Privacy and data handling

Definitions

To make the policy actionable we list concise definitions with examples and short case studies. Each definition is followed by a practical scenario showing how that concept applies to learners, instructors, or platform administrators on NexorRClass.

Personal data means any information relating to an identified or identifiable natural person. Examples on NexorRClass include name, email address, billing address, and a profile picture used in class forums. Case scenario: when a learner enrolls in an AI course, their name and email are collected to create an account and send enrollment confirmations.

Processing covers any operation performed on personal data, such as collection, storage, analysis, and deletion. Practical case: tagging anonymized quiz results for course improvement and reporting; operations include aggregation and statistical analysis to refine exercises without exposing identities.

A user is any learner, instructor, or visitor who interacts with NexorRClass services. Example scenario: a guest browsing the catalog and then converting to a registered learner when they enroll in a machine learning project course.

Service refers to the NexorRClass educational platform, related apps, support channels, and content delivery mechanisms. Practical case: live workshops delivered via integrated video, plus recorded sessions stored for participant access and progress tracking.

Cookies are small text files placed on devices to enable session management, preferences, and analytics. Example: a cookie remembers language preference and stores a session voucher during a hands-on lab to reduce repeated logins within a single workshop.

Purposes of Processing

We list each primary purpose for processing personal data and provide scenario-based explanations showing how data is used in real educational operations, from onboarding to course improvement.

• Account creation and authentication. Scenario: creating a learner profile to enroll in an AI fundamentals track and enabling secure login for project access.
• Course delivery and content access. Scenario: granting access to lab environments, assignments, and recorded lectures based on enrollment status.
• Communication and support. Scenario: responding to a technical support ticket about model deployment with logged attachments and prior correspondence.
• Billing and subscription management. Scenario: issuing invoices for a multi-seat corporate training engagement and tracking renewal dates.
• Platform improvement and research using aggregated data. Scenario: analyzing anonymized quiz outcomes to refine curriculum pacing for future cohorts.
• Security, fraud detection, and abuse prevention. Scenario: detecting unusual login patterns for an account used to distribute course solutions and taking action to protect content.
• Legal compliance and record-keeping. Scenario: retaining transaction records to meet statutory accounting obligations in Switzerland.
• Aggregate reporting and anonymized case studies. Scenario: publishing a case study that illustrates improved completion rates after curriculum adjustments, with all data anonymized.

Legal Bases for Processing

When processing personal data we rely on appropriate lawful bases. Below we describe the bases with practical examples showing when each applies in the NexorRClass learning environment.

• Performance of a contract: processing necessary to provide courses and services (e.g., enrolling learners, providing course materials).
• Legitimate interests: processing for platform security, fraud detection, and service improvement, with balancing assessments and safeguards to protect individual rights.
• Consent: when requested for optional communications or analytics where explicit permission is sought (e.g., marketing emails or optional research participation).
• Legal obligation: processing required to comply with laws such as accounting and tax record retention for corporate training purchases.

GDPR and Swiss Data Protection

NexorRClass observes GDPR principles where applicable and aligns practices with Swiss data protection standards. We provide clear steps for exercising rights and describe how requests are handled, with examples for common scenarios.

• Right of access: Users may request a copy of the personal data NexorRClass holds about them. Example scenario: a learner requests the profile and enrollment history to present to an employer.
• Right to rectification: Users can request correction of inaccurate personal data. Example scenario: updating a misspelled name before issuing a certificate.
• Right to erasure: Users can request deletion of personal data where retention is no longer necessary. Example scenario: a former learner asks to remove their profile after completing courses, subject to legal retention obligations.
• Right to restriction: Users may request that processing be limited in specific contexts. Example scenario: pausing promotional communications while keeping the account active.
• Right to data portability: Users may request their data in a portable format. Example scenario: exporting course history and submitted assignments to transfer to another learning platform.
• Right to object: Users can object to processing based on legitimate interests for direct marketing. Example scenario: opting out of targeted marketing emails related to advanced AI modules.

Cookies and Tracking

We use cookies and similar technologies to enable core platform functionality, remember preferences, and collect analytics. This section explains types, purposes, and how to manage choices with illustrative examples.

Types include essential cookies for authentication, preference cookies for language and display settings, analytics cookies for usage patterns, and third-party cookies used by integrated tools (e.g., video hosting).

Categories: Essential (account and session management), Functional (preferences), Analytics (usage improvement), Marketing (optional promotional tracking). Example: analytics cookies help us see which tutorial videos have high drop-off rates.

You can manage cookie settings in your browser or via the cookie banner on NexorRClass.pro. Example scenario: disabling analytics cookies will still allow you to attend courses but may reduce personalization of recommendations.

For full details visit https://NexorRClass.pro/cookie-policy

Data Sharing and Disclosure

We disclose personal data only as necessary to deliver services, comply with legal obligations, or support partnerships. Each category below includes a practical scenario describing why the sharing occurs and the safeguards applied.

• Service providers and processors (hosting, payment processors). Scenario: a payment processor receives billing details to complete a transaction; contractual safeguards and restricted access apply.
• Academic and corporate partners for joint programs. Scenario: sharing enrollee names and course completion status with a corporate client to validate training outcomes under a signed agreement.
• Legal and regulatory authorities when required. Scenario: providing transaction records to tax authorities when requested under applicable law.
• Aggregated or anonymized data publicly shared for research and case studies. Scenario: publishing anonymized completion statistics to illustrate the effectiveness of a curriculum update.
• In the event of a business transfer such as a merger or asset sale, subject to confidentiality and notice. Scenario: account data may be transferred to a successor entity as part of documented transaction terms.
• With your explicit consent for collaborations or promotional case studies. Scenario: a learner agrees to a published interview about a capstone project with names and project description approved in writing.

International Data Transfers

Data may be transferred to service providers outside Switzerland or the EEA to deliver platform services. Where transfers occur, we apply appropriate safeguards such as standard contractual clauses, approved frameworks, or transfers to countries with adequate protections.

Typical safeguards include EU Standard Contractual Clauses, data processing agreements with strong technical and organizational measures, and restricting transfers to subprocessors with documented protections. Example: hosting backups in a third country under an SCC-based arrangement.

Data Retention

We retain personal data only as long as necessary for the stated purposes or to meet legal obligations. Retention periods are applied with clear criteria and examples of how they affect learners and partners.

Account data is retained for the duration of the relationship and for a limited time after account closure to meet legal and operational requirements. Example: inactive accounts are archived for up to five years for accounting or fraud prevention review.

Support tickets and communications are retained to ensure issue resolution and quality improvement for a period proportionate to the case, typically 2–3 years unless legal reasons require longer retention.

System logs and diagnostic data are retained for operational troubleshooting and security purposes for periods determined by risk and compliance needs, typically up to 12 months for high-resolution logs and aggregated summaries longer.

When personal data is no longer required, we delete or irreversibly anonymize it. Example: anonymized analytics datasets derived from course activity may be kept indefinitely for trend analysis after removing identifiers.

Security Measures

We apply a layered security approach to protect personal data against unauthorized access, alteration, and loss. Measures combine organizational policies, technical controls, regular audits, and incident response planning tailored to an educational platform.

• Technical protections such as encryption in transit (TLS) and encryption at rest for sensitive data used in billing or identity verification.
• Access controls and role-based permissions to limit data access to staff and processors with a legitimate operational need.
• Regular security assessments, vulnerability scanning, and a documented incident response plan to address potential breaches promptly.

Your Rights

We provide clear steps and practical scenarios for exercising your privacy rights. Requests are handled in a timely manner and we document each case to ensure consistent treatment across similar situations.

• Access: Request a copy of your personal data. Scenario: exporting your course history for employer review.
• Rectification: Request corrections to inaccurate data. Scenario: updating a misspelled certificate name before issuance.
• Erasure: Request deletion where eligible. Scenario: removing an old account and associated profile data, subject to retention for legal reasons.
• Restriction: Request that processing be limited. Scenario: pausing marketing communications while maintaining course access.
• Portability: Receive your data in a structured format. Scenario: exporting submitted assignments and metadata to transfer to another platform.
• Objection: Object to processing based on legitimate interests. Scenario: opting out of analytics-based profiling used to recommend advanced modules.
• Right to object to processing for direct marketing and profiling related to marketing. You may object when processing relies on our legitimate interests and you consider your rights to outweigh those interests; we will assess requests on a case-by-case basis and respond with practical options.
• Right to withdraw consent where processing is based on consent. Withdrawal will stop future processing that relied on that consent, while previous processing remains lawful. We will explain consequences and offer alternative settings where applicable.

Exercising Your Data Rights

NexorRClass provides a straightforward procedure to exercise rights such as access, correction, deletion, restriction, portability, objection, and consent withdrawal. Submit a request specifying the right you wish to exercise and any supporting details or examples that clarify the scope of your request. We may need to verify identity to protect your privacy. Where feasible, we will propose practical options or workarounds tailored to educational cases and ongoing course access.

[email protected]

We aim to respond to rights requests within 30 calendar days of receipt. Complex requests may require additional time; in such cases we will acknowledge receipt within 7 days and provide an estimated completion timeline along with interim measures to protect your interests.