with your consent where required by regulation (e.g. cookie banner, privacy settings).

You can manage or refuse cookies via your browser settings or the choices offered on the site (banner or dedicated page). Refusing certain cookies may affect some site features (e.g. language memory, session). A detailed list of cookies used and their duration may be provided on request or via a dedicated « Cookies » page.

9. Minors

The platform's services may be aimed at minors in the context of tutoring. For minors under 16 (or the age set by law in your country, e.g. 13 or 15 depending on jurisdiction), the consent of holders of parental authority may be required for account creation and related processing.

We are committed not to knowingly collect personal data from minors without the legal conditions being met (parental consent or other basis provided by law). Minors' accounts may be managed or created under the responsibility of a parent or guardian.

If you are a parent or guardian and become aware that data relating to a minor has been provided without your consent, you may contact us to request rectification or erasure of the data under the conditions provided by law.

10. Changes to the policy

We reserve the right to modify this privacy policy to reflect legal, technical or practice changes. Material changes (change of purposes, recipients, retention periods, exercise of rights) will be brought to your attention by any appropriate means: notification on the site, email, or message in your account.

We invite you to consult this page regularly. The date of last update is indicated at the top of the document. Continued use of the service after the changes take effect constitutes acceptance of the revised policy, within the limits permitted by law. If you do not accept the new terms, you may stop using the service and request closure of your account and erasure of your data under the conditions set out in the « Your rights » section.

11. Contact

For any questions regarding this privacy policy, the exercise of your rights or the processing of your personal data, you may contact us via the site's Contact page or at the address indicated in the legal notices. We undertake to process your request within the timeframes required by regulation (generally one month for rights exercise requests). For complaints, you may also contact the competent supervisory authority in your country.

eTaalim - Online Tutoring Platform | eTaalim