Privacy & Data Policy

ABOUT THIS POLICY

This policy sets out the manner in which we, Cturtle Limited (“Cturtle””) and our affiliate brands and partners, collect, use, disclose and process your personal data when you: access or use our applications, websites, and services (including mobile applications) (our “platforms”), or provide us with your personal data. In this policy, “we”, “us” or “our” refers to Cturtle and our affiliate brands and partners of Cturtle. Please do not access or use our platforms and market network partners or provide any personal data to us if you do not accept this policy.

We may amend this policy from time to time without notice to you, in compliance with applicable laws or as we update our data usage and handling processes. The updated policy will supersede earlier versions and will apply to personal data provided to us previously. The updated privacy policy will take effect when made available to you through our platforms, including www.cturtle.co.

COLLECTING PERSONAL DATA

What personal data we collect. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when:

you use our platforms and services, or express interest in doing so;

you register an account with us through our platforms;

you respond to our promotions, or subscribe to our mailing lists;

you contact us or request that we contact you through various communication channels, for example, through our platforms, social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;

images of you are captured in photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us;

we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a user of our platforms, or if you are involved in providing any service, content, or material through our platforms;

you submit your personal data to us for any other reason.

Depending on your relationship with us, we may also collect your personal data from third party sources, including:

our business partners, such as third parties providing services to us;

your family members or friends who provide your personal data to us on your behalf; and/or

public agencies or other public sources.

through connecting with us, our affiliates, our employees and partners through public and private social media platforms such as facebook, LinkedIn, Instagram and Twitter . 

Our platforms may also contain or involve certain technologies that automate the collection of data (including personal data). These technologies include [cookies, web beacons, artificial intelligence and web tools and web analytics]. If you do not wish to have your data collected through such technologies you may disable the operation of these technologies on your devices (where possible), or you may refrain from using our platforms. We may also use technology that searches public online sources for business and contact information that has been made voluntarily public.

What personal data we collect from you. The personal data we may collect from you depends on the purposes for which we will be using the personal data and what you have chosen to provide, and may include your name; image; credit card details; contact information (such as email address); IP addresses; and other information that may identify you.

Providing personal data belonging to others. In certain circumstances, you may also provide us with personal data of persons other than yourself (such as your family members). If you do so, you are responsible for informing him/her of the purposes for which we are collecting his/her personal data and warrant that you are validly acting on his/her behalf to consent to your provision of his/her personal data to us.

Accuracy and completeness of personal data. You are responsible for ensuring that all personal data that you provide is true, accurate and complete, and to inform us of any changes to your personal data.

Voluntary provision of personal data. Your provision of personal data to us is voluntary and you have the right to withdraw your consent for us to use your personal data at any time by contacting us. Your withdrawal will take effect after your request is processed. However, if you do so, it may not be possible for us to fulfil the purposes for which we require the personal data, including providing services which you require from us.

Minors. If you are a child, minor or not of legal age, please inform and seek the consent of your parent or guardian, before you provide your personal data to us. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us to request for erasure of their personal data.

WHAT WE DO WITH PERSONAL DATA

We collect, use, disclose and process your personal data where:

you have given us consent;

necessary to comply with our legal or regulatory obligations, e.g. responding to valid requests from public authorities;

necessary to support our legitimate business interests, provided that this does not override your interests or rights; and

necessary to perform a transaction you have entered into with us, or provide a service that you have requested or require from us.

Purposes. We collect, use, disclose and process your personal data for purposes connected or relevant to our business, including:

facilitating your use of our platform and services (including recommendations of education, employment, events,  and immigration and event organisation services), content (including video, audio, and other media content), and other material (including e-books and articles);

carrying out a transaction with you or on your behalf;

providing and maintaining our platforms and services, including monitoring usage of our platforms and services;

authenticating, operating and maintaining your user accounts on our platforms;

assisting you with your enquiries and feedback;

administrative purposes, e.g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;

security purposes, e.g. detecting, preventing and addressing security and technical issues related to our platforms and services;

conducting data analytics to enable us to improve our platforms and services;

managing and engaging third parties or data processors that provide services to us, e.g. IT services, data analytics, messaging marketing, and other professional services;

carrying out our legitimate business interests (listed below); and

other reasonable purposes related to the above.

Legitimate business interests. Our legitimate business interests include:

managing our business and relationship with you, and providing services to, our users and customers;

protecting our rights and interests and those of our users and customers;

preventing and investigating possible misuse of our platforms and services;

understanding and responding to inquiries and feedback;

understanding how our users use our platforms, and services;

identifying what our users want and improving our platforms, services and offerings;

enforcing obligations owed to us, or protecting ourselves from legal liability; and

sharing data in connection with acquisitions and transfers of our business.

Marketing purposes. If you have provided us with your information, we may use your personal data for the purposes of marketing our products, events and services, and those of our affiliates and partners and business associates, for example, by sending marketing communications to you through various means including our platforms, our affiliate and partner platforms, social media platforms, direct social media message, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters. In order for us to market products, events and services which are of specific interest and relevance to you, we may analyse and rely on your personal data provided to us, or data collected from your interactions with us.

Use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.

Contacting you. When using your personal data to contact you for the above purposes, we may contact you via e-mail, telephone or any other means.

We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from having to obtain consent. When contacting you for marketing purposes, we will not contact you through your telephone number, unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us, or wish to restrict the manner by which we may contact or send you information, you may contact us.

DISCLOSURE OF PERSONAL DATA

We may disclose or share your personal data in connection with the purposes described in Section 3 above, including without limitation to the following parties:

our related parties and business partners

third parties who provide services to us, e.g. content creation, IT services, data analytics and other professional services; and

regulatory authorities, governments or public agencies.

When disclosing personal data to third parties, we will (where appropriate and required by applicable law) enter into contracts with these third parties to protect your personal data in a manner that is consistent with all applicable laws and/or ensure that they only process your personal data in accordance with our instructions.

CROSS-JURISDICTIONAL TRANSFERS

We may transfer your personal data in connection with the purposes described in Section 3 above:

from the jurisdiction where it is collected (or where you are located) to any other jurisdictions that we operate in; and

to third parties in other jurisdictions.

Where we transfer your personal data across jurisdictions, we will ensure that your personal data is treated securely in accordance with this policy and applicable laws regardless of the jurisdictions they are transferred to. For example, we may enter into contracts with recipients to protect your personal data. You may obtain details of these safeguards by contacting us.

PROTECTION OF PERSONAL DATA

Unauthorised access. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot be held responsible for unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes. We do not guarantee that our platforms are invulnerable to security breaches, or that your use of our platforms is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you send to us electronically. Sending such data is at your own risk.

Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law. Typically, our data retention period is at least 6 years.

Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction, including for data analytics.

YOUR RIGHTS

Depending on the laws applicable to you, you may enjoy certain rights at law in relation to your personal data that we hold or control. Such rights may include:

Access: you may ask us if we hold your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of and information on the personal data we hold about you.

Correction: you may request that any incomplete or inaccurate personal data we hold about you is corrected.

Withdrawal of consent: you may withdraw consent for our use of your personal data.

If you are resident in the European Union, you may also enjoy certain rights, including:

Erasure: you may ask us to delete or remove personal data that we hold about you in certain circumstances.

Restriction: you may withdraw consent for our use of your personal data, or ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy.

Portability: you may request the transfer of certain of your personal data to another party under certain conditions.

Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) you may object to processing on this ground.

Exercising your rights. If you wish to make exercise the rights available to you at law, you may contact us to do so. We may require that you submit certain forms, provide certain information (including to verify your identity) to process your request. Where permitted by law, we may also charge you a fee to process your request.

Limitations. We may be permitted under applicable laws to refuse your request to exercise your rights, for example, we may refuse a request for erasure where the personal data is required for in connection with claims. We may also refuse a request if you are seeking to exercise rights not available to you under applicable law.

 Partner and Affiliate Brands 

Cturtle is a market network who works with education, employer, government and other partners and affiliates including;

UniAdvisor, Course Advisor, Career Courses, International Alumni Job Network, UK Alumni Job Network, Australian Alumni Job Network, GRAD+, JOB+, Data Courses Asia, Data Careers Asia, Short Courses, Career Accelerators, Career Accelerators Asia, NZ Alumni Job Network, EU Alumni Job Network, US Alumni Job Network, Bootcamps Asia, Career Plus, i-Review, iGlobal Talent, Micro-Credentials, Short Courses Asia, Talk Study, please note new brands and affiliates are added all the time and this list will be updated on a regular basis.  

STATEMENT ON DATA PRIVACY

At Cturtle, we are committed to ensuring the highest standards of data compliance and privacy. Our data acquisition practices, which employ artificial intelligence (AI) technologies, are designed to align with the General Data Protection Regulation (GDPR) and other relevant regulations. We prioritize the protection of personal information and uphold the rights and interests of individuals. This data compliance statement outlines our processes and safeguards.


Lawful Basis for Data Acquisition: We only acquire data from the web through AI-powered methods when a lawful basis, as defined by the GDPR, exists. This includes scenarios where individuals have provided their consent, the data is required to fulfill a contract, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest, or legitimate interests pursued by our organization.


Purpose Limitation: We strictly adhere to the principle of purpose limitation. Data acquired from the web is used solely for the purposes explicitly stated at the time of collection or otherwise compatible with the original purpose. We do not process data in a manner that is incompatible with these purposes.


Data Minimization: We implement measures to minimize the amount of data acquired from the web. We only collect and retain data that is necessary, relevant, and proportionate for the purposes defined. We avoid excessive or indiscriminate data collection to ensure compliance with data protection regulations.


Transparency and Notice: We provide clear and concise information to individuals about the data acquisition process, purposes, and any additional relevant details. Our privacy notices and policies outline how their personal information is acquired from the web using AI and provide instructions on how to exercise their rights under applicable data protection laws.


Data Security and Integrity: We maintain appropriate technical and organizational measures to ensure the security and integrity of data acquired from the web. These measures include encryption, access controls, regular security assessments, staff training, and robust IT infrastructure to prevent unauthorized access, loss, or destruction of data.


Data Sharing and Recipients: We exercise caution when sharing acquired data from the web. Data is only shared with trusted third parties or recipients when it is necessary for the stated purposes and in compliance with applicable regulations. We ensure that these recipients also maintain robust data protection measures.


Data Subject Rights: We respect and facilitate the exercise of data subject rights. Individuals whose data we acquire from the web have the right to access, rectify, erase, restrict processing, and object to the processing of their personal information. We provide mechanisms for individuals to exercise these rights and respond to their requests promptly and in accordance with applicable regulations.


Data Retention and Deletion: We retain acquired data for only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or identification.


Regular Compliance Audits: We conduct periodic internal audits and assessments to ensure ongoing compliance with data protection regulations. This includes reviewing and updating our policies, procedures, and technical measures to address any emerging risks or changes in the regulatory landscape.


Data Protection Officer: We have designated a Data Protection Officer (DPO) who oversees our data acquisition practices, ensures compliance with data protection regulations, and serves as a point of contact for individuals and regulatory authorities.

At Cturtle, we are committed to continuously enhancing our data compliance practices and remaining up to date with the evolving legal and regulatory requirements. This data compliance statement reflects our dedication to data privacy, transparency, and accountability in acquiring data from the web using AI.

CONTACT US

If you have any feedback or issues in relation to your personal data or this policy, we encourage you to contact us so that we can resolve your concerns. If you wish to make a formal complaint, you may also do so with any data protection regulator or authority having jurisdiction over us.

You can contact us at: hello@cturtle.co