Introduction
Purpose of the Policy
Welcome to Mabuhay TEFL International. This Privacy Policy is dedicated to ensuring transparency and providing a clear understanding of how we collect, use, protect, and handle your personal data in compliance with the General Data Protection Regulation (GDPR). The protection of your privacy and personal data is of utmost importance to us. This policy is designed to inform you about your privacy rights and how the law protects you. It also outlines our commitment to safeguarding your personal information while you engage with our services through our website, Mabuhaytefl.com, or any other platform where we provide TEFL training and certification.
Scope and Applicability
This Privacy Policy applies to all individuals who interact with Mabuhay TEFL International, including visitors to our website (Mabuhaytefl.com), our students, and any other persons whose personal data may be processed by us. The policy covers the collection and processing of personal data both online and offline. This includes information collected:
- Through our website, Mabuhaytefl.com.
- Through direct interactions with you via email, phone, or other communication channels.
- When you enroll or inquire about our TEFL training courses and certification programs.
- Through automated technologies or interactions as you navigate through our website.
It is important to note that our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
This policy applies to the processing of personal data by Mabuhay TEFL International, whether you are an EU citizen or reside outside the EU. The GDPR provisions are applied as a benchmark for data protection and privacy standards, reflecting our commitment to protecting all personal data under our care.
In the following sections, you will find detailed information about the types of personal data we collect, the purposes for which we process your data, your rights under the GDPR, and how you can exercise them. By understanding and adhering to this policy, Mabuhay TEFL International ensures a commitment to data protection principles and establishes a basis of trust and safety in all our interactions with you.
Definitions and Key Terms
To ensure clarity and assist in the understanding of this privacy policy, the following key terms and definitions are provided:
Explanation of Key GDPR Terms:
Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Data Subject: An identified or identifiable natural person whose personal data is being processed.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data Protection Authority (DPA): An independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
Specific Terms Used in the Policy:
User: Any individual accessing our website, Mabuhaytefl.com, or interacting with Mabuhay TEFL International through any other means. This includes students, potential students, and website visitors.
TEFL Training and Certification Services: The educational and certification services provided by Mabuhay TEFL International, including but not limited to TEFL courses, teacher training, and certification issuance.
Website Visitor: Any individual who visits Mabuhaytefl.com, regardless of their interaction level.
Cookie: A small file placed on your device when you visit certain parts of our website or use certain features of our website. Cookies help us understand how you use our site and ways we can improve your experience.
Third-Party Service Providers: External companies or individuals that Mabuhay TEFL International engages with to process data on our behalf or to provide certain services, such as website hosting, data analysis, marketing assistance, email delivery, and customer service.
GDPR Compliance Officer: The designated individual within Mabuhay TEFL International responsible for ensuring our compliance with GDPR requirements and being a point of contact for data protection matters.
This section provides an overview of the key terms and definitions used throughout our GDPR privacy policy. Understanding these terms will help in comprehending our data processing activities and your rights as a data subject under GDPR.
At Mabuhay TEFL International, we adhere to the core principles of data processing as set out by the General Data Protection Regulation (GDPR). These principles guide our approach to handling personal data, ensuring that our practices are lawful, fair, transparent, and respectful of individual privacy rights.
Lawfulness, Fairness, and Transparency
Lawfulness: We ensure that all data processing activities are lawful and have a legal basis, such as consent, contract necessity, legal obligation, vital interests, public task, or legitimate interests.
Fairness: Our data processing is fair, meaning we consider your interests and do not process data in a way that is unduly detrimental, unexpected, or misleading.
Transparency: Transparency is integral to our practices. We provide clear, accessible information about how we use personal data, typically through this privacy policy, and are open to inquiries about our data processing practices.
Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes as outlined in this policy. We do not use data for purposes that are incompatible with the original purpose of collection, unless we obtain consent or have a clear legal basis to do so.
Data Minimization
We adhere to the principle of data minimization, ensuring that we only collect personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We constantly review our data collection practices to ensure this principle is upheld.
Accuracy
We take reasonable steps to ensure that personal data we process is accurate and, where necessary, kept up to date. We correct or delete inaccurate or outdated data without delay.
Storage Limitation
Personal data is stored no longer than is necessary for the purposes for which the personal data are processed. We have specific policies and procedures in place to meet these data retention requirements, including periodic reviews of the data we hold.
Integrity and Confidentiality
We ensure the integrity and confidentiality of personal data through appropriate technical and organizational security measures. This includes protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability
As a data controller, we are responsible for and able to demonstrate compliance with all the principles mentioned above. We maintain records of processing activities, conduct regular data protection impact assessments, and have appointed a GDPR Compliance Officer to oversee our compliance efforts.
Principles of Data Processing
At Mabuhay TEFL International, we adhere to the core principles of data processing as set out by the General Data Protection Regulation (GDPR). These principles guide our approach to handling personal data, ensuring that our practices are lawful, fair, transparent, and respectful of individual privacy rights.
Lawfulness, Fairness, and Transparency
Lawfulness: We ensure that all data processing activities are lawful and have a legal basis, such as consent, contract necessity, legal obligation, vital interests, public task, or legitimate interests.
Fairness: Our data processing is fair, meaning we consider your interests and do not process data in a way that is unduly detrimental, unexpected, or misleading.
Transparency: Transparency is integral to our practices. We provide clear, accessible information about how we use personal data, typically through this privacy policy, and are open to inquiries about our data processing practices.
Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes as outlined in this policy. We do not use data for purposes that are incompatible with the original purpose of collection, unless we obtain consent or have a clear legal basis to do so.
Data Minimization
We adhere to the principle of data minimization, ensuring that we only collect personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We constantly review our data collection practices to ensure this principle is upheld.
Accuracy
We take reasonable steps to ensure that personal data we process is accurate and, where necessary, kept up to date. We correct or delete inaccurate or outdated data without delay.
Storage Limitation
Personal data is stored no longer than is necessary for the purposes for which the personal data are processed. We have specific policies and procedures in place to meet these data retention requirements, including periodic reviews of the data we hold.
Integrity and Confidentiality
We ensure the integrity and confidentiality of personal data through appropriate technical and organizational security measures. This includes protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability
As a data controller, we are responsible for and able to demonstrate compliance with all the principles mentioned above. We maintain records of processing activities, conduct regular data protection impact assessments, and have appointed a GDPR Compliance Officer to oversee our compliance efforts.
Adhering to these principles is foundational to our approach to data processing at Mabuhay TEFL International. They inform our actions and decisions regarding the handling of personal data and reflect our commitment to protecting the privacy rights of our users and students.
Data Sharing and Disclosure
Sharing with Third Parties:
We may share your personal data with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service. These third parties are obligated to protect your data and may not use it for other purposes.
Personal data may also be shared with partners or collaborators for purposes directly related to the provision of our TEFL training and certification services.
International Data Transfers:
Given our international operations, personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). We ensure such transfers are carried out in compliance with GDPR, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Legal Requirements for Disclosure:
We may disclose your personal data where required by law or in response to valid requests by public authorities (e.g., a court or a government agency).
Disclosure may also be necessary to enforce our Terms of Service, protect our rights, privacy, safety, or property, and/or respond to legal claims.
Data Security
Security Measures in Place:
We implement robust technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes encryption, firewalls, access controls, and secure data storage.
Regular security reviews and updates are conducted to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Data Breach Notification Procedures:
In the event of a personal data breach, we will notify the appropriate data protection authority without undue delay and, where feasible, within 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
Affected individuals will also be notified if the breach is likely to result in a high risk to their rights and freedoms.
Your Rights Under GDPR
Right to Access:
You have the right to request access to the personal data we hold about you, including information about how we process it.
Right to Rectification:
You can request the correction of inaccurate personal data and the completion of incomplete data.
Right to Erasure (Right to be Forgotten):
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Right to Restriction of Processing:
You have the right to request the suspension of the processing of your personal data in certain scenarios, such as if you want us to establish its accuracy or the reason for processing it.
Right to Data Portability:
This right allows you to request the transfer of your personal data to another party, in a structured, commonly used, and machine-readable format.
Right to Object:
You have the right to object to the processing of your personal data based on grounds relating to your particular situation, at any time.
Rights about Automated Decision-Making and Profiling:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Consent and Withdrawal of Consent
Obtaining Consent:
Clear and Informed Consent: At Mabuhay TEFL International, we ensure that consent is obtained in a clear and understandable form. This means providing information in simple language about what data is being collected, for what purpose, and how it will be used.
Specific and Voluntary: Consent is requested for specific data processing activities and is entirely voluntary. We ensure that there is no undue pressure or imbalance of power in obtaining consent.
Record of Consent: We maintain a record of when and how we obtained your consent, along with what you were told at the time.
How to Withdraw Consent:
Ease of Withdrawal: Withdrawing consent is as easy as giving it. You can withdraw your consent at any time regarding the use of your personal data.
Process for Withdrawal: To withdraw consent, simply contact us via the contact information provided in this policy. Upon receiving your request, we will promptly stop processing your data for the purposes you have withdrawn consent for and confirm the withdrawal with you.
Consequences of Withdrawal: We will explain the consequences of withdrawing consent, ensuring you are fully informed. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Data Retention Policy
Criteria for Determining Retention Period:
Purpose of Data Collection: The retention period of personal data is determined based on the purpose for which it was collected. Data is not kept longer than is necessary to fulfill these purposes.
Legal and Regulatory Requirements: We consider any legal or regulatory requirements that necessitate the retention of data for a specific period. For example, financial records may need to be retained for a certain number of years for tax purposes.
Statute of Limitations: The period during which legal claims could be made against our company is also considered in determining data retention periods.
Regular Review: Our data retention policies are regularly reviewed to ensure compliance with GDPR and other relevant laws. When the data is no longer needed, it is securely deleted or anonymized.
Use of Cookies and Tracking Technologies
Types of Cookies Used:
Essential Cookies: Necessary for the website to function and cannot be switched off in our systems. They are typically set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
Performance Cookies: Collect information about how visitors use the website, such as which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor; all information these cookies collect is aggregated and therefore anonymous.
Functionality Cookies: Allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
Targeting/Advertising Cookies: These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
Managing Cookies and Opting Out:
Cookie Preferences: You can manage your cookie preferences through your browser settings at any time. This includes deleting cookies or preventing cookies from being set.
Opt-Out Tools: For performance, functionality, and targeting/advertising cookies, we provide an opt-out mechanism through our website’s cookie consent manager. This tool allows you to choose which types of cookies you consent to.
Impact of Opting Out: It’s important to note that opting out of certain types of cookies may impact your experience of the site and the services we are able to offer.
Links to Other Websites
Our website, www.mabuhaytefl.com, may contain links to other websites of interest. However, once you use these links to leave our site, you should note that we do not have any control over these other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy policy.
Changes to This Privacy Policy
Notification of Changes:
We may update this privacy policy from time to time in response to changing legal, technical, or business developments. When we update our privacy policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
Notification methods may include email notifications or an announcement on our website, depending on the nature of the changes.
Historical Versions:
Previous versions of this privacy policy will be archived and made available. You can access historical versions of our policy by contacting us directly or through a designated section on our website. This allows you to review the changes over time.
Complaints and Contact Information
How to Lodge a Complaint
If you have any concerns or complaints regarding the handling of your personal data or our data protection practices, we encourage you to first contact us directly to resolve the issue.
You can lodge a complaint by contacting Elizabeth Santos, who is responsible for handling data protection matters. Complaints can be submitted via email to elizabethsantos@mabuhaytefl.com.
When submitting a complaint, please provide as much detail as possible about the nature of your concern, including any relevant dates, specific data involved, and why you believe your data has been mishandled.
We are committed to addressing all complaints thoroughly and promptly and will keep you informed throughout the process.
Contact Details for Data Protection Matters
For any questions or concerns regarding your personal data, our privacy practices, or this privacy policy, please contact our Data Protection Manager:
Name: Elizabeth Santos
Email: elizabethsantos@mabuhaytefl.com
Elizabeth is available to provide clarification, assist with data access requests, and address any concerns you may have regarding data protection.
Jurisdictional Considerations
Specific Provisions for EU Citizens
As an organization processing the personal data of EU citizens, we comply with the General Data Protection Regulation (GDPR). This includes adhering to principles such as data minimization, ensuring data accuracy, and upholding the rights of data subjects.
EU citizens have the right to lodge a complaint with a supervisory authority in their member state if they believe their data protection rights have been infringed.
International Compliance Considerations:
While our primary operations are in Hong Kong, we understand the importance of global data protection standards, particularly for our international students and website users.
We endeavor to comply with applicable data protection laws in other jurisdictions where we operate or where our students reside. This includes adapting our practices to meet local legal requirements and cultural expectations regarding privacy and data protection.