Privacy Policy

Your privacy matters to us. We're committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data.

Last Updated: December 2024

1 Information We Collect

At Studylex, we collect information that helps us provide better financial planning services. This includes data you provide directly and information gathered through your use of our platform.

Personal Information You Provide

Contact details including name, email address, phone number, and postal address
Financial information such as income details, expense categories, and investment preferences
Account credentials and security information for platform access
Communication preferences and feedback you share with us
Educational background and professional information when relevant to financial planning

Automatically Collected Information: We gather technical data including IP addresses, browser types, device information, and usage patterns. This helps us improve our services and ensure platform security. We also collect location data when necessary for providing localized financial advice and regulatory compliance.

Data Type	Collection Method	Purpose
Account Information	Registration Forms	Service Delivery & Communication
Financial Data	Planning Tools & Surveys	Personalized Recommendations
Usage Analytics	Platform Interaction	Service Improvement
Technical Data	Automated Collection	Security & Performance

2 How We Use Your Information

Your information enables us to deliver personalized financial guidance and maintain a secure, efficient platform. We use data responsibly and only for legitimate business purposes that benefit your experience.

Service Provision: Creating customized financial plans, generating reports, and providing educational content tailored to your needs
Communication: Sending important updates about your account, new features, educational materials, and responses to your inquiries
Platform Improvement: Analyzing usage patterns to enhance functionality, develop new features, and optimize user experience
Security Measures: Protecting against fraud, unauthorized access, and maintaining the integrity of our systems
Regulatory Compliance: Meeting legal obligations related to financial services and data protection in Ireland and the EU

Legal Basis for Processing

Under GDPR, we process your data based on contractual necessity (to provide our services), legitimate interests (improving our platform), legal obligations (regulatory compliance), and your explicit consent where required. You can withdraw consent at any time for non-essential processing.

3 Data Sharing and Third Parties

We maintain strict controls over data sharing and only work with trusted partners who meet our security standards. Your information is never sold or used for purposes unrelated to improving your financial planning experience.

Service Providers: We work with carefully selected companies that help deliver our services, including cloud hosting providers, payment processors, and analytics tools. These partners are bound by strict confidentiality agreements and can only use your data for specified purposes.

Cloud infrastructure providers for secure data storage and platform hosting
Payment processing companies for handling subscription and transaction data
Analytics services to understand platform usage and improve user experience
Email service providers for delivering communications and educational content
Security services that help protect against cyber threats and fraud

Legal Requirements: We may disclose information when required by law, court orders, or regulatory authorities. This includes cooperation with tax authorities, financial regulators, and law enforcement when legally obligated. We'll notify you of such disclosures when permitted by law.

International Transfers

Some of our service providers may be located outside the European Economic Area. When transferring data internationally, we ensure adequate protection through approved mechanisms like Standard Contractual Clauses and adequacy decisions by the European Commission.

4 Your Rights and Choices

You have significant control over your personal data. We've designed simple processes to help you exercise these rights and make informed decisions about your information.

Access: Request a copy of all personal data we hold about you, including details about how it's processed
Rectification: Correct any inaccurate or incomplete information in your account or profile
Erasure: Request deletion of your data when it's no longer necessary or you withdraw consent
Portability: Receive your data in a structured format or have it transferred to another service provider
Restriction: Limit how we process your data in certain circumstances
Objection: Opt out of processing based on legitimate interests or direct marketing

How to Exercise Your Rights: Contact us at [email protected] with your request. We'll verify your identity and respond within 30 days. For complex requests, we may extend this period by an additional 60 days with proper notification. There's no charge for most requests, though we may apply reasonable fees for excessive or repetitive requests.

Account Management

You can update most personal information directly through your account settings. This includes contact details, communication preferences, and privacy settings. Changes take effect immediately and are reflected across all our systems within 24 hours.

5 Data Security and Protection

Protecting your financial information is our top priority. We've implemented comprehensive security measures that meet industry standards and exceed regulatory requirements for financial service providers.

Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards
Access Controls: Multi-factor authentication, role-based permissions, and regular access reviews limit who can view your data
Infrastructure Security: Our systems are hosted in secure, certified data centers with 24/7 monitoring and redundant backups
Regular Testing: We conduct quarterly security assessments, penetration testing, and vulnerability scans
Staff Training: All team members receive ongoing security awareness training and sign strict confidentiality agreements

Incident Response: In the unlikely event of a security incident, we have procedures to contain the issue, assess impact, and notify affected users within 72 hours as required by GDPR. We'll provide clear information about what happened and steps we're taking to prevent future incidents.

Your Role in Security

You play a crucial role in protecting your account. Use strong, unique passwords, enable two-factor authentication, keep your contact information current, and never share login credentials. Report any suspicious activity immediately to our support team.

6 Data Retention and Deletion

We retain your information only as long as necessary to provide services, comply with legal obligations, and protect our legitimate interests. Our retention practices balance your privacy rights with practical and regulatory requirements.

Data Category	Retention Period	Reason
Account Information	Duration of relationship + 3 years	Service provision & legal compliance
Financial Planning Data	7 years after account closure	Regulatory requirements
Communication Records	5 years	Dispute resolution & compliance
Technical Logs	2 years	Security & system maintenance
Marketing Data	Until consent withdrawn	Communication preferences

Automated Deletion: Our systems automatically delete data when retention periods expire. You'll receive notifications before any significant data deletion, giving you the opportunity to download your information if needed. Some data may be retained in anonymized form for statistical purposes and service improvement.

Account Closure

When you close your account, we immediately stop using your data for service delivery and marketing. Personal identifiers are removed or anonymized within 30 days, though some information may be retained longer to meet legal obligations or resolve disputes.

7 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, understand how you use our platform, and provide personalized content. You have control over these technologies through your browser settings and our privacy preferences.

Essential Cookies: Required for basic platform functionality, security, and maintaining your session
Analytics Cookies: Help us understand usage patterns and improve our services
Preference Cookies: Remember your settings and personalize your experience
Marketing Cookies: Enable personalized content and measure campaign effectiveness

Managing Cookies: You can control cookie settings through your browser or our cookie preference center. Disabling certain cookies may limit platform functionality. We respect "Do Not Track" signals where technically feasible and provide clear opt-out mechanisms for non-essential tracking.

8 Updates to This Policy

We review and update this privacy policy regularly to reflect changes in our practices, technology, and legal requirements. Significant changes will be communicated clearly with advance notice when possible.

Notification Process: We'll notify you of material changes through email, platform notifications, or prominent announcements on our website. You'll have at least 30 days to review changes before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

Version History

Previous versions of this policy are available upon request. We maintain a complete record of changes, including dates and reasons for updates, to ensure transparency and accountability in our privacy practices.

Questions About Your Privacy?

Our Data Protection Officer is available to address any privacy concerns or questions about this policy.

Email: [email protected]

Address: Bundoran Community Centre, Drumacrin, Bundoran, Co. Donegal, F94 RH33, Ireland

Phone: +353719858288

You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe we've mishandled your personal data.