GDPR Compliance

Klasstra is committed to protecting your privacy and ensuring full compliance with the General Data Protection Regulation (GDPR).

Your Data RightsContact DPO

GDPR Principles We Follow

Our data processing activities are guided by the fundamental principles of GDPR.

Lawfulness & Fairness

We process personal data lawfully, fairly, and transparently.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes.

Data Minimization

We only process data that is adequate, relevant, and necessary.

Accuracy

Personal data is kept accurate and up to date.

Storage Limitation

Data is kept only as long as necessary for the specified purposes.

Accountability

We demonstrate compliance and take responsibility for data protection.

Your Data Protection Rights

Under GDPR, you have several rights regarding your personal data.

Right to Information

You have the right to know how your personal data is processed.

Review our Privacy Policy

Right of Access

You can request a copy of your personal data we hold.

Request Data Export

Right to Rectification

You can request correction of inaccurate personal data.

Update Your Information

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Request Data Deletion

Right to Restrict Processing

You can request limitation of processing in specific situations.

Request Processing Restriction

Right to Data Portability

You can receive your data in a structured, machine-readable format.

Request Data Export

Right to Object & Withdraw Consent

You have the right to object to processing and withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Object to ProcessingWithdraw Consent

Our Compliance Measures

We have implemented comprehensive measures to ensure GDPR compliance.

Technical Measures

  • Encryption of personal data at rest and in transit
  • Pseudonymization and anonymization techniques
  • Access controls and authentication systems
  • Regular security testing and vulnerability assessments

Organizational Measures

  • Data Protection Impact Assessments (DPIAs)
  • Privacy by Design and by Default principles
  • Staff training on GDPR requirements
  • Appointment of Data Protection Officer (DPO)

Procedural Measures

  • Data breach notification procedures
  • Data subject rights management processes
  • Vendor due diligence and contracts
  • Regular compliance audits and reviews

Documentation

  • Records of processing activities
  • Privacy policies and notices
  • Consent management documentation
  • Data transfer safeguards and agreements

How We Process Your Data

Transparency about our data processing activities and legal basis.

Legal Basis for Processing

Contract Performance

Processing necessary to provide our educational management services.

  • • User account management
  • • Service delivery and support
  • • Payment processing

Legitimate Interest

Processing for purposes that are reasonable and balanced.

  • • Security and fraud prevention
  • • Service improvement and analytics
  • • Marketing communications

Legal Obligation

Processing required to comply with legal requirements.

  • • Financial record keeping
  • • Regulatory compliance
  • • Data breach notifications

Consent

Processing based on your explicit consent.

  • • Marketing communications
  • • Optional analytics
  • • Third-party integrations

Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

Adequacy Decisions

Transfers to countries with adequate protection levels.

Standard Contractual Clauses

EU-approved contract terms for data protection.

Certification Schemes

Recognized privacy certification programs.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Data TypeRetention PeriodReason
Account InformationUntil account deletionService provision
Educational Records7 years after graduationLegal and regulatory requirements
Financial Data7 yearsTax and accounting obligations
Support Communications3 yearsService improvement and training

Data Protection Contacts

Get in touch with our data protection team for any GDPR-related matters.

Data Protection Officer

Our DPO oversees data protection compliance and handles privacy matters.

Contact DPO

Response time: Within 5 business days

Privacy Team

General privacy inquiries and data subject rights requests.

Contact Privacy Team

Response time: Within 3 business days

Supervisory Authority: If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.