Privacy Policy

Effective Date: 1st Oct 2024

Welcome to HoFT Academy (“HOFT Academy,” “we,” “us,” or “our“). We are dedicated to safeguarding your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR) and relevant privacy laws in the Gulf Cooperation Council (GCC) countries, including the Dubai International Financial Centre (DIFC) Data Protection Law, Bahrain Personal Data Protection Law, and Saudi Arabian E-Commerce Law.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

1. Introduction

At HOFT Academy, your privacy is our priority. We are committed to:

• Transparency: Clearly explaining how we handle your personal data.
• Security: Implementing robust measures to protect your information.
• Compliance: Adhering to all applicable data protection laws and regulations.

This Privacy Policy outlines:

• The types of personal data we collect.
• How we collect and use your data.
• How we share and protect your data.
• Your rights regarding your personal data.
• How you can contact us with questions or concerns.

2. Data Collection

We collect personal data to provide you with our educational services and improve your user experience. The data we collect falls into two categories: personal information collected directly from you and information collected automatically.

2.1 Personal Information Collected Directly

We may collect the following personal information directly from you:

• Identification Data:
  • Full Name
  • Job Title
• Contact Information:
  • Email Address
  • Phone Number
  • Mailing Address
  • Billing Address
• Account Credentials:
  • Username
  • Password
• Financial Information:
  • Debit/Credit Card Numbers
• Preferences:
  • Contact Preferences
• Authentication Data:
  • Security Questions and Answers

How We Collect This Data:

• Account Registration: When you create or update your account on our website.
• Purchases and Transactions: When you make a purchase or engage in a financial transaction.
• Communications: When you contact us via email, phone, or through our website.
• Surveys and Feedback: When you participate in surveys, questionnaires, or provide feedback.
• Promotional Activities: When you sign up for newsletters, webinars, or other promotional content.

Sensitive Personal Data:

We generally do not collect sensitive personal data (such as health information, religious beliefs, or biometric data). If we need to collect such data, we will obtain your explicit consent as required by law.

2.2 Personal Information Collected Automatically (Derivative Data)

We automatically collect certain information when you visit our website or use our services:

• Log and Usage Data:
  • IP Address
  • Browser Type and Version
  • Pages Visited
  • Time and Date of Access
  • Time Spent on Pages
  • Clickstream Data
• Device Data:
  • Device Type (e.g., desktop, mobile)
  • Operating System and Version
  • Unique Device Identifiers
  • Hardware Model
  • Internet Service Provider or Mobile Carrier
• Location Data:
  • Approximate Geographic Location (derived from IP address)
  • Time Zone Setting

Technologies Used:

• Cookies: Small text files placed on your device to store data that can be recalled by our web server.
• Web Beacons: Small graphic images or other web programming code that may be included in our web pages and email messages.
• JavaScript and Tracking Pixels: Code snippets that collect information about user interactions.

Third-Party Integrations:

• Analytics Services: We use services like Google Analytics to understand user behavior and improve our services.
• Advertising Networks: We may partner with advertising networks that use cookies and similar technologies to deliver targeted advertisements.

3. Data Use

We use your personal data for various purposes, depending on the nature of our relationship with you.

3.1 Providing Educational Services

• Account Management: To create and maintain your user account.
• Course Delivery: To provide access to educational content and track your progress.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.

3.2 Improving User Experience

• Personalization: To tailor content and resources to your interests and preferences.
• Analytics: To analyze usage patterns and improve our website’s functionality and content.
• Feedback Collection: To gather feedback and conduct surveys to enhance our services.

3.3 Marketing Activities

• Promotional Communications: To send newsletters, updates, and special offers that may interest you.
• Event Invitations: To inform you about webinars, workshops, and other events.
• Advertising: To personalize and display targeted advertisements on our website and third-party platforms.

Consent Requirement: We will obtain your explicit consent before using your personal data for marketing purposes where required by law.

3.4 Compliance with Legal Obligations

• Regulatory Compliance: To comply with applicable laws, regulations, and legal processes.
• Fraud Prevention: To detect, prevent, and address fraud, security breaches, or other potentially prohibited activities.
• Enforcement of Terms: To enforce our Terms of Service and other agreements.

4. Legal Basis for Processing (European Customers)

Under the GDPR, we must have a legal basis to process your personal data. Our legal bases include:

• Consent (Article 6(1)(a)): When you have given us explicit consent for specific purposes.
• Contract Performance (Article 6(1)(b)): When processing is necessary to perform a contract with you or take steps at your request before entering into a contract.
• Legal Obligation (Article 6(1)(c)): When processing is necessary to comply with a legal obligation.
• Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.

Examples of Legitimate Interests:

• Improving and personalizing our services.
• Securing our platform and preventing fraud.
• Conducting marketing and promotional activities.

5. Data Sharing

We may share your personal data with third parties under the following circumstances:

5.1 Service Providers

We engage third-party companies and individuals to perform services on our behalf, such as:

• Payment Processors: To handle secure payment transactions (e.g., Stripe, PayPal).
• Hosting Providers: To host our website and data storage.
• Email Service Providers: To send emails and newsletters.
• Analytics and Marketing Services: To analyze data and assist with marketing efforts.

Data Protection Measures: We ensure that all service providers adhere to strict data protection standards and process your data only for the purposes specified by us.

5.2 Affiliates and Business Partners

• Joint Marketing Activities: With your consent, we may share your information with affiliates or partners for co-branded services or events.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

5.3 Legal Obligations and Protection

We may disclose your personal data:

• Compliance: To comply with legal obligations, regulations, or governmental requests.
• Protection of Rights: To enforce our Terms of Service, protect our rights, privacy, safety, or property, and/or that of you or others.

5.4 International Data Transfers

Your personal data may be transferred to and processed in countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Data Transfer Mechanisms:

• Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission to transfer personal data from the European Economic Area (EEA) to third countries.
• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing an adequate level of data protection.

GCC Data Transfers:

• We comply with GCC data protection laws when transferring data within GCC countries and implement appropriate safeguards.

6. User Rights

You have specific rights regarding your personal data, subject to local data protection laws.

6.1 Access and Portability

• Right to Access: You may request a copy of the personal data we hold about you.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6.2 Rectification and Erasure

• Right to Rectify: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data under certain circumstances.

6.3 Restriction and Objection

• Right to Restrict Processing: You may request that we limit the processing of your personal data.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

6.4 Automated Decision-Making

• Right Not to Be Subject to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.

6.5 Withdrawal of Consent

• Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights:

• Account Settings: Log in to your account settings to update or delete your information.
• Contact Us: Send a request using the contact information provided in this policy.
• Verification: We may need to verify your identity before fulfilling your request.

Response Timeframe: We aim to respond to all legitimate requests within one month. This period may be extended by two further months if necessary, considering the complexity and number of requests.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal data about you.

7.1 Types of Cookies Used

• Essential Cookies: Necessary for the operation of our website (e.g., authentication cookies).
• Performance and Analytics Cookies: Collect information about how you use our website to improve functionality.
• Functionality Cookies: Remember your preferences to personalize your experience.
• Targeting/Advertising Cookies: Deliver relevant advertisements based on your interests.

7.2 Purpose of Cookies

• Authentication: To recognize you when you log in and secure your account.
• Preferences: To remember your settings and preferences.
• Analytics: To analyze website traffic and user behavior.
• Advertising: To deliver personalized advertisements and measure their effectiveness.

7.3 Managing Cookies

• Cookie Consent Tool: Use our cookie consent management tool to customize your cookie preferences.
• Browser Settings: Adjust your browser settings to refuse cookies or alert you when cookies are being set.
• Opt-Out Links: For third-party advertising cookies, you can opt-out via industry opt-out sites like Your Online Choices (EU users).

Note: Disabling cookies may affect the functionality and features of our website.

7.4 Compliance with ePrivacy Directive (EU)

We comply with the ePrivacy Directive by:

• Obtaining Consent: Seeking your explicit consent before placing non-essential cookies on your device.
• Providing Information: Clearly explaining the types of cookies used and their purposes.
• Offering Choices: Allowing you to accept or reject cookies and change your preferences at any time.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for:

• Legal and Regulatory Compliance: As required by law (e.g., tax and accounting purposes).
• Dispute Resolution: To resolve disputes or enforce our agreements.
• Business Operations: To maintain accurate business and financial records.

Retention Periods:

• Account Information: Retained until you delete your account or after a period of inactivity, as defined in our retention policy.
• Transactional Data: Retained for a minimum of [insert number] years to comply with financial regulations.
• Marketing Data: Retained until you opt-out or withdraw your consent.

Criteria for Determining Retention Periods:

• Purpose Fulfillment: Whether the data is still necessary for the purposes collected.
• Legal Obligations: Statutory or contractual obligations to retain data.
• Consent Withdrawal: Whether you have withdrawn your consent.

9. Data Security

We implement a combination of technical, administrative, and physical security measures to protect your personal data.

9.1 Technical Measures

• Encryption: We use SSL/TLS encryption for data in transit and encryption protocols for data at rest.
• Secure Servers: Hosting services with robust security infrastructure and protocols.
• Firewalls and Anti-Malware: To protect against unauthorized access and malicious software.
• Access Controls: Role-based access permissions and authentication mechanisms.

9.2 Administrative Measures

• Employee Training: Regular training for staff on data protection and privacy policies.
• Data Protection Policies: Internal policies governing data handling and security.
• Incident Response Plan: Procedures for responding to data breaches or security incidents.

9.3 Physical Measures

• Secure Facilities: Access-controlled environments where data is stored.
• Surveillance Systems: Monitoring of facilities to prevent unauthorized access.

9.4 Monitoring and Testing

• Regular Audits: Periodic assessments of our data protection practices.
• Vulnerability Scanning: Ongoing scanning for potential security vulnerabilities.
• Penetration Testing: Simulated cyber-attacks to test the effectiveness of security measures.

9.5 Data Breach Response

In the event of a data breach:

• Notification: We will notify affected users and relevant authorities as required by law.
• Mitigation: Steps will be taken to minimize harm and prevent future breaches.

Your Responsibilities:

• Account Security: Keep your account credentials confidential and secure.
• Suspicious Activity: Notify us immediately if you suspect unauthorized access to your account.

10. Children’s Privacy

10.1 Age Restrictions

• Minimum Age: Our services are not intended for individuals under the age of 16.
• Parental Consent: If you are under the age of 16, you must have parental or guardian consent to use our services.

10.2 Data Collection from Minors

• No Intentional Collection: We do not knowingly collect personal data from minors without appropriate consent.
• Parental Rights: Parents or guardians may request access to, correction of, or deletion of their child’s personal data.

10.3 Actions Upon Discovery

If we become aware that we have inadvertently collected personal data from a minor without proper consent:

• Data Deletion: We will promptly delete the data from our records.
• Notification: We may notify the parent or guardian.

11. Amendments to the Policy

11.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors.

11.2 Notification of Changes

• Posting Updates: We will post the updated Privacy Policy on this page with a new effective date.
• Direct Notification: For significant changes, we may notify you via email or through a notice on our website.

11.3 Your Continued Use

By continuing to use our services after the updated Privacy Policy becomes effective, you acknowledge and agree to the revised terms.

11.4 Reviewing the Policy

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

• Email: [email protected]
• Mailing Address:
  • HOFT Academy
  • Dubai
  • UAE
• Data Protection Officer (DPO):
  • If applicable, contact our DPO at [email protected]

12.1 Complaints

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority:

• In the EU: Contact your local data protection authority.
• In the GCC: Contact the relevant data protection authority in your country.