Privacy Policy

1. Controller Information

The controller of your personal data is:

2. What Data Do We Collect?

We collect information that you provide to us directly when registering and using the Platform.

A. User Data (parents/adults):

• Identification data: First and last name.
• Contact data: Email address and phone number.
• Demographic data: Country and date of birth.
• Account data: Information about schools/clubs you are enrolled in, inquiries, and payment history.

B. Children's Data (provided by parent/guardian):

As the primary purpose of the Platform is connecting parents with schools, we collect the minimum necessary data about children to provide the educational service:

• Child's full name.
• Date of birth.
• School the child attends.

C. Automatically Collected Data (Cookies):

We use cookies to ensure site functionality, analytics, and security. More information can be found in our [Cookie Policy].

3. Purposes and Legal Basis for Processing

We process your data on the following legal grounds:

• Performance of a contract (Art. 6(1)(b) GDPR): To provide you with access to the Platform, and to manage your account, schedules, enrollments, and withdrawals from groups.
• Legitimate interests (Art. 6(1)(f) GDPR): To improve our services, provide user support, and ensure network security.
• Explicit consent: For marketing purposes or specific functionalities beyond the core services.
• Protection of the child's interests: Children's data is processed solely on the basis of consent and at the initiative of the parent/guardian.

4. Who Has Access to Your Information?

Your privacy is our priority. Your data is shared only in the following cases:

• Schools and educational centers (Classes clients): When you enroll in a specific school, its owners and authorized staff gain access to your name, email, phone, and your child's data. This is necessary for conducting the educational process, communication, and administrative support. This data remains within the Platform.
• Service providers (Data Processors):
  • Auth0: We use this third-party provider for secure authentication and login.
  • Stripe: All payments are processed by Stripe. DEVIDS Ltd does not store your bank card details. Stripe operates to the highest security standards (PCI DSS).
• Legal obligations: When requested by state authorities under applicable law.

5. Retention Period

We retain your data only as long as necessary for the purposes for which it was collected:

• Account data: As long as your account is active or until you request its deletion.
• Financial information: In accordance with legal accounting requirements (typically 10 years).
• Backups: Up to 30 days after the information is deleted.

6. Your Rights (Under GDPR)

As a data subject, you have the following rights:

• Right of access: To receive a copy of your data.
• Right to rectification: To correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): When data is no longer necessary or processing is unlawful.
• Right to restriction of processing: In certain circumstances.
• Right to data portability: To receive your data in a structured format.
• Right to object: Against processing based on legitimate interests.
• Right to lodge a complaint: With the Commission for Personal Data Protection (CPDP).

To exercise any of these rights, please contact us at: contact@devids.eu

7. Data Security

We implement strict technical and organizational measures, including encryption (SSL/TLS certificates), firewalls, and access controls, to protect your information from unauthorized access, loss, or theft.

8. Data Transfers Outside the EU

The use of services such as Auth0 and Stripe may involve transferring data to the United States. We ensure that these providers are certified under the EU-U.S. Data Privacy Framework or use Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Supervisory Authority

If you believe your rights have been violated, you may contact: