Create Your Organization's Administrator Account

Electus Global Education Inc. and Infiniti Program

Customer Data and Consent Policy

Overview

Electus Global Education Inc. is committed to protecting the privacy and security of personal information related to participants in the Life Hub app and Infiniti program. This policy outlines how we collect, use, store, and protect customer data in compliance with relevant privacy laws and standards, including the General Data Protection Regulation (GDPR), the Children’s Online Privacy Protection Act (COPPA), and other applicable regulations. It also clearly defines the responsibility of the customer in ensuring proper data handling and permissions.

Customer Responsibility for Data and Permissions

By signing this policy, the customer (e.g., schools, organizations, or guardians) assumes full responsibility for the accuracy and lawfulness of all personal data shared with Electus Global Education Inc. This includes ensuring that all necessary permissions and consents have been obtained from participants or their legal guardians, in accordance with applicable data protection laws such as GDPR and COPPA.

The customer is specifically responsible for:

1. Authorization to Share Data: The customer certifies that they have the legal authority to share participant data with Electus Global Education Inc. for the purposes outlined in this policy. This includes securing appropriate consents from participants or their legal guardians, especially when minors are involved.
2. Parental/Guardian Notification and Consent: The customer must ensure that participants’ parents or guardians have been informed about the collection and use of their child’s data. This includes communicating their rights to access, modify, or request the deletion of their child’s data. The customer must also obtain explicit consent for collecting and processing such data in compliance with applicable privacy laws.
3. Data Accuracy and Updates: The customer is responsible for providing accurate and up-to-date personal data. If there are changes to a participant’s data, the customer must promptly inform Electus Global Education Inc. of these changes.
4. Withdrawal of Consent: If a participant or their legal guardian withdraws consent for the collection or use of personal data, the customer must immediately notify Electus Global Education Inc. so the participant’s account can be deactivated and their data deleted in line with legal requirements.
5. Liability for Unauthorized Data Use: The customer acknowledges that they will be liable for any unauthorized collection, sharing, or use of participant data, including the failure to obtain appropriate consent from participants or their legal guardians.

Data Collection

We collect personal data that is necessary for delivering our services effectively. This may include:

• Full name
• Date of birth
• Age
• Email addresses (work and personal)
• Phone numbers (for SMS communications)
• Associated organization
• Demographic information (e.g., gender, age group, geographic location)

Purpose of Data Collection

Personal data is collected for the following purposes:

1. Personalized Service Delivery: To create customized learning paths, dashboards, and content tailored to each participant’s progress and needs.
2. Communication via SMS and Email:
• SMS Notifications: Used for secure notifications, such as verification codes and program updates, with encryption applied where possible.
• Organizational and Personal Emails: Important communications regarding program participation, updates, and reports are sent to work or personal email addresses.
3. Demographic-Based Insights: Demographic data is analyzed in anonymized form to help improve participant engagement, identify trends, and ensure program inclusivity.
4. Compensation and Financial Management: Personal and demographic data is processed to manage payments related to Visa rewards cards, EduJobs, and micro-credential issuance.
5. Inclusive Program Design: Data helps us identify barriers to engagement and ensure diversity and accessibility across programs.
6. Impact Reporting and Program Improvement: Aggregated, non-identifiable data is used to create reports for stakeholders, sponsors, and funders.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: We obtain explicit consent from participants or their legal guardians for the collection and use of personal data.
• Contractual Obligation: Personal data is processed as necessary to fulfill the services provided as part of the Life Hub and Infiniti programs.
• Legitimate Interests: In some cases, data is processed for operational needs, provided that this does not conflict with the rights and freedoms of participants.

Data Minimization and Retention

We only collect the data necessary for the purposes described in this policy. Personal data is retained for the duration of the program and as long as it is needed to fulfill the program’s objectives. Afterward, data is securely deleted, or upon request, in compliance with applicable laws.

Data Sharing and Consent Certification

By submitting or uploading participant data, the customer certifies that:

1. Authority to Share Data: The customer confirms they have the legal authority to share participant data with Electus Global Education Inc. and have obtained all necessary consents.
2. Transparency and Parental Rights: The customer has informed parents or guardians of their rights, including the right to request access, modification, or deletion of the data at any time.
3. Indemnification: The customer agrees to indemnify and hold harmless Electus Global Education Inc. from any claims or liabilities arising from the failure to obtain proper consent or unauthorized use of participant data.

Data Security and Protection Measures

Electus Global Education Inc. employs robust security measures to protect personal information:

1. Encryption: All personal data transmitted via SMS, email, or other communication channels is encrypted using TLS/SSL for data in transit and AES-256 for data at rest.
2. Access Control: Access to personal data is restricted to authorized personnel and monitored via access logs, which are subject to regular audits.
3. Data Anonymization and Pseudonymization: Where possible, personal data is anonymized or pseudonymized for analytics or reporting purposes.
4. Data Deletion: Personal data is deleted upon request or account closure, with backup copies securely removed within 30 days.

Handling Data Requests

Participants or their legal guardians can request access to, correction of, or deletion of personal data at any time. Upon withdrawal of consent, participant data will be promptly deactivated and securely deleted in compliance with legal requirements.

Temporary Data Access for Admins

To secure sensitive data shared with administrators, we implement the following protocols:

1. Two-Factor Authentication (2FA): Admins must use 2FA when accessing sensitive data, including encrypted files and customer logs.
2. Secure Encryption of Admin Data: All admin data is subject to encryption measures, ensuring security during access and processing.

Consent

I, the undersigned, hereby acknowledge that I have read, understood, and agree to the terms outlined in this Customer Data and Consent Policy. I confirm that I have obtained all necessary permissions and consents for the sharing of participant data as required by applicable law. Furthermore, I accept responsibility for ensuring data accuracy and compliance with relevant privacy laws, including GDPR and COPPA.