Privacy Policy

Effective Date: 04th Dec 2024
Last Updated: 29th June 2025

Welcome to Effiot (“we,” “us,” “our,” or “Company”). This Privacy Policy describes how Effiot collects, uses, processes, and protects your personal information when you visit our website [effiot.com] (the “Website”), use our services, or interact with us in any capacity.

We are committed to protecting your privacy and ensuring transparency about our data practices. This Privacy Policy applies to all users of our Website, including visitors, registered users, course purchasers, and newsletter subscribers.

By using our Website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Website or services.

2. Information We Collect

2.1 Personal Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

Account Registration and Profile Information:

• Full name
• Email address
• Username and password
• Profile picture (optional)
• Professional background or interests
• Learning goals and preferences

Contact Forms and Support Requests:

• Name and contact details
• Subject matter and message content
• Any additional information you choose to provide

Course Enrollment and Purchases:

• Billing information (name, address, phone number)
• Payment method details (processed securely through third-party providers)
• Course preferences and selections
• Learning progress and completion status

Newsletter and Marketing Communications:

• Email address
• Communication preferences
• Subscription date and source

Survey and Feedback Data:

• Responses to surveys, polls, and feedback forms
• Course ratings and reviews
• User experience feedback

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information about your device and usage patterns:

Technical Information:

• IP address and geographic location
• Device type, model, and operating system
• Browser type and version
• Screen resolution and device settings
• Referring website and exit pages
• Date and time of access

Usage Analytics:

• Pages visited and time spent on each page
• Click-through rates and user interactions
• Course viewing patterns and progress
• Search queries and results
• Download and streaming activity

Performance Data:

• Page load times and error reports
• Feature usage statistics
• System performance metrics

2.3 Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze Website performance:

Essential Cookies:

• Session management cookies
• Authentication tokens
• Security cookies for fraud prevention
• Load balancing cookies

Analytics Cookies:

• Google Analytics for traffic analysis
• User behavior tracking
• Conversion tracking
• A/B testing cookies

Marketing and Advertising Cookies:

• Meta Pixel for Facebook advertising
• Google Ads conversion tracking
• Retargeting pixels
• Social media integration cookies

Preference Cookies:

• Language and region settings
• Theme and display preferences
• Course bookmark data
• Shopping cart contents

You can manage your cookie preferences through your browser settings or our cookie consent tool. However, disabling certain cookies may limit your ability to use some features of our Website.

2.4 Third-Party Data Sources

We may receive information about you from third-party sources, including:

Social Media Platforms:

• Profile information when you connect social accounts
• Public posts and interactions (where applicable)
• Friend/connection lists (with your consent)

Marketing Partners:

• Lead generation services
• Affiliate marketing networks
• Industry event organizers

Data Enrichment Services:

• Professional profile enhancement
• Email validation services
• Demographic and interest data

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information for the following purposes:

Service Delivery:

• Providing access to courses and educational content
• Processing payments and managing subscriptions
• Delivering customer support and technical assistance
• Maintaining user accounts and profiles
• Tracking learning progress and issuing certificates

Communication:

• Sending transactional emails (receipts, confirmations, updates)
• Delivering newsletters and promotional content
• Providing course recommendations and updates
• Responding to inquiries and support requests
• Sending important service announcements

Website Improvement:

• Analyzing user behavior and preferences
• Optimizing Website performance and functionality
• Developing new features and services
• Conducting A/B tests and user research
• Identifying and fixing technical issues

Marketing and Advertising:

• Creating targeted advertising campaigns
• Personalizing content and course recommendations
• Measuring marketing campaign effectiveness
• Building custom audiences for advertising platforms
• Conducting market research and analysis

3.2 Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we rely on the following legal bases:

• Contract Performance: Processing necessary to fulfill our service obligations
• Legitimate Interests: Analytics, marketing, and service improvement
• Consent: Newsletter subscriptions and optional data collection
• Legal Compliance: Tax reporting, fraud prevention, and regulatory requirements

3.3 Automated Decision-Making

We may use automated systems for:

• Course recommendations based on learning history
• Fraud detection and prevention
• Content personalization
• Dynamic pricing (where applicable)

You have the right to request human review of any automated decisions that significantly affect you.

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our business:

Payment Processors:

• Stripe, PayPal, or other payment gateways
• Data shared: billing information, transaction details
• Purpose: processing payments and managing subscriptions

Email Marketing Services:

• Mailchimp, ConvertKit, or similar platforms
• Data shared: email addresses, engagement data
• Purpose: sending newsletters and marketing communications

Analytics and Tracking:

• Google Analytics, Hotjar, or similar services
• Data shared: usage data, demographics, behavior patterns
• Purpose: website optimization and user experience improvement

Customer Support:

• Zendesk, Intercom, or similar platforms
• Data shared: contact information, support conversations
• Purpose: providing customer service and technical support

Content Delivery Networks (CDNs):

• Cloudflare, AWS CloudFront, or similar services
• Data shared: IP addresses, usage patterns
• Purpose: improving website performance and security

Cloud Storage and Hosting:

• Amazon Web Services, Google Cloud, or similar providers
• Data shared: all data stored on our systems
• Purpose: secure data storage and website hosting

4.2 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.

4.3 Legal Requirements

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to emergencies involving personal safety

4.4 Data We Do Not Sell

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Any data sharing is limited to the purposes outlined in this Privacy Policy.

5. Data Security

5.1 Technical Safeguards

We implement robust security measures to protect your information:

Encryption:

• SSL/TLS encryption for data transmission
• AES-256 encryption for stored data
• End-to-end encryption for sensitive communications

Access Controls:

• Multi-factor authentication for employee access
• Role-based access permissions
• Regular access reviews and audits

Infrastructure Security:

• Firewalls and intrusion detection systems
• Regular security patches and updates
• Secure cloud hosting environments
• Automated backup systems

Monitoring and Response:

• 24/7 security monitoring
• Incident response procedures
• Regular security assessments and penetration testing
• Employee security training programs

5.2 Payment Security

We use PCI DSS compliant payment processors and do not store complete payment card information on our servers. All payment data is handled according to industry standards and regulations.

5.3 Data Breach Procedures

In the event of a data breach, we will:

• Immediately investigate and contain the breach
• Notify affected users within 72 hours (where required by law)
• Report to relevant regulatory authorities
• Implement measures to prevent future breaches
• Provide ongoing support to affected users

6. Your Rights and Choices

6.1 Account Management

You can access and update your account information at any time through your user dashboard. This includes:

• Personal profile information
• Communication preferences
• Password and security settings
• Course history and progress

6.2 Data Subject Rights (GDPR)

If you are in the EEA, you have the following rights:

Right of Access: Request a copy of your personal data Right to Rectification: Correct inaccurate or incomplete data Right to Erasure: Request deletion of your data (subject to legal requirements) Right to Restrict Processing: Limit how we use your data Right to Data Portability: Receive your data in a machine-readable format Right to Object: Opt out of certain types of processing Right to Withdraw Consent: Revoke previously given consent

6.3 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it’s used
• Right to delete personal information
• Right to opt out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

6.4 Communication Preferences

You can manage your communication preferences by:

• Updating your account settings
• Using unsubscribe links in emails
• Contacting our support team
• Managing cookie preferences in your browser

6.5 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within 30 days (or as required by applicable law).

7. International Data Transfers

7.1 Cross-Border Transfers

We may transfer your personal information to countries outside your jurisdiction, including the United States. When we do so, we ensure appropriate safeguards are in place:

Adequacy Decisions: Transfers to countries with adequate data protection laws Standard Contractual Clauses: EU-approved contract terms for data transfers Binding Corporate Rules: Internal policies for multinational data transfers Certification Programs: Participation in recognized privacy frameworks

7.2 EU-US and Swiss-US Privacy Shield

While the Privacy Shield framework has been invalidated, we continue to honor its principles and have implemented alternative transfer mechanisms to ensure ongoing protection for European data.

8. Data Retention

8.1 Retention Periods

We retain your personal information for different periods based on the type of data and purpose:

Account Information: Retained while your account is active, plus 3 years after closure Course Data: Retained for 7 years to support certificates and transcripts Payment Information: Retained for 7 years for tax and accounting purposes Marketing Data: Retained until you unsubscribe or request deletion Analytics Data: Aggregated data retained indefinitely; personal identifiers removed after 26 months Support Records: Retained for 3 years after case resolution

8.2 Deletion Procedures

When retention periods expire, we securely delete or anonymize your data using industry-standard methods. You may request earlier deletion subject to legal and business requirements.

9. Children’s Privacy

9.1 Age Restrictions

Our services are not intended for children under 13 years of age (or the minimum age required by law in your jurisdiction). We do not knowingly collect personal information from children under this age.

9.2 Parental Consent

For users between 13-18 years old, we may require parental consent before collecting personal information. Parents can request access to or deletion of their child’s information by contacting us.

9.3 Discovery of Children’s Data

If we discover that we have collected information from a child under the required age without proper consent, we will promptly delete that information from our systems.

10. Cookies and Tracking Policy

10.1 Cookie Categories

Strictly Necessary Cookies: These cookies are essential for the Website to function and cannot be switched off. They are usually set in response to actions you take, such as logging in or filling out forms.

Performance Cookies: These cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously. This data helps us improve our Website’s functionality.

Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.

Targeting/Advertising Cookies: These cookies are used to deliver relevant advertisements and marketing messages. They may be set by us or third-party advertising partners.

10.2 Third-Party Cookies

We use several third-party services that may set cookies:

Google Analytics: Website traffic and user behavior analysis Google Ads: Conversion tracking and remarketing Facebook Pixel: Social media advertising and audience building YouTube: Video content delivery and analytics LinkedIn Insight Tag: Professional network advertising

10.3 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Our cookie consent banner
• Third-party opt-out tools
• Industry opt-out resources

11. Updates to This Privacy Policy

11.1 Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Post the updated policy on our Website
• Update the “Last Updated” date
• Send email notifications to registered users (for significant changes)
• Provide prominent notice on our Website

11.2 Continued Use

Your continued use of our Website after any changes indicates your acceptance of the updated Privacy Policy. If you do not agree with the changes, please discontinue use of our services.

11.3 Version History

We maintain a history of previous versions of this Privacy Policy, which you can request by contacting us.

12. Contact Information

12.1 Privacy Officer

For questions, concerns, or requests related to this Privacy Policy or your personal information, please contact our Privacy Officer:

Email: privacy@effiot.com
Phone: [Insert Phone Number]
Address:
Effiot Privacy Officer
[Insert Physical Address]
[City, State, ZIP Code]
[Country]

12.2 Data Protection Authority

If you are in the EEA and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority.

12.3 Response Times

We aim to respond to all privacy-related inquiries within:

• 1 business day for urgent matters
• 5 business days for general inquiries
• 30 days for formal data subject requests