EIDU Data Privacy Statement

Introduction

EIDU is directed at children under the age of 13. It is a child-safe app. The privacy, safety, and trust of our users are the basis of all of our activities, that is, activities of EIDU Global Education Initiatives e.V., a German non-profit association, and its affiliates EIDU Kenya  PBO, EIDU Kenya Limited, and EIDU Nigeria Limited (collectively, “EIDU”). This Privacy Policy explains what personal information we collect and with whom we share it. You should read this Privacy Policy in its entirety. The statement should be read together with the Terms and Conditions of Use for other EIDU products and services. Where there is a conflict, this statement will prevail. Certain sections may apply differently to residents of different jurisdictions. This statement applies to all customers of our products and services.

Our role as a data controller

For data about teachers and school staff who interact directly with our software, EIDU acts as the data controller and the obligations described in this statement apply in full.

Learner activity data processed by EIDU is anonymised and does not constitute personal data. It therefore falls outside the scope of data protection law and no controller or processor designation applies to it.

SECTION 1. SCOPE OF POLICY AND TERMS

This Privacy Policy applies to your use of:

1.  EIDU mobile application software (“App” or “Apps”) including the EIDU and EIDU Content apps available on our Services or hosted on the Google Play Store (“App Site”), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (“Device”).

2.  Any of the services accessible through the Apps which are available on the App Site or other sites of ours (“Services Sites”).

Terms used in this Privacy Policy shall have the following meanings:

-   “Authorities” includes any judicial, administrative, public or regulatory body, any government, court or law enforcement body, or any of their agents with jurisdiction over EIDU.

-   “Compliance Obligations” means obligations of EIDU to comply with: (a) Laws or international guidance and internal policies or procedures, (b) any demand from Authorities or reporting, disclosure or other obligations under Laws, and (c) Laws requiring us to verify the identity of our customers.

-   “Customer” or “User” means any individual to which EIDU provides its products or services.

-   “Customer Information” means your Personal Data, including relevant information about you and them, your and their use of our products and services, and your and their relationships with EIDU.

-   “Laws” include any local or foreign law, regulation, judgment or court order, voluntary code, sanctions regime, an agreement between any member of EIDU and an Authority, or agreement or treaty between Authorities and applicable to EIDU.

-   “Personal Data” or “Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

-   “Services” includes maintaining the App available on our site OR hosted on the App Site, once you have downloaded or streamed a copy of the App onto your Device.

-   “We”, “Our” and “Us” refer to EIDU.

-   “You” and “Yours” refers to the person who subscribes to or uses any of our products and services or accesses our websites, the school institution on whose behalf the person acts. It also includes any other person that  uses any of our products and services or accesses our websites

Reference to the singular includes the plural (and vice versa). The word “includes” means that what follows is not necessarily exhaustive and therefore the examples given are not the only things/situations included in the meaning or explanation of that text.

SECTION 2. INFORMATION WE COLLECT

We may collect, use and share Customer Information. Customer Information may be collected from you directly, from a person acting on your behalf, from other sources (including from publicly available information), and it may be generated or combined with other information available to us or any member of EIDU.

We may collect the following information about you, which may include non-public Personal Information:

1.  Information you submit to us:

    -   provided by filling in forms in the App or on the App Site;

    -   provided by corresponding with us (for example, by e-mail or chat);

    -   provided by registering to use the App Site, downloading or registering an App, sharing data via an App’s social media functions, entering a competition, promotion or survey, and reporting a problem with an App, our Services, or any of Our Sites; and

    -   including your name, phone number, your school’s name, the Device’s phone number, SIM card, age and other registration information, personal description and photograph.

2.   Information we collect about you and your device. Each time you visit one of Our Sites or use one of our Apps the information we may collect includes but is not limited to the following:

    -   technical information, including the type of mobile device you use, unique device identifiers (for example, your Device’s IMEI or serial number), information about the SIM card used by the Device, mobile network information, your device operating system, the type of browser you use, or your Device’s location and time zone setting (Device Information);

    -   details of your use of any of our Apps or your visits to any of Our Sites including, but not limited to, traffic data, location data, weblogs and other communication data.3.  Location information. We may also use GPS technology or other location services to determine your current location.

4.  Information we receive from other sources. We reserve the right to work with a limited number of third parties (including mobile network providers) and may receive information about you from them.

5.  Unique application numbers. When you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.

Learner data

Our software is designed for use in schools and is deployed to children. EIDU does not collect names, photographs, or other directly identifying information of learners. Where such data is held on school-controlled devices (for example, as part of a learner registry), it is encrypted using keys held by the school and is not accessible to EIDU in unencrypted form. Learner activity data is anonymised on the device before it is transmitted to EIDU's servers: personal identifiers are never sent to EIDU. Only anonymous activity records — linked to a technical identifier with no connection to a learner's name or identity — reach our systems. EIDU has no means of linking this data to any named individual.

We may occasionally send push notifications through our mobile applications to send you messages that may be of importance to you. You may at any time opt-out from receiving these types of communications by turning them off at the device level through your settings or through the mobile application settings.

We and our third-party service providers, including our analytics providers, may use mobile tracking technologies and/or website cookies to distinguish you from other users of the App, App Site or Service Site. This helps us to provide you with a good experience when you use the App or browse any of the sites and also allows us to improve the App and Our Sites.

As is true of most websites, we gather certain information automatically and store it in log files. This information may include your internet protocol (IP) address, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. From time to time, we may combine this automatically collected data with other information we collect about you for reasons such as analysis, security or content generation.

We may use the analytics tools and software in order to develop and analyze use of the Service. Analytics companies may access anonymous individual data to help us understand how the Service is used. We may link the information we store within the analytics software to any Personal Information you submit within the mobile applications.

By uninstalling the app from your Device, you can withdraw your consent from collecting your Customer Information in the future. We may keep and share stored Customer Information after the point of uninstall for as long as necessary for the fulfillment of the purposes for which Customer Information was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as permitted by law.

SECTION 3. WHY WE COLLECT INFORMATION

We collect information for the following purposes, including but not limited to (“Purposes”):

-   To ensure the proper functioning of the App and our Services for you and other customers;

-   To notify you about changes to our Service;

-   To provide customer care and support;

-   To verify your identity;

-   To disburse phones for your use of the Service;

-   To analyze customer behavior;

-   To allow our partners to fulfill their obligations to you;

-   To allow us to fulfill our obligations to our partners;

-   To troubleshoot problems with the Service;

-   To comply with applicable laws, regulations, and rules, such as those relating to “know-your-customer” requirements;

-   To detect and prevent fraud and other illegal uses of the Service;

-   To send you notices and service updates; and

-   To contact you by telephone using auto-dialed or pre-recorded message calls or text (SMS) messages (if applicable) as authorized for the purposes described in this Privacy Policy.

Child Safety

Our apps do not show to children any ads or any content which is unrelated to the learning objectives of the apps. Children cannot access external links.

SECTION 4. HOW WE USE AND SHARE INFORMATION

These clauses explain how we will use and share your information. By using the Services, you agree that we and members of EIDU shall use Customer Information in accordance with such clauses.

Uses made of the information

-   We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Privacy Policy for as long as it is combined.

-   Information collected by us shall be used for the Purposes defined in this Privacy Policy.

-   We do not disclose information about identifiable individuals to other parties, unless it is necessary for providing the Services. We may share limited personal information with select partners for research and development. We may provide other parties with anonymous individual information about our users for the purposes of compiling statistics relating to our user base and may disclose such information to any third party for such purposes, provided that such information will always be anonymous.

Sharing

By using the Services, you agree that we may, as necessary and appropriate for the Purposes, transfer and disclose any Customer Information to the following recipients globally (who may also process, transfer and disclose such Customer Information for the Purposes):

-   any member of EIDU and any subcontractors, agents, service providers, or associates of EIDU (including their employees, directors and officers);

-   any party in connection with any EIDU business transfer, disposal, merger or acquisition, wherever located, including in jurisdictions which do not have data protection laws that provide the same level of protection as the jurisdiction in which the Services are supplied.

-   third-party service providers under contract with EIDU that help us with our business operations, such as customer communication and marketing. We share your Personal Information with these companies only as necessary to provide you with our Service; and

-   law enforcement, government officials or other third parties, but only

-   in connection with a formal request, subpoena, court order, or similar legal procedure; or

-   when we believe in good faith that disclosure is necessary to comply with the law, prevent physical harm or financial loss, report suspected illegal activity, or to investigate violations of our User Agreement; or

-   Or any other legally permissible purpose.

SECTION 5. WHERE WE STORE INFORMATION

Our services are hosted on cloud infrastructure in the European Union (Germany, Ireland), Kenya, and/or Nigeria. Where data is transferred between jurisdictions, we ensure that appropriate safeguards are in place in accordance with applicable law, including the use of Standard Contractual Clauses where required. We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse, including encryption in transit and at rest. A list of our data processors and sub-processors is available on request by contacting privacy@eidu.com.

Where we have given you (or where you have chosen) a code, password or PIN that enables you to access certain parts of Our Sites, you are responsible for keeping this information confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

SECTION 6. CUSTOMER OBLIGATIONS AND RIGHTS

EIDU shall have the right to terminate any agreement with you

Where:

-   you fail to comply with the provisions of this statement and reject any application for information contrary to this statement

-   you fail to provide promptly Customer Information that we reasonably requested, or

-   you withhold or withdraw any consents that we may need to process, transfer or disclose Customer Information for the Purposes (except for purposes connected with marketing or promoting products and services to you), or

-   we have, or a member of EIDU has, suspicions of criminal activity or an associated risk.

Your rights

Depending on your location and the nature of your relationship with EIDU, you may have the following rights regarding personal data:

• The right to be informed about how your data is used

• The right to access personal data we hold about you

• The right to request correction of inaccurate data

• The right to request deletion of data (subject to our legal obligations)

• The right to object to processing

• The right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@eidu.com. We will respond within 30 days.

Supervisory authorities: If you are based in Kenya, you may contact the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke. If you are based in Nigeria, you may contact the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng. If you are based in Germany or the EU, you may contact the relevant national or state data protection authority.

We may:

-   be unable to provide new, or continue to provide all or part of the, Services to you and reserve the right to terminate our relationship with you;

-   take actions necessary for us or a member of EIDU to meet Compliance Obligations; and/or

-   block, transfer or close your account(s) where permitted under local Laws.

You agree that we shall not be liable for any loss or damage arising from or incidental to our use, collection, processing and sharing of Customer Information, and any action we have taken in relation to this Section. Incidents and accidents will be investigated to establish what lessons can be learned to prevent such incidents/accidents reoccurring including introduction of additional safeguards, procedures, information instruction and training, or any combination of these. Monitoring is undertaken but on an anonymised basis. The information is also retained in the event of any claims for damages.

SECTION 7. QUESTIONS AND CHANGES

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the App or the Services. Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@eidu.com.