General Data Protection Regulation (GDPR) Compliance Policy
Last Updated: May 23, 2025
1. Introduction
Clyva Paroth ("we", "our", or "us") is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy explains how we collect, use, store, and protect your personal data when you use our educational platform and services.
2. Data Controller
Clyva Paroth
Soborna St, 91, Rivne, Rivne Oblast, Ukraine, 33017
Email: contact@clyvaparoth.com
Phone: +380635909065
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Consent: You have given explicit consent for processing your personal data for specific purposes.
Contract: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights and freedoms.
4. Personal Data We Collect
We may collect and process the following categories of personal data:
4.1 Information You Provide Directly
Account Information: Name, email address, username, password, profile picture
Educational Information: Course enrollment data, learning progress, quiz results, assignments, certificates
Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
Communication Data: Messages, support inquiries, feedback, survey responses
4.2 Information Collected Automatically
Technical Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent on platform, course interactions, feature usage
Cookies and Tracking: Session cookies, preference cookies, analytics cookies
5. How We Use Your Personal Data
We use your personal data for the following purposes:
Service Delivery: To provide access to courses, track learning progress, and issue certificates
Account Management: To create and manage your user account, authenticate your identity
Communication: To send course updates, respond to inquiries, provide customer support
Payment Processing: To process transactions and manage billing
Platform Improvement: To analyze usage patterns, improve user experience, develop new features
Security: To protect against fraud, unauthorized access, and security threats
Legal Compliance: To comply with legal obligations and enforce our terms of service
Marketing: To send promotional materials (with your explicit consent, which can be withdrawn at any time)
6. Your Rights Under GDPR
As a data subject, you have the following rights:
6.1 Right of Access
You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies.
6.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
6.3 Right to Erasure
You have the right to request deletion of your personal data under certain conditions, including when data is no longer necessary for the purposes collected or you withdraw consent.
6.4 Right to Restrict Processing
You have the right to request restriction of processing your personal data under certain circumstances.
6.5 Right to Data Portability
You have the right to request transfer of your data to another organization or directly to you in a structured, commonly used, machine-readable format.
6.6 Right to Object
You have the right to object to processing of your personal data where we rely on legitimate interests or perform tasks in the public interest.
6.7 Rights Related to Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.
6.8 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
Active Accounts: Data is retained while your account remains active
Inactive Accounts: Data may be retained for up to 3 years after last activity
Legal Requirements: Some data may be retained longer to comply with legal, tax, or accounting obligations
Legitimate Interests: Data necessary for fraud prevention or security may be retained as required
After the retention period expires, personal data will be securely deleted or anonymized.
8. Data Sharing and Transfers
8.1 Third-Party Service Providers
We may share your data with trusted third-party service providers who assist in operating our platform, including:
Cloud hosting providers
Payment processors
Email service providers
Analytics services
Customer support tools
All third-party providers are contractually obligated to protect your data and use it only for specified purposes.
8.2 International Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
Standard contractual clauses approved by regulatory authorities
Adequacy decisions confirming adequate protection levels
Binding corporate rules
8.3 Legal Disclosure
We may disclose your personal data if required by law, court order, or governmental regulation, or to protect our rights, property, or safety.
9. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
Encryption of data in transit and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures
Despite our security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your data.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. You can control cookie preferences through your browser settings. Categories of cookies we use:
Strictly Necessary: Essential for platform functionality
Performance: Help us understand how users interact with our platform
Functional: Remember your preferences and settings
Marketing: Deliver relevant content (requires your consent)
11. Children's Privacy
Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately, and we will delete such information.
12. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
13. How to Exercise Your Rights
To exercise any of your rights under GDPR, please contact us:
Email: contact@clyvaparoth.com
Phone: +380635909065
Mail: Soborna St, 91, Rivne, Rivne Oblast, Ukraine, 33017
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of such extension.
You will not be charged a fee for exercising your rights unless your request is clearly unfounded or excessive.
14. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights. You may contact the supervisory authority in your jurisdiction or where the alleged violation occurred.
15. Updates to This Policy
We may update this GDPR Compliance Policy periodically to reflect changes in our practices, legal requirements, or platform features. The "Last Updated" date at the top indicates when the policy was last revised. We encourage you to review this policy regularly. Continued use of our platform after changes indicates acceptance of the updated policy.
16. Data Protection Officer
For questions specifically related to data protection and privacy, you may contact our designated data protection contact:
Email: contact@clyvaparoth.com
17. Contact Information
If you have questions, concerns, or requests regarding this GDPR Compliance Policy or our data practices, please contact us:
Clyva Paroth
Soborna St, 91, Rivne, Rivne Oblast, Ukraine, 33017
Email: contact@clyvaparoth.com
Phone: +380635909065
Website: clyvaparoth.com
This GDPR Compliance Policy is designed to help you understand how we protect your personal data and your rights under applicable data protection laws. We are committed to transparency and accountability in all our data processing activities.