1. Roles
You are the data controller of personal data of students enrolled in your academy. JR LearnHub is the data processor acting on your documented instructions.
2. Scope of processing
JR LearnHub processes student personal data only as necessary to operate the academy service you have configured: authentication, lesson delivery, payment processing, progress tracking, certificate issuance, support, and the analytics features you have enabled.
3. Confidentiality
All JR LearnHub personnel with access to student personal data are bound by written confidentiality obligations. Access is restricted to the minimum personnel required to operate the service and is logged.
4. Security measures
Technical and organisational security measures are described in our Security page. These include encryption at rest and in transit, signed-URL asset delivery, role-based access control, audit logging, and a documented incident-response procedure.
5. Sub-processors
We use a small set of trusted sub-processors to operate the service (payments, storage, email, CDN). The list is published and maintained on this page and updated when sub-processors are added or replaced. Material changes will be notified to you at least 30 days in advance.
6. Data-subject requests
We provide tooling for you to fulfil data-subject access, correction, deletion and portability requests from your students. Where you need our assistance, we will provide it within reasonable timeframes.
7. International transfers
Where personal data is transferred from the EEA/UK to a third country, we rely on the EU Standard Contractual Clauses (and the UK addendum where applicable) as the transfer mechanism. Specific safeguards depend on your selected academy region.
8. Incident notification
We will notify you of any personal data breach affecting your students without undue delay and in any case within 72 hours of becoming aware, with sufficient detail to allow you to meet your own notification obligations.
9. Return and deletion
On termination of your account, you may export your student data within 30 days. Thereafter, we will delete or anonymise the data, except where retention is required for legal compliance.
10. Audit
You may request a summary of our security and compliance controls at any time. For on-site or document-room audits, we ask for reasonable notice and may charge a documented administrative fee.
11. Contact
To execute a counter-signed DPA, or for any data-processing questions, email dpo@jrlearnhub.com.
Contact: legal@jrlearnhub.com