Privacy Policy
1. Introduction
Azael Haward Academy ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, safeguard, and handle your personal information when you use our learning platform at learn.azaelhaward.com and related services (the "Platform").
By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.
This Policy applies to all Users of the Platform, including students, visitors, and administrators, regardless of location.
2. Information We Collect
2.1 Information You Provide Directly
When you register for an account, enrol in courses, or interact with the Platform, we collect:
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Full name, email address, username, password (encrypted) | Account creation, authentication, communication |
| Profile Information | Phone number, country, professional field | Personalisation, demographic insights |
| Payment Information | Transaction references, payment method, amount, proof of payment | Payment verification, enrolment processing |
| Learning Data | Course enrolments, lesson progress, quiz scores, completion status, certificates | Progress tracking, certificate issuance, course improvement |
| Communications | Support emails, feedback, testimonials, reviews | Customer support, service improvement |
2.2 Information Collected Automatically
When you access the Platform, we automatically collect:
- Device Information: Browser type and version, operating system, device type, screen resolution.
- Usage Data: Pages visited, time spent on pages, course progress, navigation patterns, referring URLs.
- Log Data: IP address, access times and dates, error logs.
- Cookies and Similar Technologies: Session cookies (to maintain your login state), functional cookies (to remember preferences), and analytics cookies (to understand usage patterns).
2.3 Information from Third Parties
We may receive information from:
- Payment providers: Transaction confirmation and verification status for mobile money and bank transfers.
- Analytics services: Aggregated usage statistics to help us improve the Platform.
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Service Delivery
- Create and manage your Account.
- Process enrolments and payments.
- Deliver course content, track progress, and enable learning features.
- Grade assessments and issue Certificates of Completion.
- Send course-related communications (enrolment confirmation, progress updates, certificate issuance).
3.2 Communication
- Respond to your inquiries and provide customer support.
- Send important account-related notifications (security alerts, policy changes).
- Send educational updates about your enrolled courses, new courses, or platform features (with opt-out available).
- Send promotional communications about new courses or offers (only with your consent; you can opt out at any time).
3.3 Improvement and Analytics
- Analyze usage patterns to improve course content and user experience.
- Conduct research and analysis to develop new features and services.
- Monitor and prevent technical issues, security threats, and fraudulent activity.
- Generate aggregated, anonymised statistical data about Platform usage.
3.4 Legal and Compliance
- Comply with applicable laws, regulations, and legal processes.
- Enforce our Terms of Service and other agreements.
- Protect our rights, property, and safety, and that of our Users and the public.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or a jurisdiction with similar data protection laws, we process your personal data based on the following legal grounds:
- Consent: When you register an account, enrol in courses, or opt in to marketing communications.
- Contract: When processing is necessary to fulfil our contractual obligations (delivering courses, issuing certificates).
- Legitimate Interest: When processing is necessary for our legitimate interests (improving services, ensuring security, preventing fraud), provided these interests are not overridden by your rights.
- Legal Obligation: When processing is required to comply with applicable laws.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
5.1 Service Providers
We may share data with trusted third-party service providers who assist in operating the Platform, including:
- Hosting providers: Server infrastructure and data storage.
- Email services: Transactional and marketing email delivery.
- Analytics providers: Usage analytics and reporting.
- Payment processors: Payment verification and fraud prevention.
These providers are contractually obligated to protect your data and use it only for the services they provide to us.
5.2 Legal Requirements
We may disclose your information if required to do so by law, or in good faith belief that such action is necessary to:
- Comply with a legal obligation or valid legal process.
- Protect and defend our rights or property.
- Prevent fraud or address security vulnerabilities.
- Protect the personal safety of Users or the public.
5.3 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform before your data is transferred and becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your information for purposes not described in this Policy only with your explicit consent.
6. Data Security
We implement industry-standard security measures to protect your personal data, including:
- Encryption: Passwords are hashed using bcrypt (PASSWORD_DEFAULT). Sensitive data is encrypted in transit (HTTPS/TLS).
- Access Controls: Strict role-based access controls limit who can access your data.
- Session Management: Secure session handling with automatic timeout and session regeneration.
- Input Validation: All user inputs are sanitised to prevent injection attacks.
- CSRF Protection: Cross-Site Request Forgery tokens protect form submissions.
- Security Headers: HTTP security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Content-Security-Policy).
- Regular Updates: Server software and dependencies are kept up to date with security patches.
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will promptly notify you in the event of a data breach that affects your information.
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of your Account plus 2 years after deletion |
| Course enrolments and progress | Duration of your Account plus 5 years (for certificate verification) |
| Certificates | Indefinitely (for verification purposes) |
| Payment records | 7 years (for tax and legal compliance) |
| Quiz attempts and scores | Duration of your Account |
| Session and log data | 90 days |
| Support communications | 3 years from resolution |
| Password reset tokens | 1 hour (auto-deleted) |
| Audit logs | 2 years |
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1 Access and Portability
You have the right to request a copy of the personal data we hold about you, in a structured, commonly used, and machine-readable format.
8.2 Rectification
You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly through your Profile page on the Platform.
8.3 Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal obligations, certificate verification, fraud prevention).
8.4 Restriction of Processing
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest its accuracy or object to processing.
8.5 Objection to Processing
You have the right to object to processing of your personal data for direct marketing purposes at any time. You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email.
8.6 Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing that occurred before withdrawal.
8.7 Lodge a Complaint
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority in your jurisdiction.
8.8 Exercising Your Rights
To exercise any of these rights, contact us at learn@azaelhaward.com. We will respond to your request within 30 days. We may require identity verification before processing your request.
9. Cookies Policy
9.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. They help us provide a better user experience and understand how the Platform is used.
9.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session Cookies | Maintain your login state and session data while browsing | Until browser is closed (or 7 days if "Remember Me" is used) |
| CSRF Cookies | Protect against Cross-Site Request Forgery attacks | Until browser is closed |
| Functional Cookies | Remember your preferences (e.g., language, sidebar state) | Up to 1 year |
9.3 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to:
- View and delete existing cookies.
- Block all or certain cookies.
- Set preferences for specific websites.
Note: Disabling cookies may affect the functionality of the Platform, including your ability to log in and access course content.
10. Children's Privacy
The Platform is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at learn@azaelhaward.com, and we will promptly delete such information.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses where required.
- Ensuring the recipient country has adequate data protection laws.
- Requiring service providers to maintain appropriate security measures.
12. Third-Party Links
The Platform may contain links to third-party websites or services (e.g., YouTube for video hosting, payment providers). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Post a notice on the Platform.
- Send an email notification to registered Users (for significant changes).
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.
14. Data Protection Contact
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:
- Data Controller: Azael Haward Kyando
- Email: learn@azaelhaward.com
- Website: azaelhaward.com
- Platform: learn.azaelhaward.com
We aim to respond to all privacy-related inquiries within 30 business days.