Privacy Policy

Privacy Policy

Effective Date: 01/07/2025
Last Updated: 01/07/2025 10:00am

1. Introduction

Welcome to Shonazz EduVerse Ltd (“we,” “our,” or “us”), a company registered in England and Wales. We operate Shonazz.com, an AI and VR-powered learning platform (“Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our application, or engage with our services.

This Privacy Policy is governed by UK data protection law, primarily the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We also comply with applicable international data protection laws where we serve users globally.

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you disagree with any part of this policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide to us, including:

• Account Information: Name, email address, username, password, and profile information
• Contact Information: Phone number, mailing address, and emergency contact details
• Payment Information: Billing address, payment method details (processed securely by third-party payment processors)
• Profile Data: Learning preferences, skill levels, educational background, and goals
• Communication Data: Messages, feedback, support requests, and survey responses

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: How you interact with our platform, features used, time spent, and navigation patterns
• Device Information: IP address, browser type, operating system, device identifiers, and hardware specifications
• Location Data: General location information based on IP address (with your consent for precise location)
• Performance Data: System performance, error logs, and technical diagnostics

2.3 VR and AI-Specific Data

Our platform may collect:

• Biometric Data: Eye tracking, head movement, and gesture data during VR sessions (anonymized when possible)
• Learning Analytics: Progress tracking, completion rates, assessment scores, and learning patterns
• Voice Data: Audio recordings for voice commands and language learning (processed locally when possible)
• Interaction Data: VR environment interactions, AI chatbot conversations, and personalized recommendations

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

• Remember your preferences and settings
• Analyse platform usage and performance
• Provide personalized content and recommendations
• Ensure security and prevent fraud

3. How We Use Your Information

We process your personal data in accordance with UK GDPR principles and only where we have a lawful basis to do so:

3.1 Service Provision (Lawful Basis: Contract Performance)

• Provide, maintain, and improve our learning platform
• Process your registration and manage your account
• Deliver personalised learning experiences and content
• Facilitate VR sessions and AI-powered interactions
• Process payments and manage subscriptions

3.2 Communication (Lawful Basis: Contract Performance & Legitimate Interests)

• Send important service updates and notifications
• Respond to your inquiries and provide customer support
• Send marketing communications (with your consent where required)
• Notify you about new features, courses, and opportunities

3.3 Analytics and Improvement (Lawful Basis: Legitimate Interests)

• Analyse usage patterns to improve our services
• Conduct research and development for new features
• Monitor platform performance and troubleshoot issues
• Generate anonymised reports and statistics

3.4 Legal and Security (Lawful Basis: Legal Obligation & Legitimate Interests)

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and security threats
• Enforce our terms of service and policies
• Resolve disputes and investigate violations

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing
• Email and communication services
• Analytics and performance monitoring
• Customer support tools

These providers are contractually bound to protect your information and use it only for specified purposes.

4.2 Educational Partners

With your consent, we may share relevant learning data with:

• Educational institutions you’re affiliated with
• Corporate training partners (for enterprise accounts)
• Content creators and curriculum developers (anonymized data only)

4.3 Legal Requirements

We may disclose information when required by law or in good faith belief that such action is necessary to:

• Comply with UK legal processes, court orders, or regulatory requests
• Comply with international legal obligations where we operate
• Protect our rights, property, and safety, or that of our users
• Investigate potential violations of our terms of service
• Respond to claims of illegal activity or intellectual property infringement

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this Privacy Policy.

5. Data Security

We implement robust security measures to protect your information:

5.1 Technical Safeguards

• End-to-end encryption for sensitive data transmission
• Secure data storage with industry-standard encryption
• Multi-factor authentication for account access
• Regular security audits and vulnerability assessments

5.2 Organizational Measures

• Limited access to personal data on a need-to-know basis
• Employee training on data protection and privacy
• Incident response procedures for security breaches
• Regular review and update of security policies

5.3 VR-Specific Security

• Local processing of biometric data when possible
• Anonymization of movement and interaction data
• Secure transmission protocols for VR session data
• User controls for data sharing preferences

Note: While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Under UK GDPR, you have the following rights regarding your personal data:

6.1 Right of Access (Article 15)

• Request confirmation of whether we process your personal data
• Request a copy of your personal data and processing information
• Export your learning progress and achievements

6.2 Right to Rectification (Article 16)

• Request correction of inaccurate or incomplete personal data
• Update your profile and preference settings
• Request corrections to learning records

6.3 Right to Erasure (Article 17)

• Request deletion of your personal data in certain circumstances
• Delete your account and associated data (subject to legal retention requirements)
• Request removal of specific information where no longer necessary

6.4 Right to Restrict Processing (Article 18)

• Request limitation of processing in specific circumstances
• Suspend certain data processing activities
• Maintain but not actively process your data

6.5 Right to Data Portability (Article 20)

• Receive your personal data in a structured, commonly used format
• Transmit your data to another controller where technically feasible
• Download your account information and learning records

6.6 Right to Object (Article 21)

• Object to processing based on legitimate interests
• Opt-out of direct marketing communications
• Object to profiling and automated decision-making

6.7 Right to Withdraw Consent (Article 7)

• Withdraw consent for processing where consent is the lawful basis
• Control cookie and tracking preferences
• Modify data sharing preferences

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

7. Children’s Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

7.1 Age Verification

• We require users to confirm they are 13 or older during registration
• Parental consent is required for users between 13-17 years old
• Special protections apply to educational accounts for minors

7.2 Educational Use

For educational institutions using our platform with minors:

• We comply with COPPA and FERPA regulations
• Enhanced privacy protections and data minimization
• Institutional oversight and parental notification requirements

8. International Data Transfers

As a UK-based company, we primarily process data within the UK. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

8.1 Adequacy Decisions

• We may transfer data to countries recognised by the UK as providing adequate protection
• Current adequacy decisions include EEA countries and specific third countries approved by the UK

8.2 Standard Data Protection Clauses

• We use UK-approved Standard Contractual Clauses (SCCs) for transfers to non-adequate countries
• Additional safeguards and impact assessments where required
• Regular monitoring of data protection standards in destination countries

8.3 Cloud Services and Processors

• Our cloud service providers implement appropriate technical and organisational measures
• Data processing agreements ensure UK GDPR compliance
• Regular audits and assessments of international service providers

9. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

9.1 Account Data

• Active accounts: Retained while account is active plus 30 days after closure
• Inactive accounts: Deleted after 3 years of inactivity (with prior notice)

9.2 Learning Data

• Progress and achievements: Retained for 7 years for educational records
• VR interaction data: Anonymized after 90 days, deleted after 2 years
• Communication data: Retained for 3 years for support purposes

9.3 Legal and Compliance

• Financial records: Retained per applicable tax and accounting laws
• Legal disputes: Retained until resolution plus applicable statute of limitations

10. Third-Party Services

Our platform may integrate with third-party services:

10.1 Educational Tools

• Learning management systems (LMS)
• Video conferencing platforms
• Assessment and grading tools

10.2 Social Features

• Social media integration
• Collaboration platforms
• Community forums

Note: Third-party services have their own privacy policies. We encourage you to review these policies before using integrated services.

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

11.1 Notification Process

• Email notification to registered users
• Prominent notice on our website
• In-app notifications for material changes

11.2 Effective Date

• Changes become effective 30 days after notification
• Continued use constitutes acceptance of updated policy
• Right to object or close account if you disagree with changes

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@shonazz.com
Phone: +441212743569
Address:
Shonazz EduVerse Ltd
128 City Road,
London, EC1 2NX
England, United Kingdom

Data Protection Officer: dpo@shonazz.com

13. Jurisdiction-Specific Information

13.1 United Kingdom (Primary Jurisdiction)

This Privacy Policy is governed by UK data protection law. As our primary jurisdiction, we comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)
• Relevant sector-specific regulations

UK Supervisory Authority: Information Commissioner’s Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

13.2 European Union (GDPR)

For EU users, we comply with EU GDPR requirements:

• Equivalent rights to UK GDPR users
• Appropriate safeguards for UK-EU data transfers
• EU representative available upon request

13.3 United States

For US users, we comply with applicable state privacy laws:

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Other state-specific privacy legislation

13.4 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we serve users, including:

• Canada (Personal Information Protection and Electronic Documents Act)
• Australia (Privacy Act 1988)
• Other applicable regional privacy laws

Note: Where conflicts arise between different jurisdictions, UK law takes precedence for users based in the UK, while users in other jurisdictions receive protections equivalent to or greater than local requirements.