CLA Code Labs LTD (hereinafter Code Labs, we, us, our, the School), having company registration number C 99228 and its registered office at Lara Buildings, Level 1, Guzeppi Calleja Street, Iklin IKL 1262, Malta will act as the data controller in processing your personal data and/or personal data relating to your parent or legal guardian in accordance with the Data Protection Act (Chapter 586), as enacted in Malta and which implements and further specifies the relevant provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, better known as the General Data Protection Regulation (GDPR). Code Labs is committed to protecting and respecting your privacy. We take the privacy of all of our students, their parents or legal guardians, and individuals working with us in a commercial capacity as an Agent, service provider and/or subcontractor, seriously and take great care to protect their personal information.
- We will only collect data for specific and specified purposes. We will make it clear at the point when we request your information, what we are collecting it for and how we are going to use it.
- We will not collect data beyond what is necessary to accomplish those purposes. We will minimise the amount of information we collect from you to what we need to deliver the services required.
- We will collect and use your personal information only if we have sensible business reasons for doing so, such as managing a quotation request or booking or gathering necessary information about an individual connected to our Agents or service providers.
- We will not use data for purposes other than that for which the data was collected, except as stated herein, or with prior consent.
- We will seek to verify and/or update data periodically, and we will accept requests for amendments of personal data.
- We will apply high technical standards to make our processing of data secure.
- Except when stated herein, we will not store data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.
The information collected by Code Labs includes information that you provide to us when you:
- Contact us for a quotation or information, via our website, by email, by phone, through social media or in person.
- Purchase and Participate in the Course.
- Submit a Course Agreement, enrolment or registration form to join a course or programme at the School.
- Sign up for lessons or a newsletter or subscribe to other services.
- Give us feedback about your experience at Code Labs.
- Use our website and any call to actions present through our website.
- Post on our social media channels or on our website or blog.
- Request live support/chat and provide personal information via the live/support chat.
- Work with us in a commercial capacity (for example as an Agent, service provider and/or subcontractor). We require our students to provide us with their personal details, including name, gender, date and place of birth; contact details such as address, email address, landline and mobile numbers; and information concerning their identity such as photo ID or passport information and nationality. When you affect a payment for our services, we process your account details including full beneficiary name, bank account number and sort code. When you affect a card payment, we do not store your card details. Your card details are processed and stored by our card processor, Stripe, which is PCI DSS Compliant. In case of minors, we also collect the above mentioned personal details for the parent or legal guardian. When you work with us in a commercial capacity, we require you to provide us with your personal details, including name; contact details such as address, email address, landline and mobile numbers. Additionally, as part of our vetting exercise we may request copies of permits and authorisations of all our sub-contractors/agents or other persons providing any non-academic services to the students on behalf of the School. Personal information is also collected when users of our website submit information via the website including submitting an email, and when submitting personal information via the live chat. Your consent is requested prior to submission of such information.
Purpose and Legal Bases for Processing your Data
We use different legal bases for processing your data depending on the purpose for collecting your data. Personal data collected as part of the process of enquiring about, obtaining quotations, applying for and booking a course, is processed when necessary for the performance of a contract to which the student is party or in order to take steps at the request of the student prior to entering into a contract. Personal data collected as part of the process of booking any other related service, is processed when necessary for the performance of a contract to which the student is party (or in order to take steps at the request of the student prior to entering into a contract) and for the purpose of the legitimate interest pursued by Code Labs or by a third party. Any processing of personal data not directly related to the fulfilment of a Course Agreement or related services, such as for direct marketing, remarketing or the signing up for newsletters on our website, will be processed with your Consent. For all data collected as part of managing our relationship with commercial partners, such as sub-contractors/Agents or other persons providing any non-academic services to the students, we process such data when necessary for the performance of a contract and under a legal obligation to vet the necessary permits and authorisations of all sub-contractors/Agents. As newsletters to commercial partners are an important part of how we communicate with them, these are managed under Legitimate Interest. We may also process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is Legitimate Interest or in the case of special categories of personal data for such establishment, exercise or defence of the legal claim.
Disclosure of your Personal Data
Code Labs will share your information with others where it is lawful to do so including where Code Labs or any third party: needs it in order to provide you with the product or service; has a public or legal obligation to do so; in connection with any regulatory reporting obligations, in litigation or asserting or defending its legal rights and interests; or has obtained your consent to share it. Specifically, Code Labs may share your information for the above purposes with others including:
- any Agents who introduced you to Code Labs or deal with Code Labs for you;
- processors and their respective sub-processors who work for Code Labs or provide services to Code Labs (including their employees, directors and officers) such as software providers, our hosting provider, our IT managed service provider, and other service providers. If you would like to receive more details on our processors and sub-processors please send us an email to email@example.com and we would provide you with the requested information.
- Any educational or other competent authority and any party appointed or requested by the competent authorities to carry out investigations or audits of our activities; law enforcement, government, tax authorities, courts, dispute resolution bodies, and our auditors.
Transfer of Personal Data to Third Parties
Code Labs shall not cause or permit any personal data to be transferred outside of the EEA unless such transfer takes place under one of the following conditions:
- Transfers are based on adequacy decisions, that is, processing of the personal data carried out in a country that the European Commission has considered as offering an adequate level of protection;
- Transfers are subject to adequate safeguards on the basis of an agreement between Code Labs and a data processor, designed to protect your information, in the appropriate form approved for this purpose by the European Commission;
- You have consented to such transfer and acknowledge and accept that certain data processors engaged by Code Labs in the provision of the products and services are located in a country that the European Commission has not formally declared to have an adequate level of protection and are not able to demonstrate appropriate safeguards;
- the transfer is necessary for the performance of a contract between Code Labs and the student;
- the transfer is necessary for the conclusion or performance of a contract concluded in your interest between Code Labs and the data processor;
- the transfer is necessary for important reasons of public interest; or
- the transfer is necessary for the establishment, exercise or defence of legal claims.
Retention of your Information
Your personal data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected and/or once any retention period required by law elapses. Your personal data which is stored on our proprietary Software and/or which forms part of our fiscal records will be retained for a period of ten years in accordance with our legal obligation. Where you have consented us to process your personal data or visual images for direct marketing purposes, we will retain your data until you would have withdrawn your consent or objected to such processes.
When you are introduced to Code Labs by one of our Agents, which is incorporated or established within the European Union (“EU”), Code Labs and the Agent shall be both responsible for compliance with their respective obligations under the GDPR as joint controllers, in particular as regards the exercising of your below rights as data subject. You may exercise your rights in respect of and against each of the controllers by contacting either your Agent or Code Labs directly. Code Labs and the Agent endeavour to assist each other in fulfilling your requests. If you are student residing outside of the EU and are introduced by an Agent which is incorporated or established in your home country, the Agent shall be responsible for compliance with its obligations under Data Protection Legislation applicable in your home country whereas Code Labs shall be responsible for compliance with its obligations under the GDPR, in particular as regards the exercising of your below rights as data subject. You can exercise your rights at any time by contacting directly Code Labs Data Protection Officer by email to firstname.lastname@example.org.
You have a number of rights in relation to the personal data that Code Labs holds about you. These rights include:
- the right to access information which Code Labs holds about you and to obtain information about how Code Labs process it;
- the right to withdraw at any time any consent you have provided to Code Labs, without affecting the lawfulness of processing based on such consent before its withdrawal;
- the right to request Code Labs to rectify your information if it is inaccurate or incomplete;
- the right to request, in certain circumstances, Code Labs to erase your personal data unless the data is necessary for compliance with a legal obligation to which Code Labs is subject to or for the establishment, exercise or defence of a legal claim;
- in certain circumstances the right to obtain from Code Labs restriction to your personal data;
- in certain circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider; and
You also have the right to raise complaints or concerns about Code Labs use or processing of your personal information with the body regulating data protection in your country.
Links from our websites
How we keep your personal data secure
We store your personal information on secure servers that are managed and maintained by our service providers which are committed to a global certification strategy so that their infrastructures and services comply with Information Security international standards and best practices. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, and data encryption where appropriate.