Privacy Policy
Privacy Policy
This Privacy Policy (“Privacy Policy”) is designed to provide you with disclosures on the processing of your personal data in the relation of the services provided by EdTech Plus B.V. (“Nebius Academy”, “we”, “us” or and “Service” respectively). The Service is governed by Terms of Use available at: https://docs.academy.nebius.com/terms-of-use/ or signed in a hard copy (“Agreement”).
This Privacy Policy applies to all information about you that we collect in connection with the Service, and explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your personal data under the applicable privacy laws such as the UK General Data Protection Regulation (“UK GDPR”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and repealing Directive 95/46/EC (“GDPR”), the Israeli Protection of Privacy Law, 5741-1981 (“IPPL”), and the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (“CCPA”) (all collectively will be referred as “Data Protection Laws”).
You are not required by law to provide us with any personal data. Sharing your personal data with us is entirely voluntary. However, a lack of certain data might not allow us to provide the Services or derogate the level of their performance.
We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website and the update date will be reflected in the “Last updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately unless we notify you otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.
1. Controller
The Data Controller (as such term is defined under the applicable Data Protection Laws) regarding personal data processed under this Privacy Policy is EdTech Plus B.V., incorporated under the laws of the Netherlands, with a registered address at Gustav Mahlerlaan 300, 1082 ME Amsterdam, the Netherlands.
You can contact us with any questions relating to the processing of your personal data under this Privacy Policy by either of the following methods:
By Email: business.academy@nebius.com
By Mail:
Attn: Legal Office (DPO)
EdTech Plus B.V.
Gustav Mahlerlaan 300, 1082 ME
Amsterdam, the Netherlands
2. Categories of personal data processed by Nebius Academy
Nebius Academy processes personal data provided by you or collected when you use our Services and/or interact with our website.
| Data Subjects | Category | Description |
|---|---|---|
| Users | Registration data | To become a User, you may need to create an account by providing us with your personal data. This includes:full name;email;phone number;address;age;zip-code;other registration/authentication data. |
| Students | Student data | If you decide to participate in Nebius Academy courses, we may need to receive certain additional information about you. This may include:information about chosen courses;attendance and progress on courses;feedback regarding courses;payment status;information about working permit;area of activities or occupation;employment status;degree; highest degree or level of education and study subject;gender. |
| Tutors | Tutor data | Nebius Academy makes available certain information about its tutors who participate in its courses. This includes:full name;education;city of residence;area of activities;working experience. |
| Graduating students | Student data | Most (if not all) of which Nebius Academy may already have (but some personal data may have changed and be updated etc). |
| Users, students, visitors of the website | Cookie | Nebius Academy uses cookies on its platform to improve the quality of your user experience. A cookie is a commonly used small text file that the internet browser installs on your device when you visit a website, and the browser sends information on your visit back to the website when you revisit it. Information collected by cookies may include browser information, internet activity, and usage data. |
| Users, students, visitors of the website, participants of Nebius Academy events | Other data | When you use the Service or interact with Nebius Academy team or website, you may choose to provide us certain personal data about yourself. In particular, this is the case when you contact Service team on various matters or subscribe to informational or promotional materials about the Service. To do so, we may collect information about your name, age, and contact details. Please note that all these actions do not require registration. |
Sensitive personal data: We do not intentionally collect sensitive personal data (for example, information revealing race, ethnic origin, political opinions, religion, etc.) and we ask our users not to provide us with such information.
3. Purposes and legal bases for the processing
We process your personal data only when we have one of the legal bases mentioned below:
Performance of the Agreement. We may process your personal data in order to provide you the Service under the Agreement.
Legitimate Interest. We may process your personal data when we (or a third party) has an interest in using your personal data in a certain way, which is necessary and justified in light of the possible risks.
Consent. Where required by applicable laws, we will process your personal data based on your consent. You may withdraw consent at any time by using the contact details specified in Section 1 of this Privacy Policy and/or by using the unsubscribe link provided at the bottom of each email in direct marketing communications.
Legal Obligations. When we must process your personal data to comply with applicable laws.
The table below sets out:
- Nebius Academy’s purpose for processing your personal data;
- Nebius Academy’s legal basis for each purpose under applicable law;
- categories of personal data which Nebius Academy uses for each purpose.
| Purpose for processing your data | Legal basis | Categories of personal data used for the purpose |
|---|---|---|
| Provision of the Service | Agreement | Registration data, student data |
| Provision of educational and career opportunities for graduate students | Consent | Graduates’ data with respect to education and professional qualification |
| Improvement of the Service | Legitimate interest | Registration data, student data, other data, cookies |
| Informing current and potential students about courses and educational opportunities | Consent, legitimate interest | Student data, registration data (with the data subject's consent), other data, tutor data |
| For marketing, promotion, and advertising purposes, including targeted advertising based on your personal data collected by us | Consent, legitimate interest | Other data, student data, registration data (with the data subject's consent), cookies |
| Protect the security and integrity of our network and to detect, investigate and prevent activities that may violate our policies and terms, pose safety issues, or be fraudulent or illegal | Legitimate interest | Other data, student data, registration data, cookies, tutor data |
| To comply with legal obligations and law enforcement requests | Legal obligation | Registration data, student data, other data, cookies, tutor data |
| To establish, exercise, or defend legal claims | Legitimate interest | Registration data, student data, other data, cookies, tutor data |
| To conduct business planning, reporting, and forecasting | Legitimate interest | Registration data, student data, other data, cookies, tutor data |
| To conduct research, contests, surveys | Agreement, legitimate interest, consent | Registration data, student and graduates’ data, other data, cookies, tutor data |
| To record video conferences and communications in chats, monitor and improve service quality and defend legal claims | Legitimate interest, consent | Users and customers correspondence and calls with Nebius Academy’s customers service |
3. How we Collect your Personal Data
Depending on the nature of your interaction with our Service, we may collect information as follows:
Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when you interact with our Service.
Provided by you voluntarily – we will collect information if and when you choose to provide us with the information such as contact us communications, Students Data, Tutors Data, etc.
Cookies and Tracking Technologies - we use "cookies" to help personalize and optimize your online experience and time online, including for storing user preferences, improving search results, tracking user trends and other general improvement of the Service. You can turn cookies off in the settings of your web browser or mobile device. For more information about the cookies we use and your choices regarding cookies, please visit our Cookie Notice.
4. How we share your personal data
Information we share with third parties
We disclose certain personal data to the following recipients to the extent required or permitted by applicable law and/or based on their legitimate and reasonable requests:
- our tutors and academic staff to the extent required to provide the Services;
- affiliate entities of Nebius Academy which are a part of the same group of companies to the extent required to provide the Services;
- partners looking for educational and career opportunities for students;
- service providers who assist us in providing the Services, such as: IT services, legal advisers, accountants, suppliers of payment processing services, providers of cloud services for hosting and storage of information related to the Service, sales and marketing services;
- partners assisting us in gathering statistical and aggregated information about how users and students interact with the Service;
- partners otherwise assisting in provision of the Service and achievement of other purposes mentioned in the Section 2 of this Privacy Policy;
- various public authorities if strictly required to respond to their legitimate formal inquiries and for the purpose of fulfilling legal obligations;
- loans and financial services providers;
- other third parties when it is required for compliance with applicable laws.
- in the event of transfer or assignment of our business, activities, assets and/or rights and obligations, in whole or in part, to third parties and/or affiliates, merger with a third party or corporate restructuring (including while conducting negotiations in connection with such transactions).
Where we use the third party service providers as a mean for our communications with you, we will share your personal data with those providers. Please consider that the privacy policies will apply to you, we recommend you to get acquainted with it at:
- for Slack, please see here https://slack.com/trust/privacy/privacy-policy
- for Discord, please see here https://discord.com/privacy
These third-party providers will process your personal data only for the purpose of performing their functions and they may not use that data for any other purpose.
Payment processing
When you purchase our courses or other products offered by Nebius Academy, we may forward you to the web-resources owned by external providers of payment services. When the payment is made, we will get information about your payment status only. Under no circumstances, we can have access, control, obtain or store information about your payment card, banking account or other payment details that may be requested by providers of payment services. Nebius Academy may not control or have access to any communication you may have with those third-party payment services providers. Please be aware that such processing may be governed by third party privacy policies not under our control.
5. Links to Third Party Sites and Content
Our Privacy Policy is designed to advise you about how we collect, use, protect, and disclose the personal data. However, our Service may contain links to other sites that are not operated by us. These may include, among others, zoom services and other similar video and webinar conferencing platforms allowing our students to connect their classes and tuition with video, audio, phone, chat etc. via the internet and their supported device. These services are provided by third party providers which require separate registration by the user, and we have no control over their services and take no responsibility for them. Please note that this Privacy Policy does not govern the practices of such third parties, including our partners, third party service providers, and/or advertisers, even when those services are branded as, or provided on behalf of Nebius Academy. Information collected from you by others, such as third party websites that you access through links on the websites, are governed by those entities’ privacy policies. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policies of every site you visit.
WE HAVE NO CONTROL OVER AND ASSUME NO RESPONSIBILITY FOR THE CONTENT, PRIVACY POLICIES OR PRACTICES OF ANY THIRD PARTY SITES AND SERVICES.
6. How your personal data is stored, transferred, and secured
International Data Transfers
We store your personal data in the European Union (“EU”).
However, we do operate globally and may process and transfer your personal data to Nebius Academy affiliates or to third parties around the world, for the purposes described in this Privacy Policy. When doing so, we ensure the implementation of the required measures aimed at the protection of your personal data in an appropriate manner under applicable laws.
When we transfer your personal data outside the EU and European Economic Area (“EEA”), we are fully committed to ensure the safeguard and the protection of your personal data, this includes implementing appropriate measures in this regard, including:
- making sure the personal data transfer complies with applicable laws;
- adopting Standard Contractual Clauses adopted by the European Commission (and their approved equivalent for Switzerland and the UK), or other safeguard mechanisms;
- ensuring whether the transfer is based on an adequacy decision issued by the European Commission;
- securing personal data when in transit;
- implementing internal policies to limit access to personal data and ensure awareness;
Storage and security of personal data
We store personal data as long as it is required to achieve the purposes of the processing specified in Section 2 of this Privacy Policy unless there are specific longer retention periods that are defined by applicable laws. Anonymized, non-identifiable data may be retained and used by Nebius Academy without limitation.
Other circumstances in which we will retain your personal data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your personal data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
If you wish to have any personal data removed from our databases, please contact us by sending a request to contact details specified in Section 1 of this Privacy Policy.
How personal data is secured
As appropriate and as required by applicable law, we use security measures appropriate to the sensitivity of the personal data we collect, including physical, organizational, and technological protections. However, since no security system is impenetrable, we cannot be held responsible for unauthorized or unintended access that is beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Personal data may only be accessed by persons within our organization, or third parties identified in Section 4 as set forth in this Privacy Policy.
7. Data Subjects Rights
Please see Your rights and their descriptions in this table.
| RIGHT | DESCRIPTION |
|---|---|
| Access | You can ask Nebius Academy to confirm whether or not we process your personal data. If so, you can access the personal data and ask us to explain certain details of the processing. |
| Rectification | You can ask us to correct inaccurate personal data concerning you. If it complies with the purposes of the processing, you can ask us to rectify incomplete or inaccurate personal data. |
| Erasure (“right to be forgotten”) | You can ask us to erase personal data concerning you under applicable law. For example, this applies if (1) the personal data are no longer necessary in relation to the purposes for which they were processed; (2) you withdraw consent to the processing and there is no other legal ground for the processing; (3) the personal data have been unlawfully processed. |
| Restriction on processing | You can ask us to mark the stored personal data with the aim of limiting their processing in the future under applicable law. This applies if (1) you contest the accuracy of the personal data; (2) you ask to restrict the use of the personal data when their processing is unlawful; (3) you need personal data to protect your rights when Academy no longer needs the personal data; (4) you have objected the processing based on the legitimate interests pursued by us or by a third party. |
| Objection to processing (if provided to the data subject under applicable laws) | You can object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on the legitimate interests pursued by Nebius Academy or by a third party. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. |
| Portability (if provided to the data subject under applicable laws) | When the processing is based on your consent or on the agreement with you, you can receive personal data, which you have provided to Nebius Academy, in a structured, commonly used, and machine-readable format and can freely transmit those data to another controller. Where technically feasible, the data subject can also ask Nebius Academy to transmit the personal data directly to another controller. |
| Withdrawal of Consent | Where processing is based on consent (or explicit consent), you have the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. To withdraw consent, please contact us as specified in Section 1 hereof. |
| Right to lodge a complaint with a supervisory authority | When provided by applicable Data Protection Laws, you have the right to lodge a complaint with the supervisory authority active in the country of your residence |
To exercise their rights, subject to legal limitations, you can contact us as specified in Section 1 hereof.
8. Children’s Privacy
We do not knowingly or intentionally collect personal data through the Service from children under eighteen (18) years of age. If you are under eighteen (18) years of age, do not attempt to register for or use our Service, and do not provide us with any personal data about yourself unless you have the requisite parental consent. If you are a parent or guardian and you are aware that your child has violated this Privacy Policy and provided us with personal data, please contact us at address specified in Section 1 above.
9. Specific Jurisdictions
We provide additional information about the processing of your data to our visitors located in some specific jurisdictions:
STATE/COUNTRY SPECIFIC PRIVACY POLICIES AND NOTIFICATIONS IN THE U.S.
A. Privacy Information for California Residents
This section of the Privacy Policy applies only with regard to California residents. When applicable, this section shall prevail over all other parts of the Privacy Policy in case of discrepancies.
Personal Information Collected over the Last 12 Months
| Categories of Data Collected | Data collected from you and why it was collected |
|---|---|
| Identifiers | Depending on the category of the subject as defined in Section 2, we may collect:- full name;- email;- phone number;- address;- age (whether the user is under 18);- zip-code;- information about your authorization to work. |
| Characteristic of protected classifications under California or Federal law. | - gender |
| Commercial information | - record of services purchased or considered for purchase from Nebius Academy. |
| Geolocation Data | None. |
| Financial Information | None.** Note that we use third party payment processors to facilitate your payments and do not store your payment card information. |
| Biometric Data | None. |
| Audio, electronic, visual, thermal, olfactory, or similar information | None. |
| Internet/Network Activity | - As described in Section 3 (Cookies). |
| Professional or Employment-related Information | Depending on the category of the data subject as defined in Section 2, we may collect:- area of activities or occupation;- working experience;- employment status;- authorization to work. |
| Education Information | - highest degree or level of education and study subject. |
| Device Information | User's device ID |
Categories of Personal Information Sold in the last 12 months:
We do not sell your personal information to third parties.
Categories of Personal Information Disclosed over the last 12 months
| Categories of Data Disclosed | Types of Entities to which Data was Disclosed | Reason for Disclosure of Data | Categories of Recipients |
|---|---|---|---|
| Identifiers, Characteristic of protected classifications under California and federal law, Commercial Information, Internet/Network Activity,Professional, employment-related, and education Information | Please see Section 4. | Provision of the services,improvement of the services, informing current and potential students about courses and educational opportunities,to protect the security and integrity of our network and to detect, investigate and prevent activities that may violate our policies and terms, pose safety issues, or be fraudulent or illegal,for marketing, promotion, and advertising purposes,to comply with legal obligations and law enforcement requests,to establish, exercise, or defend legal claims,to conduct business planning, reporting, and forecasting;to conduct research, contests, surveys. | Please see Section 4. |
Information we sell
We do not sell your personal information to third parties. Please note that “sale” of personal information does not include those instances when such information is part of a merger, acquisition, or other transaction involving all or part of our business. If we sell all or part of our business, make a sale or transfer of assets, or are otherwise involved in a merger or other business transaction, we may transfer your personal information to a third party as part of that transaction. If such transaction materially affects the manner in which your personal information is processed, we will notify you of such change prior to its implementation.
Your California Privacy Rights
We have in place policies and procedures to facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, you may be entitled to the following:
Right to Access: to have access to your personal information upon simple request – that is, you may receive a copy of such information upon receipt of a verifiable request, along with other information related to the collection or processing.
Disclosure of Direct Marketers: to have access upon simple request, and free of charge, the categories and names/addresses of third parties that have received personal information for direct marketing purposes. Nebius Academy does not share your personal information with third parties for their direct marketing purposes.
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information: upon receipt of a verifiable request, you may obtain a list of:
- The specific pieces of your personal information Nebius Academy holds;
- The categories of personal information collected about you, sold to third parties, or disclosed to third parties for business purposes;
- The categories of personal information sold within the last 12 months;
- The categories of sources from which personal information is collected;
- The business or commercial purpose for collecting or selling personal information; and
- The categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
Right to Opt-Out of the Sale of Personal Information: California residents have the right to opt-out of the sale of their personal information under certain circumstances.
Right to Deletion: to obtain the deletion of your personal information in the situations set forth by applicable data protection law and upon receipt of a verifiable request.
Right to Non-Discrimination. As defined under relevant law, you have a right to non-discrimination in the services or quality of services you receive from us for exercising your rights.
Please contact with the use of contact details specified in Section 1 of this Privacy Policy in relation to exercising these rights. Note that we may ask you to verify your identity – such as by requiring you to provide information about yourself – before responding to such requests.
Submitting a Verifiable Request under the CCPA
As mentioned above, California residents have certain rights to access, delete, or otherwise exercise rights regarding their personal information under the California Consumer Privacy Act of 2018 (“CCPA”). Nebius Academy will respond to an individual’s “verifiable request” to exercise his or her rights under the CCPA – that is, where Nebius Academy has received a request purporting to be from a particular individual, and Nebius Academy has been able to verify the individual’s identity. The need to verify an individual’s identity is critical to protecting your information, and to ensuring that your information is not shared with anyone pretending to be you or someone who is not authorized to act on your behalf.
Submitting your request. You may submit a verifiable request with the use of contact details specified in Section 1 of this Privacy Policy. We will ask you to provide information about yourself so that we can verify your identity as part of this process. This information may include your name, address, whether you have an account with Nebius Academy, and other information deemed necessary by us to reasonably verify your identity. Once we have your submission, we will compare the information you provided to the information we have about you to verify your identity. If necessary, we may ask for additional information if we have difficulty confirming your identity. We will not share your information or honor other requests in those situations where we are unable to confirm that a request for your information is a “verifiable request.” We will not be able process your request if we cannot verify your identity.
Submitting a request through an authorized agent. Under California law a California resident can appoint an “authorized agent” to make certain verifiable requests upon their behalf, such as the right to know what information we collect about the consumer or to request deletion of the consumer’s information. An authorized agent may submit a request by following the steps outlined above. An authorized agent must identify the consumer he or she is submitting a request on behalf of, and provide the information requested by Nebius Academy to verify the consumer’s identity. We will also require the purported authorized agent to submit proof that he or she has been authorized by the consumer to act on the consumer’s behalf.
Because the security and privacy of your information is paramount, we will ask that you identify and provide permission in writing for such persons to act as your authorized agent and exercise your applicable rights under California law in such situations. This may require us to contact you directly and alert you that an individual has claimed to be your agent and is attempting to access or delete your information. We will also independently verify your identity to ensure that an unauthorized person is not attempting to impersonate you and exercise your rights without authorization. We will not share your information or honor any other requests in those situations where you cannot or do not grant permission in writing for an identified authorized agent to act on your behalf, or where we cannot independently verify your identity.
Submitting a Request for Removal of Minor Information
To request the removal of information about a minor from this site, parents or guardians may submit a request with the subject line “Removal of Minor Information.” Such requests must come from the minor’s parents or guardian; minors may not submit information to us via email.
Your submission should include the following information:
- the nature of your request;
- the identity of the content or information to be removed;
- whether such content or information is found on the Site;
- the location on content or information on the Site (e.g., providing the URL for the specific web page the content or information is found on);
- that the request is related to the “Removal of Minor Information;” and
- your name, street address, city, state, zip code, and e-mail address.
If we become aware that a minor has provided us personal data or otherwise used the Service in violation of the Privacy Policy, we will take steps to remove that information.
Pursuant to 47 U.S.C. Section 230(d), Nebius Academy hereby notifies you that parental control protections (such as computer hardware, software, or filtering services) are commercially available that may assist in limiting access to material that is harmful to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms.
Our Policy on “Do Not Track” Signals under the California Online Protection Act
We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser.
Third parties may collect data that relates to you. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
How to Contact Us/Submit a CCPA Inquiry
If you are a California resident and have any questions about this Privacy Policy, our practices, or your personal information, please contact us via the contact information at Section 1 of this Privacy Policy.
B. Privacy Information for Residents of Colorado, Utah, Virginia, and Nevada:
Unless that contradicts to the law of the state of your residence, provisions of the Chapter A “Privacy Information for California Residents” will apply to the processing of your data. Please contact us whenever you have questions related to your rights or any other questions under this Privacy Policy by either of the methods set forth in the Section 1.