Privacy Policy 1.0

Privacy Policy

Atlas Language School – LAST UPDATED: January 24, 2026 – VERSION: 1.0

1. DATA CONTROLLER

The Data Controller for your personal data is:
Name: Cristian Palombizio
VAT ID / Tax ID: 266755912
Address: Haverfordwest, Dyfed, Tregwynt Mansion, SA625UU
Email: contact@atlaslanguage.school

Cristian operates as a sole trader (self-employed) under the trading name “Atlas Language School”

 

2. PRIVACY OFFICER / DATA PROTECTION CONTACT

For any privacy questions, please contact:
Email: contact@atlaslanguage.school
Response time: within 30 days

 

3. WHAT DATA DO WE COLLECT?

Registration Data:
– Full name
– Email address
– Phone number

Usage Data (stored by Bookly backend):
– Booking date/time
– Service booked
– Staff member assigned
– Appointment status (pending, approved, cancelled, etc.)
– Payment transactions and status
– Login date/time

Optional Data:
– Profile photo
– Bio/biography
– Language certificates (if voluntarily shared)
– Payment history

 

4. WHY DO WE COLLECT THIS DATA?

a) To Provide the Service:
– Connect you with freelance language teachers
– Manage lesson bookings and scheduling
– Process payments securely
– Provide customer support
– Handle technical issues

b) Communication:
– Send booking confirmations
– Contact you for support requests
– Send platform updates
– Notify you of important changes

c) Legal Compliance:
– Tax and accounting requirements
– Anti-money laundering (AML) compliance
– Fraud detection and prevention
– Payment verification

d) Security & Safety:
– Detect and prevent abuse/fraud
– Protect platform security
– Investigate violations

e) Service Improvement (FUTURE):
– When we implement analytics, only with your consent
– Understand user behavior to improve experience

 

5. LEGAL BASIS FOR PROCESSING

We process your data under:
– Performance of Contract (Article 6(1)(b) GDPR) – to deliver the service
– Legal Obligation (Article 6(1)(c) GDPR) – tax/compliance requirements
– Legitimate Interest (Article 6(1)(f) GDPR) – fraud prevention, security

 

6. DATA SHARING

Teachers:
– Can see: Your name, email, profile photo, chat messages, your ratings
– Will use this data to: Contact you for lessons, communicate about class
– Cannot see: Your phone number, physical address, payment info
Service Providers:
– Payment processor (Stripe): Payment data (ENCRYPTED)
– Email provider (Hostinger + Bookly): sends transactional emails such as confirmations and notifications.
– Hosting provider (Hostinger): stores this website and related technical logs.

We DO NOT sell your data to third parties for marketing purposes.

SPECIAL NOTE FOR MINORS:
– If a user is under 18, we require parental consent
– Teachers will NOT see phone numbers or physical addresses
– Teachers only see: name, email, profile photo

 

7. HOW LONG DO WE KEEP YOUR DATA?
– Registration data: 3 years after last login
– Chat messages: 1 year after lesson completion
– Payment records: 6-7 years (tax law requirement)
– Access logs: 90 days
– After account deletion: Removed within 30 days (except for legal/tax requirements)

 

8. YOUR RIGHTS

You have the right to:

  1. Access your data (right of access)
  2. Correct inaccurate data (right of rectification)
  3. Delete your data (right to be forgotten) – except where legally required
  4. Restrict processing
  5. Object to processing
  6. Data portability (receive data in exportable format)
  7. Not be subject to automated decision-making

To exercise your rights: privacy@atlaslanguage.school
We will respond within 30 days.

 

9. TRACKING & COOKIES – CURRENT STATUS

CURRENT STATE:
– We do NOT use Google Analytics
– We do NOT use Facebook Pixel
– We do NOT track your behavior

TECHNICAL COOKIES (NECESSARY – No consent required):
– Session ID: Keeps you logged in
– Preferences: Language, theme (dark/light mode)
These are essential for the platform to function.

FUTURE IMPLEMENTATION:
– We will add Google Analytics 4
– We will request your consent beforehand
– We will publish an updated Cookie Policy
– We will display a cookie banner

 

10. SECURITY
We protect your data with:
– SSL/TLS encryption for all communications (HTTPS)
– Password hashing to protect login credentials
– Firewall and DDoS protection
– Limited access controls (least privilege principle)
– Role-based access control
– Regular security reviews

IN CASE OF DATA BREACH:
If we discover a security breach, we will:

  1. Notify relevant authorities within 72 hours
  2. Notify you directly if there’s high risk to you
  3. Issue a transparent public statement

 

11. INTERNATIONAL TRANSFERS

Cristian operates from Spain (within GDPR territory).
If we ever transfer data outside the EU:
– We will use Standard Contractual Clauses (SCC)
– Or only transfer to countries with EU Adequacy Decisions
– We will notify you before any transfer

 

12. RIGHTS FOR MINORS

If you are under 18 years old:
– Parental/guardian consent is required
– You should inform your parent/guardian about data sharing
– Your contact details will NOT be shared with teachers

 

13. EXTERNAL LINKS

Our site may contain links to:
– Teacher profiles on third-party websites
– External resources (YouTube, etc.)
We are not responsible for their privacy practices.

 

14. CONTACT & COMPLAINTS
Privacy Questions: contact@atlaslanguage.school
Complaints to Authority: 
– Spain: AEPD (Agencia Española de Protección de Datos) – aepd.es
– Italy: Garante della Privacy – garanteprivacy.it
– UK: ICO (Information Commissioner’s Office) – ico.org.uk
– EU: Your national Data Protection Authority

We use cookies to offer you a
better browsing experience.

Accept Cookies