At Learniq Education, we are committed to protecting the privacy and security of the personal information of all individuals who interact with our services. This Privacy Notice explains how Learniq Education (referred to as "we," "us," or "our") collects, uses, processes, discloses, and protects your personal information when you use our whitelabel Learning Management System (LMS), Customer Relationship Management (CRM), ready-made courses, and AI Tutor services.

We understand the importance of privacy, especially when dealing with educational data and AI interactions. This notice is designed to comply with applicable data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulation (GDPR) in the European Union.

1. Who We Are:

Learniq Education provides a comprehensive suite of educational technology solutions. As a whitelabel provider, we deliver the underlying technology and content to our clients (e.g., educational institutions, businesses, individual educators) who then offer these services under their own brand. This means that while we process your data, your primary relationship regarding data collection and usage may be with our client who provides you access to our services. We act as a "Processor" (under GDPR) or "Operator" (under POPIA) on behalf of our clients, who are the "Controllers" or "Responsible Parties" of your personal information.

2. Information We Collect:

We collect various types of personal information, which may vary depending on the services you use and how our clients configure their platforms. This information may include:

• Identity Data: Names, usernames, and unique identifiers assigned by our clients (e.g., student IDs, employee IDs).

• Contact Data: Email addresses, phone numbers, and postal addresses.

• Profile Data: Course enrolment details, academic progress, CRM interactions, preferences, feedback, and responses to surveys.

• Educational Content and Performance Data: Submissions, quiz results, assignment grades, completion status of courses, certificates earned, learning progress, and interactions with course materials.

• AI Tutor Interaction Data: Text inputs, questions asked, responses received, conversational history, and any data generated during your interactions with the AI Tutor. This data may be analysed to improve the AI's performance and personalise your learning experience.

• Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services.

• Usage Data: Information about how you use our website, products, and services, including navigation paths, service access times, and engagement metrics.

• Marketing and Communications Data: Your preferences for receiving marketing from us and our third parties, as well as your communication preferences.

3. How We Collect Your Information:

We use different methods to collect data from and about you, including:

• Direct Interactions: You (or our client on your behalf) may provide us with your identity, contact information, profile, educational content, and performance data when you register for an account, enrol in courses, interact with the LMS/CRM, submit assignments, or communicate with our AI tutor.

• Automated Technologies or Interactions: As you interact with our platform, we may automatically collect technical and usage data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.

• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as our clients (who provide us with your initial registration details), analytics providers, or publicly available sources.

4. Purposes for Which We Use Your Information (Legal Basis):

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• To Perform the Contract: Where we need to perform the contract we are about to enter into or have entered into with our clients (and indirectly, with you) to provide the LMS, CRM, courses, and AI Tutor services.

• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes improving our services, ensuring platform security, and developing new features.

• Legal Obligation: Where we need to comply with a legal or regulatory obligation.

• Consent: In specific situations, we may ask for your explicit consent to process your personal information. You have the right to withdraw consent at any time.

We use your personal information for the following purposes:

• Providing and Managing Services: To operate and maintain the LMS, CRM, and AI Tutor; manage your account; facilitate course enrolment; track progress; manage CRM interactions; and deliver educational content.

• Personalisation and customisation: to tailor the learning experience, recommend relevant courses or resources, and provide personalised AI tutor interactions.

• Service Improvement and Development: To understand how our services are used, to debug and improve the functionality of the LMS, CRM, and AI Tutor (e.g., AI model training and refinement), and to develop new products, services, features, and content.

• Communication: To send you service announcements, administrative messages, and updates relevant to your use of the platform.

• Security and Fraud Prevention: To protect our services, systems, and users from fraud and unauthorised access.

• Compliance: To comply with legal obligations, enforce our terms and conditions, and resolve disputes.

• Analytics and Reporting: For internal reporting and analysis to assess platform usage, course effectiveness, and AI Tutor performance (often using aggregated and anonymised data).

• Marketing (with consent): To send you marketing communications about our products and services that may be of interest to you, where you have provided your consent.

5. Sharing Your Information:

We may share your personal information with the following categories of recipients:

• Our Clients: As a white-label provider, we share your data with the client (e.g., the university, company, or individual educator) who provided you access to our services. They are the primary "controller" or "responsible party" of your data, and their privacy policy will also apply to your information.

• Service Providers: We engage trusted third-party service providers who perform functions on our behalf, such as cloud hosting (e.g., data storage), analytics, customer support, and technical maintenance. These providers are contractually obligated to protect your data and only use it for the purposes we specify.

• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.

• Legal and Regulatory Requirements: We may disclose your information if required to do so by law, in response to a court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others; investigate fraud; or respond to a government request.

• Aggregated or anonymised data: We may share aggregated or anonymised data that cannot be used to identify you individually with third parties for research, analysis, or marketing purposes.

6. International Data Transfers:

Our service providers may store and process your personal information in countries outside of South Africa and the European Union where they maintain facilities. When we transfer your personal information across borders, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as

• We transfer data to countries that the European Commission or the South African Information Regulator deem to offer a sufficient level of personal information protection.

• The European Commission or the South African Information Regulator approve specific contracts that provide personal information with the same level of protection as in Europe or South Africa.

7. Data Security:

We have implemented appropriate technical and organisational security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. These measures include encryption, access controls, secure coding practices, and regular security assessments.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

8. Data Retention:

We will retain your personal information only for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.

We will delete or anonymise your data in accordance with our data retention policies and legal obligations when our agreement with a client is terminated or when you request it through our client.

9. Your Rights:

Under POPIA and GDPR, you have certain rights regarding your personal information. These rights may be exercised through our client (the Controller/Responsible Party) as they are the primary entity responsible for your data.

9.1. Rights under POPIA (South Africa):

• Right to Access: You have the right to request a copy of the personal information we hold about you.

• Right to Correction/Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

• Right to Object: You have the right to object to the processing of your personal information in certain circumstances.

• Right to Complain: You have the right to lodge a complaint with the Information Regulator of South Africa.

9.2. Rights under GDPR (European Union):

• Right to Access: The right to request copies of your personal information.

• Right to Rectification: The right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

• Right to Erasure ("Right to Be Forgotten"): The right to request that we erase your personal information, under certain conditions.

• Right to Restriction of Processing: The right to request that we restrict the processing of your personal information, under certain conditions.

• Right to Object to Processing: The right to object to our processing of your personal information, under certain conditions.

• Right to Data Portability: The right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

• Rights in relation to automated decision making and profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact the Learniq Education client (the institution or provider) through whom you access our services. If you are unable to resolve your request with our client, or if you have direct inquiries about our role as a processor, please contact us directly using the details below.

10. AI Tutor Specifics:

Our AI Tutor is designed to enhance your learning experience. Interactions with the AI Tutor, including your questions and the AI's responses, are processed to provide accurate and relevant assistance. This data may be used:

• To deliver the AI Tutor functionality: To understand your queries and generate appropriate responses.

• For AI model improvement: We may use anonymised and aggregated interaction data to train and improve the performance, accuracy, and relevance of our AI models over time. This process ensures that no identifiable personal information is directly used for public model training unless explicit consent is provided.

• For personalised learning: To tailor the AI Tutor's responses and suggestions to your individual learning progress and needs.

We implement robust safeguards to protect the privacy of your AI Tutor interactions, including data minimisation and pseudonymisation where possible.

11. Children's Privacy:

Our services are generally intended for users as part of an educational or organisational setting. If you are under the age of majority in your jurisdiction, you may only use our services with the consent and supervision of a parent or legal guardian. We do not knowingly collect personal information directly from children without appropriate parental consent. If we become aware that we have collected personal information from a child without verifiable parental consent, we will take steps to remove that information from our servers.

12. Changes to This Privacy Notice:

We may update this Privacy Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated notice on our website or through other appropriate communication channels. We encourage you to review this Privacy Notice periodically.

13. Contact Us:

If you have any questions about this Privacy Notice, our data practices, or if you wish to exercise your rights, please contact:

Learniq Education support@learniqedu.cn 155 West street, Sandton, Johannesburg, South Africa. www.learniqedu.cn