GDPR Compliance

1. Introduction

At MENTOR Learning, Inc. ("MENTOR," "we," "us," or "our"), we are committed to protecting the personal data of our users and ensuring compliance with the General Data Protection Regulation (GDPR) for our users in the European Economic Area (EEA), United Kingdom, and Switzerland.

This GDPR Compliance Statement explains how we collect, use, and protect your personal data in accordance with the GDPR. It should be read in conjunction with our Privacy Policy, which provides more detailed information about our data processing activities.

2. Data Controller

MENTOR Learning, Inc. is the data controller for personal data collected through our website, mobile application, and services (collectively, the "Service"). As the data controller, we determine the purposes and means of processing your personal data.

Our contact details are:

MENTOR Learning, Inc.
123 Learning Avenue
San Francisco, CA 94105
United States
Email: privacy@mentorlearning.com

3. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases for processing your personal data:

Contractual Necessity

We process your personal data to perform our contract with you (i.e., to provide you with access to the Service and fulfill our obligations under our Terms of Service).

Legitimate Interests

We process your personal data based on our legitimate interests, such as:

Improving and developing the Service
Ensuring the security and proper functioning of the Service
Analyzing usage patterns to enhance user experience
Marketing our products and services to existing customers

We balance our legitimate interests against your rights and interests in the protection of your personal data.

Consent

We process certain personal data based on your consent, such as:

Sending marketing communications (where required by law)
Collecting and using certain types of sensitive data
Using cookies and similar technologies (where required by law)

You have the right to withdraw your consent at any time by contacting us or using the opt-out mechanisms provided.

Legal Obligation

We may process your personal data to comply with our legal obligations, such as tax laws, accounting requirements, or responses to valid legal requests from public authorities.

4. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent on which the processing is based.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing based on legitimate interests while we verify the grounds for processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance from us, where technically feasible.

Right to Object

You have the right to object to the processing of your personal data based on our legitimate interests, for direct marketing purposes, or for scientific/historical research and statistics.

Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except in certain limited circumstances.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within one month, although we may extend this period by up to two additional months if necessary, taking into account the complexity and number of requests.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

5. International Data Transfers

As a global organization with operations in the United States, we may transfer your personal data to countries outside the EEA, UK, or Switzerland, which may not have data protection laws as comprehensive as those in your country of residence.

When we transfer your personal data outside the EEA, UK, or Switzerland, we ensure that appropriate safeguards are in place to protect your personal data, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs)
Adequacy decisions by the European Commission
Other legally approved transfer mechanisms

You can request a copy of the safeguards we use to transfer personal data by contacting us using the information provided in the "Contact Information" section below.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

The amount, nature, and sensitivity of the personal data
The potential risk of harm from unauthorized use or disclosure of your personal data
The purposes for which we process your personal data and whether we can achieve those purposes through other means
The applicable legal, regulatory, tax, accounting, or other requirements

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data, including:

Encryption of personal data
Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Regular testing, assessing, and evaluating of the effectiveness of technical and organizational measures for ensuring the security of the processing
Staff training and awareness programs
Access controls and authentication procedures

We ensure that all third-party service providers who process personal data on our behalf also implement appropriate technical and organizational measures to protect your personal data.

8. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms
Document the facts relating to the breach, its effects, and the remedial action taken

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Statement and our data protection practices. If you have any questions about this statement or our data protection practices, please contact our DPO at:

Data Protection Officer
MENTOR Learning, Inc.
123 Learning Avenue
San Francisco, CA 94105
United States
Email: dpo@mentorlearning.com

10. Contact Information

If you have any questions, concerns, or requests regarding your personal data or this GDPR Compliance Statement, please contact us at: