Effective since: 30 July 2024
GamaLearn (“we”, “us”, “our”, “Company”, “GamaLearn“) is committed to protecting your privacy.
To facilitate your understanding of this Policy, we explain the usage of the definitions listed here in accordance with the GDPR. We use the following definitions in this Policy:
We collect and process information about you according to this Policy. In this section, you can read more about personal data we may collect when you visit and use our Platform. We collect information about you in connection with our Platform and Services and process it either as a data controller or as a data processor. In particular, we collect:
We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.
When we act as data controllers:
Our grounds for processing your personal data are your consent; our legitimate interests; the performance of a contract; our legal obligations. We do NOT intentionally collect and process sensitive personal information. Please, refrain from sharing your sensitive personal data when you provide information to us through our Platform or in other ways.
We collect and process your personal data in accordance with the provisions of the GDPR. GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it with your consent. You may withdraw your consent to the processing of your personal data at any time.
Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at org.privacy@gamalearn.com, or by contacting us in any other way convenient for you.
Article 6.1(f): legitimate interests
We process your personal data to protect our legitimate interests, such as preventing fraud, ensuring the security of our Platform, and providing you with a seamless user experience. We only collect and use the strictly necessary data to achieve these purposes and do not override your fundamental rights and freedoms.
Article 6.1(b): performance of a contract
When you provide us with personal data to register an account on our Platform, this can be considered as a request to form a contract or to perform a contract between you and us. However, in case of doubt, we may ask you for clear consent.
Article 6.1(c): legal obligation
We process your personal data to fulfill our legal obligations, such as complying with tax or regulatory requirements. In case you send us a request to exercise your rights under the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
As a data controller, we use your personal data for the purposes listed below. The table provides details of the types of personal data we process, the legal grounds we rely on to do so, and any third parties with whom we may share your personal data:
Purpose of processing | Type of personal data | Legal grounds | Third Parties recipients |
Creating an account on the Platform |
(d) Registration Information |
Performance of a contract (Article 6(1)(b)) | Digital Ocean, Microsoft Azure, eduNEXT, WordPress, Contractors |
Maintenance of the account on the Platform |
(d) Registration Information |
Performance of a contract (Article 6(1)(b)) | Digital Ocean, Microsoft Azure, eduNEXT, WordPress, Contractors |
Communication with users | (а) Contact Information (d) Registration Information (e) Authentication Token Information |
Your consent (Article 6(1)(a)) | Zoho, Zendesk, Contractors |
Establishment of a contractual relationship with clients and allowing to participate in loyalty programs | (c) Contract Information | Performance of a contract (Article 6(1)(b)) | Contractors |
Marketing (to send newsletters, run email campaigns, or carry out other marketing activities) |
(а) Contact Information |
Your consent (Article 6(1)(a)) |
Zoho, Contractors |
Analytics and developing (for optimizing and improving our Platform and Services) |
(a) Contact Information |
Your consent (Article 6(1)(a)) |
Google Analytics, Zoho, MonsterInsights, Contractors |
Processing of Payments | (h) Payment Information | Performance of a contract (Article 6(1)(b)) | Zoho, Stripe, Contractors |
Obtaining reviews about our Platform and Services | (i) Review Information | Your consent (Article 6(1)(a)) | EdTech Impact, Contractors |
Fraud prevention, including carrying out due diligence |
(b) Cookies Information |
Our legitimate interest (Article 6(1)(f)) | Stripe, Contractors |
Provision of integration of Services | (f) Integrations Information | Performance of a contract (Article 6(1)(b)) | Digital Ocean, Microsoft Azure, WordPress, Contractors |
Complying with the law or legal process |
(а) Contact Information |
Legal obligation (Article 6(1)(c)) | Zoho, Google Analytics, Digital Ocean, Microsoft Azure, eduNEXT, Monster Insights, WordPress, Zendesk, EdTech Impact, Stripe, CookieYes, Contractors |
We also process certain personal data as a data processor, at the request and pursuant to the instructions given by the respective client of our Platform (data controller in that case). We describe several possible situations where we can act as a data processor in the table below:
Purpose of processing | Type of personal data | Legal grounds | Third Parties recipients |
Provision of Services to our clients | (j) Other Person’s Information (mainly personal data of pupils, students, or employees of our clients) | Determined by the client | Digital Ocean, Microsoft Azure, WordPress, Contractors |
We will store and process your personal data for as long as necessary to provide you or other users with the Services, or as required by law. If you wish to have your personal data erased from our records, you may request so by contacting us in any way convenient for you.
As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless a longer retention period is required or expressly permitted by law. We may not delete or anonymize your data if we are required to retain it to comply with the law or legal process.
Notwithstanding any of the aforementioned periods of data storage, you may request us to delete your personal data by sending an email to org.privacy@gamalearn.com or by contacting us in any other way that is convenient to you.
We have implemented appropriate organizational, technical, administrative, and physical security measures to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to take into account appropriate new technologies and practices.
We only transfer your personal data to third parties in accordance with the requirements of GDPR. Where possible, we always enter into data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties to ensure they process your personal data in compliance with GDPR. We may disclose your personal data to third parties, including those located outside the EU and EEA, provided that proper safeguards are put in place and the applicable local laws do not put your rights at risk.
We may share your personal data as a data controller with other data processors and data controllers in accordance with the provisions specified below.
Sharing data with joint controllers
In some cases, we may act as a joint controller jointly with other joint controllers, for example, while using Meta pixel. With respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum. In such a case, a data subject may exercise their rights under the GDPR in respect of and against both other joint controllers and us.
Sharing data with data processors
There are many features necessary to provide you with our Services that we cannot complete ourselves, and we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors:
As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. Collectively, these specialists and partner websites are referred to as Contractors.
We may transfer your personal data to countries outside the European Union (EU) and European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of GDPR (adequacy decision). In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data.
When we transfer your personal data to third parties, we always comply with the requirements of the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected. If a Contractor has an appropriate data processing agreement in place, we may join that agreement. If so, the Company and the Contractor may regulate the transfer of the personal data to such Contractor by means of such data processing agreement.
We may transfer your personal data to third countries outside the European Union (EU) and the European Economic Area (EEA) under Article 46 of the GDPR with appropriate safeguards, including the Standard Contractual Clauses (SCC).
We may need to transfer your personal data to countries outside the EU and EEA that do not meet the requirements of Article 45 of GDPR on the adequacy of data protection. In such cases, we will transfer your personal data to third countries under Article 46 of GDPR with the appropriate safeguards, including Standard Contractual Clauses (SCC).
We follow internal procedures when disclosing your personal data to countries outside the EU and EEA to ensure adequate safeguards for protecting your privacy and fundamental rights and freedoms.
We take additional technical and organizational measures when transferring data outside the EU and the EEA, such as assessing the reliability and personal data protection practices of the service provider, encrypting the transferred personal data, promptly responding to any threats to confidentiality, integrity, and availability of personal data, and conducting Transfer Impact Assessments (TIA) when necessary, etc.
You may exercise the following rights under the General Data Protection Regulation:
You may exercise the following rights by submitting your request to org.privacy@gamalearn.com.
You may lodge a complaint with the supervisory authority of your place of residence within the EU or with the data protection authority specified in this Policy.
Please, note that we may need to confirm your identity in order to process your requests to exercise your rights under the GDPR. Therefore, we may not be able to comply with your request if you do not provide us with sufficient details to enable us to verify your identity and respond to your request.
We kindly ask you to contact us directly so we can quickly answer your question. We encourage you to contact us first if you have any concerns related to the processing of your personal data. Please feel free to contact us at org.privacy@gamalearn.com with any questions or concerns.
In case you have any questions related to data protection, you may contact the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.
This section applies to the processing of the personal information of the residents of the state of California.
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA, as amended”), California residents have certain rights regarding the collection, use, and sharing of their personal information.
When you use and/or access our Platform, we may collect various categories of personal information, including information you provide when you want to receive our Services or data which is automatically collected when you interact with our Platform. Depending on the circumstances, we may collect the following categories of personal information specified in the CCPA, as amended when you access our Platform:
Category A – Identifiers;
Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80;
Category D – Commercial information;
Category F – Internet or other similar network activity;
Category I – Professional or employment-related information.
You can find a detailed description of the personal information that we may collect from you in the ‘Use of Your Personal Data’ section of this Policy. Please, note that in the ‘Data Disclosure and Sharing’ section of this Policy, you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA, as amended.
If you are a California resident, to the extent provided for by the CCPA, as amended and subject to applicable exception, you have the following rights in relation to the personal information we have about you:
We do not sell your personal information to third parties for monetary or other valuable consideration, nor do we offer any financial incentives associated with our collection, sharing, or retention of your personal information.
We take your privacy seriously and will not discriminate against you for exercising your CCPA rights.
You can exercise your rights under the CCPA, as amended by sending us an email by any other means of communication convenient for you, including those listed in the ‘How to Contact Us’ section of this Policy.
Please note that we may need to verify your identity before processing your request, so please provide us with sufficient detail to allow us to do so. Failure to provide sufficient detail may result in us being unable to fulfill your request.
This section applies to the processing of the personal information of the residents of the Federative Republic of Brazil.
This section will help you understand your rights under the Lei Geral de Proteção de Dados (“LGPD”) and the way how we ensure them. If you are a user located in Brazil, you are able to exercise the following rights with respect to your personal data that we process:
right to the portability of data to another service or product provider, by means of an express request;
Please note that we will not be able to respond to your request or provide you with any personal information unless we are able to verify your identity and confirm that the personal information relates to you. We will only use such personal information to verify your identity.
You may exercise the above rights by sending your request to org.privacy@gamalearn.com or by any other means that is convenient to you.
This section applies to the processing of personal information under the Protection of Personal Information Act. In this section, the term “personal information” is used as it is defined in POPIA.
This section will help you understand your rights under the Protection of Personal Information Act (“POPIA”) and the way how we ensure them. If POPIA applies to us in course of the provision of our Services, you are able to exercise the following rights with respect to your personal information that we process:
Please note that we will not be able to respond to your request or provide you with any personal information unless we are able to verify your identity and confirm that the personal information relates to you. We will only use such personal information to verify your identity.
In case we process children’s personal data, we perform it only in compliance with COPPA, GDPR and other applicable laws and regulations.
We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Our Platform and Services are intended for general audiences and are not directed to children under the age of 13. We do not knowingly collect any personal information from children under the age of thirteen without seeking any required parental approval in accordance with applicable legal and regulatory obligations, such as the U.S. Children’s Online Privacy Protection Act (“COPPA”). If we become aware that a child has provided us with personal information without a parent’s permission, we will promptly delete this information. If you know that a child has provided us with personal information without parental consent, please contact us at org.privacy@gamalearn.com.
We may change this Policy at any time for various reasons, such as legal compliance, business operations, or technological advancements. If we make any material changes to this Policy, we will notify you through means available to us. We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect your personal data.
This Policy may be changed from time to time to reflect updates, new technologies, and changes in laws and regulations. We will notify you if these changes are material and, where required by applicable laws, we will obtain your consent for the subsequent processing. In any case, we encourage you to regularly review this Policy for any changes. Notices of changes to this Policy may be provided by email, via our Platform, or by other means consistent with applicable law.
Please contact us if you have any questions about how we process your data, this Policy, or your rights. If you have any questions regarding this Privacy Policy, our data processing activities, or your rights as a data subject under GDPR and other applicable laws, please contact us directly: