GDPR Compliance
Your data protection rights
About GDPR
The General Data Protection Regulation (GDPR) is a European Union regulation that protects the personal data and privacy of individuals within the EU. Even though Tropic Tutor primarily serves Caribbean users, we are committed to upholding GDPR standards for all our users worldwide.
Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.
Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure ("Right to be Forgotten")
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.
Right to Restrict Processing
You have the right to request that we limit how we use your personal data in certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object
You have the right to object to the processing of your personal data for direct marketing purposes or when we process your data based on legitimate interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.
How We Protect Your Data
- Encryption: All data is encrypted in transit (TLS) and at rest
- Access Controls: Strict access controls limit who can access your data
- Data Minimization: We only collect data necessary for our services
- Regular Audits: We conduct regular security audits and assessments
- Secure Infrastructure: Our servers are hosted in secure, compliant data centers
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract: Processing necessary to provide our services to you
- Consent: Where you have given explicit consent (e.g., marketing emails)
- Legitimate Interests: Processing necessary for our legitimate business interests
- Legal Obligation: Processing required by law
Data Transfers
Your data may be transferred to and processed in countries outside the EEA. When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Data Protection Officer
For questions about GDPR or to exercise your rights, contact our Data Protection team:
Email: dpo@cxcstudyhub.com
Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.