Privacy Policy

Introduction

apexobelisk S.L. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website apexobelisk.top or use our language education services.

As a language academy operating in Spain and serving students throughout the European Union, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

Data Collection

The data we collect includes personal information that you voluntarily provide to us when you express interest in obtaining information about us or our services, participate in activities on our website, or contact us. The personal data we collect may include:

• Contact Information: Name, email address, telephone number, postal address
• Educational Information: Language level, learning goals, course preferences
• Communication Data: Messages you send us through contact forms or email
• Technical Data: IP address, browser type, device information, website usage data
• Marketing Data: Your preferences for receiving marketing communications

We also automatically collect certain information when you visit our website through cookies and similar tracking technologies, as detailed in our Cookie Policy.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our language education services. Specifically, we use your personal data for the following purposes:

• Service Provision: To deliver language courses, process enrolments, and manage your educational journey
• Communication: To respond to your enquiries, provide customer support, and send administrative information
• Course Management: To assess your language level, track progress, and customise learning materials
• Marketing: To send you information about our courses and services (with your consent)
• Website Improvement: To analyse website usage and improve our online services
• Legal Compliance: To comply with applicable laws and regulations

Our legal basis for processing your personal data includes your consent, the performance of a contract, our legitimate business interests, and compliance with legal obligations.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to control them, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:

• Service Providers: We may share data with trusted third-party service providers who assist us in operating our website and conducting our business
• Legal Requirements: We may disclose information when required by law or to protect our rights, property, or safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity

All third-party service providers are required to maintain the confidentiality of your personal information and use it only for the purposes for which it was disclosed.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Student Records: Educational records are retained for 7 years after course completion for academic and legal purposes
• Contact Information: Contact details are retained for 3 years after last contact unless you request deletion
• Marketing Data: Marketing preferences are retained until you withdraw consent
• Website Data: Technical data is typically retained for 2 years for security and analytical purposes

We regularly review and delete personal data that is no longer necessary for our business purposes or legal obligations.

Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: You can request information about the personal data we hold about you
• Right of Rectification: You can request correction of inaccurate or incomplete personal data
• Right of Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request limitation of how we use your personal data
• Right to Data Portability: You can request transfer of your data to another service provider
• Right to Object: You can object to certain types of processing, including direct marketing
• Right to Withdraw Consent: You can withdraw consent for processing based on consent at any time

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within one month.

International Data Transfers

As we operate primarily within the European Union, your personal data is generally processed within the EU. However, some of our service providers may be located outside the EU. In such cases, we ensure that:

• The transfer is to a country with an adequacy decision from the European Commission, or
• We have implemented appropriate safeguards such as Standard Contractual Clauses approved by the European Commission

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure backup and recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the following information:

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos) if you believe we have not handled your personal data in accordance with applicable law.