0
Cart (0)

Privacy policy

Privacy Policy for [Your Online Course Store Name]

Last Updated: [Date]

This Privacy Policy explains how [Your Online Course Store Name] (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal data in compliance with the EU General Data Protection Regulation (GDPR). By using our WooCommerce-based website ([Your Website URL]), you consent to the practices described herein.

1. Data Controller

[Your Company Name]
[Registered Address]
Email: [Your Contact Email]

2. Personal Data We Collect

We collect the following data when you interact with our store:

  • Identifiers: Name, email, shipping/billing address, phone number.

  • Payment Data: Credit card details (processed securely via PayPal/Stripe; we do not store full card numbers).

  • Account Data: Username, password, course progress, certificates.

  • Technical Data: IP address, browser type, device information, cookies (see Section 7).

  • Communication Data: Support queries, feedback, survey responses.

3. How We Use Your Data

Purpose Legal Basis (GDPR)
Process orders & deliver courses Contractual necessity
Manage user accounts & access Contractual necessity
Send transactional emails (e.g., order confirmations) Legal obligation/Contract
Respond to support requests Legitimate interests
Improve website/user experience Legitimate interests
Marketing (with consent) Consent

4. Data Sharing & Third Parties

We share data only where necessary with:

  • Payment Processors: PayPal, Stripe (for transaction processing).

  • Course Platforms: LearnDash/TutorLMS (to deliver courses).

  • Service Providers: Email services (Mailchimp), hosting (AWS), analytics (Google Analytics).

  • Legal Authorities: If required by law (e.g., fraud prevention).

All third parties comply with GDPR and process data under our instructions.

5. International Data Transfers

Data may be transferred outside the EU (e.g., to US-based services). We ensure safeguards:

  • Standard Contractual Clauses (SCCs).

  • Partners certified under Privacy Shield (if applicable).

6. Data Retention

We retain your data only as long as necessary:

  • Orders: 7 years (for tax compliance).

  • User accounts: Until deletion request (or 3 years of inactivity).

  • Marketing data: Until consent withdrawal.

7. Cookies & Tracking Technologies

We use:

  • Essential Cookies: For site functionality (e.g., cart sessions).

  • Analytics Cookies: Google Analytics (anonymized IPs).

  • Marketing Cookies: Only with consent (e.g., Facebook Pixel).

You can manage preferences via our Cookie Banner or browser settings.

8. Your GDPR Rights

You have the right to:

  • Access, correct, or delete your data.

  • Restrict processing or object to marketing.

  • Data portability (receive your data in a structured format).

  • Withdraw consent at any time.

To exercise these rights, email us at [Your Contact Email]. We respond within 30 days.

9. Data Security

We implement:

  • SSL encryption.

  • Regular security scans.

  • Limited staff access to data.

  • Secure payment gateways.

10. Policy Updates

We will notify users of material changes via email or website notices.

11. Contact Us

For GDPR requests or questions:
Email: [Your DPO/Contact Email]
Post: [Your Address]

To lodge a complaint, contact your local Data Protection Authority (e.g., [DPA Link]).

This policy was last updated on [Date] and applies exclusively to users in the EU/EEA.

Implementation Steps for Your WooCommerce Store:

  1. Plugins: Use GDPR-compliant tools (e.g., “GDPR Cookie Consent,” “WooCommerce GDPR”).

  2. Checkout: Add opt-ins for marketing consent.

  3. Data Processing Agreement (DPA): Sign DPAs with third parties (e.g., Stripe, Google).

  4. Privacy Policy Page: Publish this policy at [YourWebsite.com/privacy-policy].

  5. Cookie Banner: Enable a banner (e.g., via “CookieYes” or “Complianz”).