Data Processing Agreement

Purpose

This Data Processing Agreement (DPA) outlines how AceCCL processes personal data in compliance with applicable data protection laws, including GDPR.

Scope

This agreement applies to all personal data processing activities conducted by AceCCL on behalf of our users and customers.

Data Controller

AceCCL acts as a data controller when processing personal data for our own business purposes, such as providing our services and managing customer relationships.

Data Processor

In certain circumstances, AceCCL may act as a data processor when processing data on behalf of our enterprise customers or partners.

Account Information

Name, email address, password (hashed), language preferences, and account settings.

Practice Data

Session records, progress tracking, dialogue attempts, and performance analytics.

Usage Data

Platform interaction data, feature usage, and anonymous analytics data.

Payment Information

Payment transaction data (processed by third-party payment processors).

Service Provision

Processing data to provide NAATI CCL practice services, track progress, and deliver personalized learning experiences.

Platform Improvement

Analyzing usage patterns to improve our platform features and user experience.

Customer Support

Processing data to respond to support requests and resolve technical issues.

Legal Compliance

Processing data to comply with legal obligations and regulatory requirements.

Technical Safeguards

• Data encryption in transit and at rest
• Secure server infrastructure
• Regular security updates and patches
• Access controls and authentication systems

Organizational Measures

• Staff training on data protection
• Data access policies and procedures
• Incident response procedures
• Regular security assessments

Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal requirements.

Retention Periods

• Account data: While account is active plus 2 years after closure
• Practice sessions: 3 years for service improvement purposes
• Support communications: 2 years after resolution
• Payment records: As required by applicable financial regulations

Sub-processors

We work with trusted third-party services to deliver our platform. All sub-processors are contractually bound to provide adequate data protection.

Current Sub-processors

• Database hosting providers
• Payment processing services (Razorpay)
• Email service providers
• Analytics and monitoring services

Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Other appropriate safeguards as required by law

Rights Support

We support data subjects in exercising their rights under applicable data protection laws, including:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing

Response Time

We will respond to data subject requests within one month of receipt, or within two months for complex requests.

Incident Response

In the event of a data breach, we will:

• Assess and contain the breach immediately
• Notify relevant supervisory authorities within 72 hours (where required)
• Inform affected data subjects when required by law
• Document the incident and response measures
• Implement measures to prevent similar incidents

Data Protection Inquiries

For questions about this Data Processing Agreement or our data processing practices:

Email: support@aceccl.com

Subject: Data Processing Inquiry

General Privacy Questions

For all privacy-related questions:

Email: support@aceccl.com

Subject: Privacy Question

Agreement Updates

We may update this Data Processing Agreement from time to time to reflect changes in our processing activities or legal requirements. Material changes will be communicated to affected parties.