Pedagogist's PTE
HomePricingContact

Legal Information

Privacy PolicyTerms of ServiceCookie PolicyRefund PolicyGDPR ComplianceAccessibility

GDPR Compliance

Last Updated: January 15, 2026

1. Introduction

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply with the General Data Protection Regulation (GDPR). This page explains your rights and how we protect your personal data.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

2.1 Contract Performance

Processing necessary to provide our PTE practice services:

  • Account creation and management
  • Practice session processing and AI scoring
  • Progress tracking and analytics

2.2 Legitimate Interest

Processing necessary for our legitimate business interests:

  • Improving our AI algorithms
  • Fraud prevention and security
  • Customer support
  • Marketing to existing customers

2.3 Consent

Processing based on your explicit consent:

  • Marketing emails to prospects
  • Optional analytics cookies
  • Newsletter subscriptions

2.4 Legal Obligation

Processing required by law:

  • Tax and accounting records
  • Compliance with court orders
  • Anti-money laundering checks

3. Your GDPR Rights

3.1 Right to Access

You can request a copy of all personal data we hold about you. We'll provide this in a structured, machine-readable format (JSON or CSV).

3.2 Right to Rectification

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

3.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We'll delete your data unless we have a legal obligation to retain it (e.g., financial records for 7 years).

3.4 Right to Restriction

You can request that we limit how we use your data while we verify accuracy or investigate your concerns.

3.5 Right to Data Portability

You can request your data in a portable format to transfer to another service. We provide data exports in JSON format.

3.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent

You can withdraw consent at any time for processing based on consent (e.g., marketing emails).

3.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we've violated GDPR.

4. How to Exercise Your Rights

4.1 Self-Service Options

  • Access/Update Data: Account Settings → Profile
  • Download Data: Account Settings → Privacy → Export Data
  • Delete Account: Account Settings → Privacy → Delete Account
  • Marketing Preferences: Account Settings → Notifications

4.2 Contact Us

For requests that cannot be completed through self-service:

  • Email: gdpr@pedagogistpte.com
  • Subject Line: "GDPR Request - [Your Request Type]"
  • Include: Your registered email and specific request details

4.3 Response Time

We respond to GDPR requests within 30 days. For complex requests, we may extend this to 60 days with notification.

5. Data We Collect

Data TypePurposeLegal BasisRetention
Name, EmailAccount managementContractUntil deletion + 30 days
Practice DataService deliveryContractUntil deletion
Audio RecordingsAI scoringContract90 days
Payment InfoBillingContract + Legal7 years
Usage AnalyticsService improvementLegitimate Interest2 years
Marketing EmailsMarketingConsentUntil unsubscribe

6. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) with third-party processors
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules for multinational organizations

6.1 Third-Party Processors

  • OpenAI (US): SCCs in place for AI processing
  • Google (US): Privacy Shield certified, SCCs in place
  • Vercel (US): SCCs and DPA available
  • Stripe (US/EU): PCI-DSS compliant, GDPR-compliant DPA

7. Data Protection Officer (DPO)

For data protection inquiries, you can contact our Data Protection Officer:

  • Email: dpo@pedagogistpte.com
  • Role: Oversee GDPR compliance and handle data protection requests

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We'll notify the relevant supervisory authority within 72 hours
  • We'll notify affected users without undue delay
  • Notification will include nature of breach, likely consequences, and mitigation measures

9. Children's Data

We do not knowingly process data of children under 16 without parental consent, as required by GDPR Article 8.

10. Automated Decision-Making

Our AI scoring system involves automated decision-making. However:

  • AI scores are for practice purposes only, not legally binding decisions
  • You can request human review of AI scoring results
  • You can opt out of AI scoring and use manual scoring alternatives

11. Supervisory Authority

If you're not satisfied with our response to your GDPR request, you can lodge a complaint with:

  • Your local data protection authority in the EEA
  • The Irish Data Protection Commission (our lead supervisory authority)
  • Find your authority: EDPB Member List

12. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Material changes will be communicated via email and posted on this page.

Quick GDPR Summary

  • ✅ Full GDPR compliance for EEA users
  • ✅ Easy data export and deletion through account settings
  • ✅ 30-day response time for GDPR requests
  • ✅ Standard Contractual Clauses for international transfers
  • ✅ Dedicated DPO for data protection inquiries

© 2024-2025 Pedagogist's PTE. All rights reserved.

Questions? Contact us