Last updated: 11 October 2024
At Edexia, we are committed to safeguarding your personal information and retaining it for as long as it is necessary to fulfil the purposes for which it was collected, or as required by law, or for legitimate business interests.
Data Classification
Edexia classifies data into various categories based on sensitivity, purpose, and retention requirements. These categories include:
Each category of data is subject to specific handling procedures based on its classification.
User Accounts (PII)
Edexia retains personal data for as long as necessary to ensure a seamless user experience and to fulfil the purposes for which it was collected. Users can delete their data safely and completely from within the application immediately. Should an organisation submit a formal request for data deletion, Edexia will maintain the data for an additional 12 months, strictly for record-keeping, legal compliance, and security purposes. Following this 12-month period, the data will be permanently deleted from our systems, unless a longer retention period is required by law.
Edexia retains class and assessment data uploaded by the user for 18 months from the date of creation to allow for any necessary retrieval or record-keeping. Class and assessment batch data are automatically deleted after 18 months from creation. Users can also safely and completely delete their assessment data manually from within the platform. Users will be notified in advance of this deletion via the application, providing sufficient time to secure their data.
Transaction Data, Support, and Interaction Data
Edexia retains transaction data, including payment information and billing records, for as long as necessary to fulfil financial, legal, and auditing requirements. Support and interaction data, such as communications with support teams and chat logs, are retained to improve service quality, address user inquiries, and ensure a positive user experience. These data types will be maintained for the duration needed to fulfil these purposes and may be retained longer if required by law or for legitimate business needs.
Edexia implements strict data handling procedures, including:
For disaster recovery and continuity purposes, Edexia maintains secure backups of all user data, including classes and assessments, for a period of 10 days and backups are updated weekly. These backups are encrypted and stored securely to protect against unauthorised access. In the event of accidental data loss or corruption, users may request the restoration of their data within this period.
Edexia may be required to retain certain user data beyond the standard retention periods to comply with legal or regulatory obligations, such as tax, auditing, or reporting requirements. In such cases, the data will be securely stored and only accessible to authorised personnel.
Where possible, Edexia may anonymise user data that is no longer necessary for the provision of services. Anonymised data may be retained for longer periods for research, statistical analysis, and improving our services, as it no longer identifies individual users.
Edexia may share data with third-party service providers who assist us in delivering our services. These providers are contractually obligated to handle data in compliance with our Data Retention Policy and applicable laws. Any data shared with third parties is subject to the same retention periods and security measures as data stored by Edexia.
Users have the right to request access to their personal data, correction of inaccurate information, or deletion of their data in accordance with applicable laws. Edexia will respond to such requests within a reasonable timeframe and will honour any legally valid request to delete data, subject to our legal and compliance obligations.
Edexia reserves the right to update this Data Retention Policy from time to time to reflect changes in legal requirements or our business practices. Users will be notified of significant changes via the application or email, and the updated policy will be made available on our website.
When a deletion request is received, Edexia follows a structured process to ensure that the data is permanently removed from our systems after the 12-month retention period. This process includes:
Edexia will notify users before their data is scheduled for deletion, providing an opportunity to export or duplicate the data if desired. This notification will be sent via email and through the application, ensuring users have ample time to take action.
Regular digital housekeeping is crucial for maintaining a streamlined, efficient, and cost-effective platform. By periodically reviewing and removing older courses and inactive user accounts, Edexia ensures easier navigation, improved performance, and reduced storage costs. We recognize that content created by educators and students is their intellectual property and should not be retained indefinitely, particularly when they are no longer associated with the platform.
This policy is designed to strike a balance between retaining necessary data for user convenience, legal compliance, and operational efficiency while respecting user privacy and data ownership rights.
