General Data Protection Regulation (GDPR) Compliance
Last Updated: December 29, 2024
Xudripo is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and protect your personal information when you use our educational platform and services.
1. Data Controller
Xudripo is the data controller responsible for your personal data. You can contact us at:
Xudripo
211 Hougang Street 21, #01-317, Singapore 530211
Email: [email protected]
Phone: +6567898233
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Information You Provide
- Account registration details (name, email address, password)
- Profile information (learning preferences, educational background)
- Payment and billing information
- Communication records (support requests, feedback, correspondence)
- Course enrollment and progress data
- Content you create or submit through our platform
2.2 Information Automatically Collected
- Device information (IP address, browser type, operating system)
- Usage data (pages visited, features used, time spent)
- Learning analytics (course completion, assessment results, engagement metrics)
- Technical data (cookies, log files, session information)
2.3 Information from Third Parties
- Authentication services (if you sign in through third-party providers)
- Payment processors (transaction confirmation and status)
- Analytics providers (aggregated usage statistics)
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our educational services and fulfill our contractual obligations to you
- Consent: Where you have given explicit consent for specific processing activities
- Legitimate Interests: For improving our services, platform security, and business operations
- Legal Obligations: To comply with applicable laws, regulations, and legal processes
4. How We Use Your Personal Data
We use your personal data for the following purposes:
- Providing access to learning materials and live sessions
- Creating and managing your account
- Processing payments and maintaining billing records
- Personalizing your learning experience and recommendations
- Communicating with you about courses, updates, and support
- Monitoring platform performance and troubleshooting issues
- Analyzing usage patterns to improve our services
- Ensuring platform security and preventing fraud
- Complying with legal and regulatory requirements
- Sending marketing communications (with your consent)
5. Data Sharing and Disclosure
We may share your personal data with:
5.1 Service Providers
- Cloud hosting and infrastructure providers
- Payment processing services
- Email and communication platforms
- Analytics and monitoring tools
- Customer support systems
5.2 Instructors and Educators
We share relevant information with instructors to facilitate your learning experience, including your name, progress data, and assessment results.
5.3 Legal Requirements
We may disclose your data when required by law, court order, or to protect our rights, safety, or property.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the relevant third parties.
We ensure all third parties process your data securely and in accordance with GDPR requirements through appropriate contractual safeguards.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions confirming adequate data protection levels
- Binding Corporate Rules for intra-organizational transfers
- Certification mechanisms demonstrating compliance
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
7.1 Right of Access
You can request confirmation of whether we process your personal data and obtain a copy of that data.
7.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
7.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data under certain circumstances, including:
- The data is no longer necessary for the purposes collected
- You withdraw consent and no other legal basis exists
- You object to processing and no overriding legitimate grounds exist
- The data has been unlawfully processed
7.4 Right to Restriction of Processing
You can request limitation of how we use your data when:
- You contest the accuracy of the data
- Processing is unlawful but you oppose erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
7.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format and transmit it to another controller.
7.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw that consent at any time.
7.8 Right to Lodge a Complaint
You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.
8. Exercising Your Rights
To exercise any of your rights, please contact us at:
Email: [email protected]
We will respond to your request within one month. This period may be extended by two additional months for complex requests. We will inform you of any extension and the reasons for the delay.
We may request additional information to verify your identity before processing your request.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account plus 90 days after closure |
| Learning progress and course data | Duration of account plus 2 years |
| Payment records | 7 years for accounting and tax purposes |
| Communication records | 3 years after last interaction |
| Marketing consent records | Duration of consent plus 3 years |
| Technical and analytics data | 26 months |
After the retention period expires, we securely delete or anonymize your personal data.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection
- Incident response and breach notification procedures
- Regular backups and disaster recovery planning
11. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware
- Notify affected individuals without undue delay if the breach poses a high risk
- Provide information about the nature of the breach and measures taken
- Document all breaches, including facts, effects, and remedial actions
12. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that we have collected data from a child without proper consent, we will delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
13. Automated Decision-Making and Profiling
We may use automated processing to personalize your learning experience, including:
- Recommending courses based on your interests and progress
- Customizing content difficulty levels
- Suggesting learning paths aligned with your goals
You have the right to:
- Obtain human intervention in automated decisions
- Express your point of view
- Contest automated decisions that produce legal effects or similarly significant effects
14. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings. For detailed information about our use of cookies, please refer to our Cookie Policy.
15. Updates to This Policy
We may update this GDPR Compliance Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending email notifications for material changes
- Requesting renewed consent where required
We encourage you to review this policy regularly to stay informed about how we protect your personal data.
16. Contact Information
For questions, concerns, or requests related to this GDPR Compliance Policy or your personal data, please contact us:
Xudripo
211 Hougang Street 21, #01-317, Singapore 530211
Email: [email protected]
Phone: +6567898233
This GDPR Compliance Policy is designed to inform you about your rights and our obligations under the General Data Protection Regulation. By using our services, you acknowledge that you have read and understood this policy.