General Data Protection Regulation (GDPR) Compliance Policy

Last Updated: August 22, 2025

islora ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and protect your personal information.

1. Data Controller Information

islora is the data controller responsible for your personal data. You can contact us at:

• Address: 1008 Dumbarton Rd, Whiteinch, Glasgow G14 9UJ, United Kingdom
• Email: info@islora.online
• Phone: +442073542883

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Name and contact information (email address, phone number)
• Account credentials (username, password)
• Payment and billing information
• Profile information and preferences
• Communications and correspondence with us
• Course enrollment and progress data
• Assignment submissions and project work

2.2 Information Collected Automatically

• Device and browser information
• IP address and location data
• Usage data and analytics
• Cookies and similar tracking technologies
• Log files and technical information

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual Necessity: To provide educational services and fulfill our obligations to you
• Legitimate Interests: To improve our services, conduct analytics, and ensure platform security
• Consent: Where you have provided explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing access to educational courses and learning materials
• Processing enrollment and managing your account
• Delivering customer support and responding to inquiries
• Processing payments and preventing fraud
• Sending administrative notifications and course updates
• Analyzing platform usage to improve services
• Personalizing your learning experience
• Complying with legal and regulatory requirements
• Marketing communications (with your consent)

5. Data Sharing and Disclosure

We may share your personal data with:

5.1 Service Providers

Third-party vendors who assist us in operating our platform, including:

• Cloud hosting and storage providers
• Payment processors
• Email and communication services
• Analytics and performance monitoring tools
• Customer support platforms

5.2 Legal Requirements

We may disclose your data when required by law, court order, or governmental authority, or to protect our rights and safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

6.1 Right of Access

You can request a copy of the personal data we hold about you.

6.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure

You can request deletion of your personal data under certain circumstances.

6.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

6.5 Right to Data Portability

You can request to receive your personal data in a structured, commonly used format.

6.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

6.8 Exercising Your Rights

To exercise any of these rights, please contact us at info@islora.online. We will respond to your request within one month.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Retention periods vary depending on:

• Account activity and engagement
• Legal and regulatory requirements
• Legitimate business purposes
• Dispute resolution needs

When personal data is no longer needed, we securely delete or anonymize it.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Incident response and breach notification procedures

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions recognizing equivalent data protection
• Other lawful transfer mechanisms

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through your browser settings. For more information, please refer to our Cookie Policy.

12. Automated Decision-Making

We may use automated decision-making, including profiling, to personalize your learning experience and recommend relevant content. You have the right to object to such processing and request human intervention.

13. Data Protection Officer

For questions regarding data protection or to exercise your rights, you can contact our data protection team at info@islora.online.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You can contact your local data protection authority or the Information Commissioner's Office (ICO) in the United Kingdom.

15. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

16. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

17. Marketing Communications

With your consent, we may send you marketing communications about our courses, features, and updates. You can opt out of marketing emails at any time by:

• Clicking the unsubscribe link in any marketing email
• Adjusting your account preferences
• Contacting us at info@islora.online

18. Contact Information

If you have questions, concerns, or requests regarding this GDPR Compliance Policy or our data practices, please contact us:

• Email: info@islora.online
• Phone: +442073542883
• Address: 1008 Dumbarton Rd, Whiteinch, Glasgow G14 9UJ, United Kingdom

We are committed to resolving any concerns about your privacy and data protection in a timely and transparent manner.

---

This GDPR Compliance Policy is designed to provide transparency about our data processing activities and ensure your rights are protected. By using our services, you acknowledge that you have read and understood this policy.