GDPR Compliance

General Data Protection Regulation Compliance

Introduction

Eliquick is committed to protecting the privacy and personal data of our users in accordance with the General Data Protection Regulation (GDPR). This document outlines how we handle personal data and the rights you have under GDPR.

The GDPR applies to the processing of personal data of individuals in the European Union and the European Economic Area. Even if you are located outside these regions, we apply GDPR standards to protect your data.

Data Controller

Eliquick is the data controller for personal data processed through our platform. This means we determine the purposes and means of processing your personal data.

Contact Information:
Email: privacy@eliquick.com
Phone: +254 743 253 763
Address: Nairobi, Kenya

Data We Collect

We collect the following types of personal data:

  • Identity Data: Name, date of birth, gender
  • Contact Data: Email address, phone number
  • Account Data: Username, password (encrypted)
  • Educational Data: Grades, test scores, attendance records
  • Technical Data: IP address, browser type, device information
  • Usage Data: Pages visited, features used, time spent

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide our educational services as agreed in our terms of service
  • Legal Obligation: To comply with educational regulations and legal requirements
  • Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
  • Consent: For marketing communications and non-essential features (where applicable)

Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data, subject to certain exceptions such as legal obligations or legitimate interests.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transfer it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

  • Email: privacy@eliquick.com
  • Phone: +254 743 253 763
  • Address: Nairobi, Kenya

We will respond to your request within 30 days of receipt. If we cannot fulfill your request, we will explain why.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Data minimization and retention policies

Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected. Retention periods vary based on the type of data and legal requirements:

  • Account Data: Retained while your account is active
  • Educational Records: Retained for 7 years after leaving school (legal requirement)
  • Transaction Data: Retained for 7 years (tax/legal requirement)
  • Marketing Data: Retained until you withdraw consent

International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements, including standard contractual clauses or other legally recognized transfer mechanisms.

Children's Data

For students under 16, we require parental or guardian consent for processing personal data. Parents and guardians have the right to access, correct, or delete their child's data. We take special care to protect children's privacy and only collect data necessary for educational purposes.

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities as required by GDPR.

Changes to This Policy

We may update this GDPR compliance document from time to time to reflect changes in our practices or applicable laws. We will notify you of any significant changes by posting the updated document on this page.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer:

  • Email: privacy@eliquick.com
  • Phone: +254 743 253 763
  • Address: Nairobi, Kenya