PRIVACY POLICY

1. Who We Are and How to Contact Us

Data Controller. Chinese-English Legal Education Limited is the controller and responsible for your personal information. We are registered in England and Wales (company number 13826320) and our registered office is at 85 Great Portland Street, First Floor, London, W1W 7LT, United Kingdom.

If you have any questions about this Privacy Policy or any request to exercise your legal rights, please contact us:

• Email: [email protected]
• Telephone: 0203 8573 836
• Post: Privacy Officer, Chinese-English Legal Education Limited, 85 Great Portland Street, First Floor, London, W1W 7LT, United Kingdom

We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB539217.

2. The Data We Collect About You

"Personal data" (or "personal information") means any information that identifies or can be used to identify a living individual. We may collect, use, store and transfer different kinds of personal data, which we group as follows:

• Identity Data – first name, last name, username or similar identifier, title, date of birth and gender.
• Contact Data – billing address, delivery address, email address and telephone numbers.
• Profile Data – username and password, exam preparation progress, your interests, preferences, feedback and survey responses.
• Transaction Data – details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data – internet protocol (IP) address, your login data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access this website or the App.
• Usage Data – information about how you use our website, App, products and services (e.g., pages viewed, features used, time spent).
• Marketing and Communications Data – your preferences in receiving marketing from us and your communication preferences.

We do not intentionally collect any Special Category Data (such as information about your health or ethnicity) or information about criminal convictions and offences. If you choose to provide such information voluntarily, you consent to our processing it as described in this Policy.

3. How We Collect Your Data

We use different methods to collect information from and about you, including through:

• Direct interactions. You may give us Identity, Contact and Financial Data by filling in forms, creating an account, purchasing products or by corresponding with us by post, phone, email or otherwise.
• Automated technologies or interactions. As you interact with our website or App, we automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns using cookies, server logs and similar technologies.
• Third parties or publicly available sources. We may receive personal data about you from analytics providers, advertising networks, payment and delivery services, social media platforms and publicly available registers.

4. How We Use Your Data – Purposes and Legal Bases

We will only use your personal data when the law allows us to. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 require that we identify a "lawful basis". Below is a summary:

We will seek your consent before sending third-party direct marketing or where required by e-privacy laws. You can withdraw consent at any time (see Your Rights).

5. Marketing Communications

You will receive marketing emails or push notifications from us if you have requested information from us or purchased services and, in each case, you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by clicking the unsubscribe link in any email or by contacting us.

6. Cookies & Similar Technologies

We use cookies, SDKs and similar technologies to recognise you and/or your device(s). Some are necessary for the Services to function ("strictly necessary cookies"); others are optional and help us improve performance, analytics and advertising. We will obtain your consent for optional cookies in accordance with the UK Privacy and Electronic Communications Regulations (PECR). For full details, please review our Cookie Policy.

7. Disclosures of Your Information

We may share your personal data with the parties set out below for the purposes outlined above:

• Service providers – including IT hosting, learning-management systems, payment processors (e.g., Stripe, Alipay), customer-support platforms, analytics providers and email service providers.
• Professional advisers – lawyers, bankers, auditors and insurers.
• Regulators and other authorities – HM Revenue & Customs, the ICO or other regulators who require reporting of processing activities in certain circumstances.
• Business transfers – in connection with any merger, sale of company assets, financing or acquisition.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not sell your personal data.

8. International Data Transfers

Our servers are located in the United Kingdom. However, some of our external service providers are based outside the UK so their processing of your personal data will involve a transfer outside the UK (and, where applicable, the European Economic Area).

Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection by implementing at least one of the following safeguards:

• Only transferring to countries that have been deemed to provide an adequate level of protection for personal data; or
• Using UK or EU approved Standard Contractual Clauses ("SCCs") together with supplementary measures where necessary.

If you are based in mainland China, you acknowledge that your personal information will be transferred to, and stored on, servers located in the United Kingdom. We rely on your explicit consent for such cross-border transfers to the extent required by the Chinese Personal Information Protection Law (PIPL).

9. Data Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These include encryption in transit (HTTPS), role-based access controls, regular backups, penetration testing and staff training.

10. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In general, we keep basic user information (Identity, Contact, Transaction Data) for up to seven years after you cease being a customer for tax and legal purposes but may retain some data for shorter periods where appropriate. Usage Data may be retained in an aggregated, anonymised form beyond this period.

11. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Request access to your personal data (commonly known as a "data subject access request").
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data, subject to certain exceptions.
• Object to processing of your personal data where we are relying on a legitimate interest.
• Request restriction of processing of your personal data in certain circumstances.
• Request the transfer of your personal data to you or to a third party (data portability).
• Withdraw consent at any time where we are relying on consent to process your personal data.

These rights are not absolute and certain exemptions may apply. You can exercise your rights by contacting us using the details in Section 1.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may also refuse to comply with your request in these circumstances.

Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Children & Minors

Our Services are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us so that we can take necessary action. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

13. Third-Party Links & Services

The Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website or app, we encourage you to read the privacy policy of every website you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the "last updated" date displayed at the top of this Privacy Policy.

15. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details in Section 1.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator:

If you are based outside the UK, you may have the right to lodge a complaint with your local data protection authority.