This policy has been prepared by Ascencia Malta Limited, a company incorporated under the laws of Malta and bearing company registration number C 94041 (hereinafter "Ascencia", "we", "us" or "our").
We manage and operate a portal, currently accessible online at https://www.eascencia.mt("the Portal"), through which we make available a number of online courses (each "Online Course" and collectively "Online Courses").
For further information about the Portal, the Online Courses and our respective rights and obligations, please refer to our Terms of Use ("TOU").
This policy provides an overview of the personal data we process when we act as data controllers in connection with your use of our Portal, your participation in, and our delivery of, Online Courses. This policy also outlines how we collect or otherwise procure this personal data, what we do with such personal data and generally how we comply with the provisions of laws relating to the protection of personal data as applicable to us, in particular Regulation (EU) 2016/679 ("GDPR").
Throughout this document, we will be using certain specific terms. Since our intention is that this document is easily understood, we would like to clarify what these terms are intended to refer to. Naturally, if anything is unclear, please do not hesitate to get in touch with us.
In terms of the provisions of the GDPR, the term "personal data" is defined as "any information relating to an identified or identifiable natural person ("data subject")". Furthermore, the term "processing" is also given a wide meaning and is defined as "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means." This includes collection, recording, storage, adaptation, and use of personal data.
We have grouped the personal data that we receive, use or otherwise process in the following categories:
| Title | Description | Source |
|---|---|---|
| Profile Information | This relates to (a) the details that you provide to us when opening an account, including your name, surname, and email address, (b) the details that you provide us when you apply to enrol in one of our Courses, comprising of your ID card and/or passport and/or driving license, relevant academic certificates and proof of English, (c) your profile photo, should you choose to upload one, and (d) generally all other information that we require to manage and operate your account. | Directly from you when you create and manage your account. |
| Interaction Information | This comprises any information, data or material that is exchanged with us and is not covered in any of the other categories set out in this table. | Directly from your interactions and communications with us. |
| Learning Information | When you enrol in our Courses, access the content that we upload and engage in our learning activities, we gather information about your participation in Courses, assignments, quizzes and exams. We also collect data on your interactions with instructors, the exchanges with the e-mentors and any other submissions you make to fulfil the requirements of the Course and related content. | Directly from your activities and submissions in Courses, supplemented by your interactions with instructors and e-mentors. |
| Shared Content | Certain features of our offerings and our Portal allow you to interact with other users and/or share content. This includes uploading comments on our discussion boards, posting reviews, asking or answering questions, sending messages to other students, and uploading photos or other works. Certain types of Shared Content, such as your contributions on our discussion boards, may be visible to other users. | Directly from your activities on our platforms where you interact with others and share content. |
| Financial Information | This includes details concerning the necessary details to process your purchases, the fees owed to us, banking details and other data relative to the aforementioned. | Directly from your financial transactions with us, including payment details and banking information. |
| Usage Information | When you access our Portal, enrol in the Courses or participate in our offerings, we also receive certain types of personal data automatically, such as the sections you have visited, the content you have accessed and the frequency and duration of your visits. In addition to the above, please note that we will also collect certain data about your device or browser automatically via log files, such as your Media Access Control (MAC) address, device ID, operating system name and version, browser type, and device manufacturer and model. We may also collect your IP address. We use data about your device to ensure our solutions function properly, diagnose server problems, and administer our software solutions and the services we provide. | Automatically as described in the second column. |
Our primary objectives in processing personal data is to deliver our Courses and to ensure compliance with our duties and obligations, whether legal or contractual (including discharging our obligations pursuant to the TOU).
We will process personal data when we have a proper reason for doing so. In particular, the legal basis we rely upon to process personal data is further set out in the table hereunder:
| Purpose | Type | Lawful basis |
|---|---|---|
| To complete our onboarding process
This includes setting up your account, verifying your identity, setting up your student profile, and ensuring that you have access to the courses you enrol in. |
Profile Information; Interaction Information | Legal obligation (GDPR Article 6(1)(c)); |
| To deliver our Courses
We aim to deliver high-quality educational content and interactive learning experiences, tailored to meet your learning needs and objectives. |
Profile Information; Learning Information; Interaction Information; | Contractual necessity (GDPR Article 6(1)(b)). |
| To make our reviews, evaluations and assessments. To successfully achieve a passing grade, you are required to undertake various assessments, such as quizzes, assignments, and exams. These are designed to evaluate your understanding of the course material and demonstrate your proficiency in the subject matter. |
Profile Information; Learning Information | Contractual necessity (GDPR Article 6(1)(b)). Necessary for our legitimate interests and that of our students (GDPR, Article 6(1)(f)) – for educational quality and integrity. |
| To provide interactive features within our Portal We allow you to communicate with our lecturers and e-mentors. Furthermore, we also provide certain features which allow you to share content with other students and participants. |
Profile Information; Shared Content; Usage Information; | Contractual necessity (GDPR Article 6(1)(b)). |
|
To ensure that our Courses, offerings and any of our engagement complies fully with all applicable laws.
We manage our educational services to fully comply with educational standards, accreditation requirements, and all other relevant legislation. |
Profile Information; Service Information; Financial Information; Interaction Information; Usage Information; |
Legal obligation (GDPR Article 6(1)(c)) Necessary for our legitimate interests (GDPR, Article 6(1)(f)) - to safeguard our reputation |
|
To manage payments and fees We process tuition and other fees associated with our courses, which may include financial aid management and processing refunds where applicable. |
Profile Information; Financial Information; Interaction Information | Contractual necessity (GDPR, Article 6(1)(b)) Necessary for our legitimate interests (GDPR, Article 6(1)(f)) – to collect the payment due to us. |
|
To maintain our contact database for marketing
We manage and update our list of contacts to send you information about new courses, special offers, and upcoming events through various communication channels. |
Profile Information; Service Information; Interaction Information |
To maintain our contact database for marketing |
|
Business Intelligence & Analytics
To collect and anonymize data for statistical and benchmarking purposes. |
Profile Information; Service Information; Interaction Information | Necessary for our legitimate interests (GDPR, Article 6(1)(f)) – to improve user experience, our Courses and offerings. |
|
To safeguard our interests
This includes keeping our infrastructure secure, through security monitoring to detect, prevent and respond to suspicious activity, fraud, intellectual property infringement, violations of our terms or law and for other similar purposes; to establish, exercise or defend legal claims |
Profile Information; Interaction Information; Service Information; Financial Information; Usage Information. | Necessary for our legitimate interests (GDPR, Article 6(1)(f)) – to safeguard our interests and infrastructure). Legal obligation (GDPR Article 6(1)(c)) |
|
To facilitate business transactions
To make certain information available to third parties that may be interested in acquiring our business (either prior to or as part of the transaction). This includes, amongst others, any merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock. |
To make certain information available to third parties that may be interested in acquiring our business (either prior to or as part of the transaction). This includes, amongst others, any merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock. |
Necessary for our legitimate interests (GDPR, Article 6(1)(f)) – to ensure that we are able to sell our business, should we decide to do so). |
Change of purpose
We will use and process personal information solely for the purposes for which it was initially collected, unless we reasonably believe there is a need to use it for a different yet compatible reason. In the event we intend to use personal information for an unrelated purpose, we will inform the relevant data subjects and provide an explanation of the legal basis that permits us to do so.
While we respect decisions by data subjects not to share personal data, please be aware that there may be limitations in our ability to accommodate such choices. In particular, we are unable to enrol you in any of our Courses unless you open account and thus provide us with Profile Information. Furthermore, it would be impossible for us to deliver our Courses and discharge our obligations pursuant to the TOU if you do not upload your assignments or participate in the exams or the assessment associated with that particular course.
To safeguard privacy and ensure that we comply with our legal obligatiosn, we require that you only provide personal data that pertains directly to yourself.
Under the GDPR, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation is deemed to be “special categories of personal data” and require a higher level of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place appropriate safeguards which we are required by law to maintain when processing such data.
We do not collect any such special category of personal data.
No
We will share personal data with third parties where required by law, where it is necessary to administer the relationship with our clients, and as otherwise provided hereunder.
Furthermore, we will also share your personal data as follows:
We may also process your personal data to comply with our regulatory requirements or in the course of dialogue with our regulators as applicable, which may include disclosing your personal data to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or unless to do so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding.
Prior to sharing data with a third-party service provider, we require them to commit in implementing appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Currently, the majority of the personal data we use and process is hosted in Malta and the European Economic Area (EEA). It is however possible that personal data will be made available or otherwise processed outside of the EUEEA, namely when we engage third-party contractors. In fact, currently certain technical support services are provided by a trusted third-party vendor based in India. In the provision of such technical support services, this trusted third-party vendor may be required to access or otherwise process personal data.
When we engage third-party vendors based outside the EEA, we will take adequate measures to ensure that personal data is safeguarded to the same standards as it would have been if processed in the EU, by relying on one of the following:
The GDPR grants data subjects a number of rights that can be exercised in certain circumstances, including:
We utilize technology, including AI and machine learning, to enhance the efficiency and effectiveness of our services, while ensuring that your data protection and fundamental rights are safeguarded.
Automated Multiple-Choice Exam Marking: Certain exams consist of multiple-choice questions, where answers are evaluated solely through automated means without human intervention. This process is necessary for the performance of our contract with you. By agreeing to the terms, you also provide your explicit consent for this automated evaluation. If you believe there has been an error in your marking, please contact us, and we will arrange for a human reassessment of your results.
Turnitin for Plagiarism Detection: We use Turnitin, a tool powered by AI, to check for plagiarism. However, if your work exceeds the plagiarism threshold, it will be reviewed by a human. As this process includes human oversight, it is not considered fully automated under Article 22 GDPR, and the provisions of this article do not apply.
We are committed to deploying technology responsibly and ensuring your rights are respected in all automated or partially automated processes. If you have any questions or concerns, please feel free to reach out to us.
The length of time for which we hold personal data depends on a number of factors, such as regulatory rules and any legal requirements. We also consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means.
For further information about our data retention policies, please get in touch with our data privacy manager on the contact details set out hereunder.
If you need more information about this this privacy notice or how we handle personal information, please contact our data privacy manager, on info@eascencia.mt or through our chat function on our website
Our registered address is situated at: 23, Vincenzo Dimech Street, Floriana FRN 1502 Malta.
Privacy and data protection is a two-way street, and while we strive to uphold it diligently, the active participation of everyone is crucial. This means that along with enjoying privacy rights, data subjects also have certain responsibilities. As part of these obligations, we anticipate that data subjects take reasonable measures to assist us in effectively safeguarding and managing your privacy.
For instance, to ensure that we maintain accurate, complete, and up-to-date personal information, we kindly you to promptly notify us if personal details previously submitted to us become inaccurate, incomplete, or outdated.
We go to great lengths to ensure that we handle personal data responsibly. If there are any concerns or issues with anything related to these matters, please do not hesitate to get in touch with us and we assure you that we will do our utmost to address your concerns.
In any case, if you are not satisfied with the way we manage personal data, you have the right to file a complaint with any relevant data protection authority (particularly the one situated where you habitually reside). Contact details of the competent authority in Malta are as follows:
Information and Data Protection Commissioner, Floor 2, Airways House, High Street, Sliema, SLM 1549, Malta
Telephone - (+356) 2328 7100
Email - idpc.info@idpc.org.mt
Version 1
Date: August 2024
Changes to the Privacy Policy - We may alter these terms at any time, but in any case we will inform you accordingly, by means we deem reasonable in the circumstances. In the event of any conflict between the current version of these terms and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.