Privacy Policy

1. Information We Collect

We collect information that you provide directly to us, including:

• Name and contact information (email address, phone number)
• Information about your interest in our programs
• Any additional information you choose to provide in forms or communications

2. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and provide information about our programs
• Send you updates and communications about our services (with your consent)
• Improve our services and user experience
• Comply with legal obligations

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only:

• With your explicit consent
• To comply with legal obligations or respond to legal requests
• To protect our rights, privacy, safety, or property

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5. Your Privacy Rights by Region

GDPR Rights (European Union/UK)

If you are located in the EU or UK, you have the following rights:

• Right of Access: Request access to your personal data and receive a copy
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing of your personal data, including for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information we have collected (subject to exceptions)
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discrimination
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Request limitation of use of sensitive personal information

Other Regional Rights

• Canada (PIPEDA): Right to access, correct, and challenge compliance; right to file complaints with Privacy Commissioner
• Brazil (LGPD): Rights to confirmation, access, correction, anonymization, portability, deletion, information, and revocation of consent
• Australia (Privacy Act): Rights to access, correction, and complaint to Office of the Australian Information Commissioner
• Turkey (KVKK): Rights to access, correction, deletion, and objection; right to complain to the Personal Data Protection Board
• South Africa (POPIA): Rights of access, correction, and objection; right to lodge a complaint with the Information Regulator
• Other regions: We respect applicable privacy rights in all jurisdictions where we operate. Our services are not directed at certain jurisdictions (e.g. Russia) where local law may impose additional requirements.

To exercise any of these rights, please contact us. We will respond to your request within the timeframes required by applicable law (typically 30-45 days).

6. Cookies and Tracking

We use minimal technologies to operate this site. We do not use advertising cookies and do not intentionally set analytics cookies on this site. If we add optional analytics or similar tools in the future, we will update this policy and provide choices where required by law. See our Cookie Policy for more details.

7. Children's Privacy (COPPA Compliance)

We take children's privacy seriously. This site is intended for parents, guardians, educators, and adults. We do not knowingly collect personal information directly from children under 13.

• No knowing collection: We do not knowingly request or collect personal information directly from children under 13.
• If it happens: If you believe a child under 13 has provided personal information, please contact us so we can review and delete it where appropriate.
• Future child-directed services: If we later offer child-directed services subject to COPPA, we will implement appropriate parental consent and related safeguards.

8. Educational Records (FERPA Compliance)

If RAPKAT Education is used by a school in a way that involves student education records, we aim to support FERPA-aligned practices and privacy protections.

• Educational Records: Information collected through our interest forms and program inquiries may constitute educational records under FERPA when associated with a student.
• Parental Access: Parents have the right to access their child's educational records maintained by RAPKAT Education.
• Directory Information: We do not disclose directory information without prior written consent, except as permitted by FERPA.
• Record Amendment: Parents may request amendment of educational records they believe are inaccurate or misleading.
• Consent for Disclosure: We obtain written consent before disclosing personally identifiable information from educational records, except as permitted by FERPA.
• FERPA Complaints: Parents have the right to file complaints with the U.S. Department of Education regarding alleged FERPA violations.

9. Email Collection and Marketing Communications

When you provide your email address through our forms, you consent to receive communications from RAPKAT Education. We are committed to responsible email practices.

• Consent-Based: We only send marketing emails to individuals who have provided explicit consent through our forms.
• Opt-Out Rights: You may unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting us directly.
• Transactional Emails: We may send necessary transactional emails (e.g., program updates, service notifications) even if you have opted out of marketing communications.
• Email laws: We aim to follow applicable email marketing laws (including CAN-SPAM and CASL), including accurate sender information and opt-out mechanisms.
• GDPR Email Rights: EU residents have the right to object to processing of their email for marketing purposes at any time.

10. International Data Transfers and Global Compliance

Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards to protect your data globally and comply with applicable laws in every region we serve.

• GDPR (European Union): Where GDPR applies, we aim to use an appropriate lawful basis for processing and apply privacy-by-design principles.
• UK GDPR: Where UK GDPR applies, we aim to apply equivalent privacy protections for UK residents.
• CCPA (California): California residents have specific rights under the California Consumer Privacy Act, including the right to know, delete, and opt-out of sale of personal information.
• PIPEDA (Canada): Where applicable, we aim to follow Canada's privacy requirements for access and correction.
• LGPD (Brazil): We respect the rights of Brazilian residents under the Lei Geral de Proteção de Dados.
• PDPA (Asia): Where PDPA or equivalent laws apply (Singapore, Malaysia, Thailand, and other Asian jurisdictions), we aim to comply with consent, purpose limitation, and data subject rights requirements.
• Japan (APPI): Where the Act on the Protection of Personal Information applies, we aim to comply with cross-border transfer restrictions and data subject rights.
• South Korea (PIPA): Where the Personal Information Protection Act applies, we aim to comply with consent and cross-border transfer requirements.
• India (DPDP Act): Where the Digital Personal Data Protection Act applies, we aim to comply with consent, purpose limitation, and data localization requirements where applicable.
• Transfer mechanisms: Where required, we use appropriate safeguards for cross-border transfers (such as Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful mechanisms).
• Data Localization: We respect data localization requirements in jurisdictions that mandate data storage within specific geographic boundaries (e.g., India, Indonesia, China where applicable).

11. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Email Subscriptions: We retain email addresses for as long as you remain subscribed or until you request deletion
• Interest Forms: We retain form submissions for up to 3 years from the date of submission, or until you request deletion
• Legal Requirements: We may retain certain information longer if required by law, regulation, or legal process
• Educational Records: Educational records are retained in accordance with FERPA requirements and applicable state laws
• Deletion Requests: Upon request, we will delete your personal information unless we have a legal obligation to retain it

12. Data Breach Notification

In the event of a data breach that may affect your personal information, we will take appropriate steps, including notifications where required by applicable law:

• Notify affected individuals without undue delay where required by applicable law
• Notify relevant supervisory authorities within required timeframes
• Provide clear information about the nature of the breach, likely consequences, and measures taken
• Where applicable, coordinate notifications for educational or child-related data as required by law

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated Privacy Policy on this page with an updated "Last Updated" date
• Notify you of material changes via email (if you have provided your email address) or prominent notice on our website
• Obtain your consent for material changes where required by applicable law
• Allow you to review changes before they take effect for significant modifications

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy, unless withdrawal of consent is required by law.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us.

15. Privacy Principles and Legal Frameworks

Our privacy practices are informed by widely recognized data protection principles and legal frameworks, which may include:

United States

• FERPA (Family Educational Rights and Privacy Act): Protection of student educational records
• COPPA (Children's Online Privacy Protection Act): Protection of children's online privacy
• CCPA (California Consumer Privacy Act): California resident privacy rights
• CPRA (California Privacy Rights Act): Enhanced California privacy protections
• VCDPA (Virginia Consumer Data Protection Act): Virginia resident privacy rights
• CPA (Colorado Privacy Act): Colorado resident privacy rights
• CTDPA (Connecticut Data Privacy Act): Connecticut resident privacy rights
• CAN-SPAM Act: Commercial email regulations
• State Student Privacy Laws: Various state-specific student data protection laws

European Union & United Kingdom

• GDPR (General Data Protection Regulation): EU-wide data protection regulation
• UK GDPR: UK data protection law post-Brexit
• ePrivacy Directive: EU electronic communications privacy

Asia-Pacific

• PDPA (Singapore): Personal Data Protection Act 2012
• PDPA (Malaysia): Personal Data Protection Act 2010
• PDPA (Thailand): Personal Data Protection Act 2019
• APPI (Japan): Act on the Protection of Personal Information
• PIPA (South Korea): Personal Information Protection Act
• DPDP Act (India): Digital Personal Data Protection Act 2023
• PDPO (Hong Kong): Personal Data (Privacy) Ordinance
• Data Privacy Act (Philippines): Republic Act No. 10173
• Indonesia: Government Regulation 71/2019 and related regulations
• Privacy Act (Australia): Australian Privacy Principles
• Privacy Act (New Zealand): New Zealand Privacy Act 2020

Americas, Turkey, Africa & Other Regions

• PIPEDA (Canada): Personal Information Protection and Electronic Documents Act
• CASL (Canada): Canada's Anti-Spam Legislation
• LGPD (Brazil): Lei Geral de Proteção de Dados
• LFPDPPP (Mexico): Federal Law on Protection of Personal Data
• KVKK (Turkey): Kişisel Verilerin Korunması Kanunu
• POPIA (South Africa): Protection of Personal Information Act
• Other applicable laws: We aim to comply with applicable privacy laws in the regions where we operate (including other African jurisdictions, and elsewhere as applicable). Our services are not directed at jurisdictions that impose data localization or similar requirements we do not currently support.

We review and update our privacy practices as our products, technology, and legal requirements evolve.