EZclass Privacy Policy
Effective Date: April 9, 2026
Controller: EZclass OÜ | Registry No. 16802842 | Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia
Contact: [email protected]
Table of Contents
- Introduction and Scope
- Who We Are and How to Contact Us
- Personal Data We Collect
- How and Why We Use Your Personal Data
- Data Sharing and Third-Party Processors
- International Data Transfers
- Data Retention
- Your Rights
- Cookies and Tracking Technologies
- Automated Processing and AI-Based Assessment
- Voice Recordings and Speech Data
- Children's Privacy
- Security
- Changes to This Policy
- CCPA / CPRA Addendum (California Residents)
- UK GDPR Addendum (United Kingdom Residents)
- Brazil LGPD Notice (Brazilian Residents)
1. Introduction and Scope
EZclass OÜ ("EZclass", "we", "us", or "our") operates the online English learning platform available at ezclass.io and the AI-powered placement test hosted at placement.ezclass.io (collectively, the "Services").
This Privacy Policy explains:
- what personal data we collect and how;
- the purposes and legal bases for processing under the EU General Data Protection Regulation (GDPR) and other applicable laws;
- who we share data with, including all material sub-processors;
- how long we retain data;
- your rights and how to exercise them; and
- how international transfers are safeguarded.
This Policy applies to all users of the Services worldwide, with jurisdiction-specific addenda for California (§15), the United Kingdom (§16), and Brazil (§17).
By using our Services you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use of the Services.
2. Who We Are and How to Contact Us
Data Controller:
EZclass OÜ
Registry No. 16802842
Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia
Email: [email protected]
Data Protection Officer (DPO):
At this time EZclass OÜ does not have a legal obligation to appoint a formal DPO under Article 37 GDPR, but we regularly review this position. Privacy enquiries are handled directly by our privacy team at [email protected].
Supervisory Authority:
The competent lead supervisory authority for EZclass OÜ is:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39, 10134 Tallinn, Estonia
Web: www.aki.ee
Email: [email protected]
Tel: +372 627 4135
You also have the right to lodge a complaint with the data protection authority of your EU/EEA Member State of habitual residence, place of work, or place of the alleged infringement.
3. Personal Data We Collect
We collect the following categories of personal data, depending on how you interact with our Services:
3.1 Account and Identity Data
- Full name
- Email address
- Password (stored in hashed form)
- Country of residence
- Preferred language
- Profile photograph (optional)
- Institutional or organisation affiliation (if applicable)
3.2 Placement Test Data
- Written responses entered during the AI placement test
- Audio recordings of spoken responses submitted during the test
- Transcribed text derived from audio recordings (speech-to-text output)
- AI evaluation prompts generated during the test session
- AI-generated scores and feedback (CEFR level output)
- Test metadata (timestamps, session identifiers, device type)
3.3 Learning and Progress Data
- Course enrolment and completion records
- Lesson progress and scores
- Certificates issued (GradingReport records)
- Assignment submissions
- Class attendance records
3.4 Communication Data
- Messages sent via in-platform messaging or email correspondence with our team
- Support tickets and associated metadata
3.5 Technical and Usage Data
- IP address
- Browser type and version
- Operating system
- Device identifiers
- Pages visited and click patterns (collected via session analytics tools described in §5)
- Error logs and diagnostic data
- Referring URL
3.6 Payment Data
Payment transactions are handled directly by our payment processor. We do not store full card numbers or bank account details. We retain transaction references, amounts, and dates for accounting and legal compliance purposes.
3.7 Cookie and Consent Data
Cookie preference records, consent timestamps, and consent version identifiers. See §9 for full details.
4. How and Why We Use Your Personal Data
The table below sets out each processing purpose, the data categories involved, and the lawful basis under GDPR Article 6 (and Article 9 where applicable).
| Purpose | Data Categories | Lawful Basis |
|---|---|---|
| Creating and managing user accounts | Identity, contact data | Contract (Art. 6(1)(b)) |
| Providing and delivering the AI Placement Test | Test data, audio, transcripts, AI scores | Contract (Art. 6(1)(b)) |
| Delivering online courses and learning content | Learning and progress data | Contract (Art. 6(1)(b)) |
| Issuing certificates and GradingReports | Identity, learning data | Contract (Art. 6(1)(b)) |
| Processing payments and maintaining accounting records | Payment and identity data | Legal obligation (Art. 6(1)(c)); Contract (Art. 6(1)(b)) |
| Communicating with users about their accounts and the Services | Identity, communication data | Contract (Art. 6(1)(b)) |
| Sending marketing communications (where opted in) | Identity, contact, usage data | Consent (Art. 6(1)(a)) |
| Improving and optimising the user experience (session analytics, heatmaps) | Technical, usage data | Consent (Art. 6(1)(a)) |
| Fraud prevention and security monitoring | Technical, usage data | Legitimate interests (Art. 6(1)(f)) |
| Bot and abuse prevention (reCAPTCHA v3) | Technical, device fingerprint data | Legitimate interests (Art. 6(1)(f)); Consent where required |
| Error tracking and system diagnostics | Technical, error log data | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | All relevant categories | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | All relevant categories | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by the rights and interests of data subjects. You may request a copy of our legitimate interests assessment by contacting [email protected].
Where we rely on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal (see §8).
4.5 System Observability and Monitoring
Datadog Inc. (USA) — Application performance monitoring, infrastructure metrics, log management, error tracking, and Real User Monitoring (RUM). Datadog may process personal data present in server logs, request traces, and error payloads, including IP addresses, user identifiers, and session metadata. EZclass OÜ configures Datadog to minimise personal data in logs where technically feasible. Transfer basis: EU-US Data Privacy Framework (DPF). Datadog is DPF-certified.
Better Stack, Inc. (Czech Republic, EU) — Uptime monitoring, log aggregation, and incident alerting. BetterStack may process server logs containing IP addresses, user identifiers, and request metadata. As a Czech Republic-registered entity, BetterStack operates within the European Economic Area and is subject to GDPR directly. No international transfer mechanism is required.
5. Data Sharing and Third-Party Processors
We do not sell your personal data. However, by operating the Services, we necessarily share data with a range of third-party processors and sub-processors as described below. Each processor is engaged under a written Data Processing Agreement (DPA) containing the obligations required by GDPR Article 28.
5.1 Sub-Processor Table
AI and Machine Learning Services
| Processor | Country | Processing Activity | Transfer Mechanism |
|---|---|---|---|
| OpenAI, LLC | USA | Speech-to-text transcription of placement test audio responses (Whisper API) | EU–US Data Privacy Framework (DPF) |
| DeepSeek AI Co., Ltd. | China | AI-powered writing and speaking evaluation scoring within the placement test. User test responses (written text and transcribed speech text) are transmitted to DeepSeek's API for CEFR-level assessment | Standard Contractual Clauses (EU Commission Decision 2021/914, Module 2: Controller-to-Processor) |
Note on DeepSeek: DeepSeek does not use API inputs (i.e., data transmitted via the API endpoint) for training or improving its models. Processing is limited to generating evaluation outputs during the active API call. Data transmitted to DeepSeek is subject to a Transfer Impact Assessment (TIA) on file at EZclass.
Analytics and User Experience
| Processor | Country | Processing Activity | Transfer Mechanism |
|---|---|---|---|
| Contentsquare SAS | France | Session analytics and user experience optimisation on placement.ezclass.io. Heatmaps and session replay to improve placement test usability | Within EU/EEA — no transfer mechanism required |
| Microsoft Corporation (Microsoft Clarity) | USA | Session analytics on ezclass.io. Heatmaps, session recordings, and anonymised usage metrics. Delivered via consent-gated Google Tag Manager | EU–US Data Privacy Framework (DPF) |
| Google LLC (reCAPTCHA v3) | USA | Bot protection and anti-abuse verification on data request forms. May collect device fingerprinting and behavioural data to assess whether a form submission is automated | EU–US Data Privacy Framework (DPF) |
Infrastructure and Operations
| Processor | Country | Processing Activity | Transfer Mechanism |
|---|---|---|---|
| Functional Software, Inc. (Sentry) | USA | Application error tracking and system diagnostics. Error events may include anonymised fragments of request data | EU–US Data Privacy Framework (DPF) |
Hosting and Cloud Infrastructure
Our platform infrastructure is hosted with cloud service providers operating within the EU/EEA or under adequate transfer mechanisms. Details are available on request at [email protected].
5.2 Legal Disclosure
We may also disclose personal data to:
- Competent authorities and regulators where required by law, court order, or to protect against fraud and abuse.
- Professional advisers (lawyers, auditors, accountants) bound by confidentiality obligations.
- Successors in interest in the event of a merger, acquisition, or asset sale, subject to equivalent data protection commitments.
5.3 No Sale of Personal Data
EZclass OÜ does not sell, rent, or trade personal data to any third party for their own marketing purposes.
6. International Data Transfers
EZclass OÜ is established in Estonia (EU). Where we transfer personal data to countries outside the EU/EEA that do not benefit from an EU adequacy decision, we rely on the following safeguards:
| Destination | Mechanism |
|---|---|
| USA (OpenAI, Microsoft, Google, Sentry) | EU–US Data Privacy Framework (DPF), as applicable per processor's certification |
| China (DeepSeek AI Co., Ltd.) | Standard Contractual Clauses (EU Commission Decision 2021/914, Module 2: Controller-to-Processor), supplemented by a Transfer Impact Assessment |
You may request a copy of the relevant SCCs or a summary of the Transfer Impact Assessment by contacting [email protected].
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our retention commitments are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| AI Placement Test raw data — written responses, audio recordings, transcribed speech, AI evaluation prompts, AI scores generated during the session | Up to 90 days from the date of test completion, then permanently deleted | Operational necessity; proportionality |
| Test results and certificates (GradingReport) | Up to 3 years from the date of issue | Contract; user legitimate interest in proof of attainment |
| Class recordings | Up to 90 days from the date of the class, then permanently deleted | Operational necessity; proportionality |
| Account data | Duration of the account, plus up to 3 years following deletion request or account closure | Contract; legal obligation |
| Financial and payment records | 7 years from transaction date | Legal obligation (Estonian Accounting Act) |
| Consent records | 3 years from withdrawal of consent or end of the applicable consent period | Legal obligation (GDPR accountability) |
| Support and communication records | 3 years from the date of the last interaction | Legitimate interests (dispute resolution) |
| Security and access logs | 90 days | Legitimate interests (fraud and abuse prevention) |
AI evaluation prompts and responses, including transcribed test content, are stored securely for the duration of the 90-day retention period described above and are then permanently and irreversibly deleted from all systems, including backups that fall within the retention cycle.
Where data is held by sub-processors (e.g. OpenAI, DeepSeek), their own data retention terms apply to transient processing within the API call. We contractually require that sub-processors do not retain personal data beyond the minimum necessary for the immediate service delivery.
8. Your Rights
Under GDPR, you have the following rights in relation to your personal data. We respond to all valid requests within one calendar month of receipt. In complex cases, this may be extended by a further two months; we will notify you of any such extension within the initial one-month period.
8.1 Right of Access (Art. 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data together with information about the purposes, categories, recipients, retention periods, and your other rights.
AI Assessment Transparency: As part of your right of access, you may request information about how your placement test was scored, including which AI systems were used (OpenAI Whisper for transcription and DeepSeek for evaluation scoring), the CEFR level assigned, and the general scoring criteria applied.
8.2 Right to Rectification (Art. 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
8.3 Right to Erasure / Right to Be Forgotten (Art. 17)
You have the right to request deletion of your personal data where:
- the data is no longer necessary for the purpose for which it was collected;
- you withdraw consent and there is no other lawful basis for processing;
- you object under Art. 21 and we have no overriding legitimate grounds;
- the data has been unlawfully processed; or
- erasure is required to comply with a legal obligation.
How to submit a deletion request:
- Online form: ezclass.io/make-data-request
- Email: [email protected]
Requests will be acknowledged within 5 working days and processed within one calendar month. Where we are unable to delete certain data due to a legal retention obligation (e.g. financial records), we will inform you of the specific basis and the data category affected.
8.4 Right to Restriction of Processing (Art. 18)
You may request that we restrict processing in certain circumstances, including while the accuracy of data is contested or while an objection is pending.
8.5 Right to Data Portability (Art. 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and to transmit it to another controller.
8.6 Right to Object (Art. 21)
You have the right to object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise, or defence of legal claims.
You have an unconditional right to object to processing for direct marketing purposes.
8.7 Rights Related to Automated Decision-Making (Art. 22)
Where automated processing produces significant effects, you have the right not to be subject to a decision based solely on automated processing. See §10 for our specific position on the AI Placement Test.
8.8 Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time via:
- the cookie preference centre on our websites (see §9);
- your account settings; or
- emailing [email protected].
Withdrawal does not affect the lawfulness of processing before withdrawal.
8.9 Right to Lodge a Complaint
You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (details in §2) or the supervisory authority of your EU/EEA Member State of habitual residence.
How to exercise your rights:
Submit requests via the online form at ezclass.io/make-data-request or by emailing [email protected]. We may ask you to verify your identity before processing the request.
9. Cookies and Tracking Technologies
9.1 Cookie Management Platform
Both ezclass.io and placement.ezclass.io use vanilla-cookieconsent to manage cookie preferences. A cookie consent banner is presented on first visit and allows you to accept, reject, or customise cookie categories. Your preferences are stored and respected on subsequent visits. You may change your preferences at any time by clicking the "Cookie Preferences" link in the website footer.
9.2 Cookie Categories
| Category | Description | Basis |
|---|---|---|
| Strictly Necessary | Essential for the platform to function (session management, authentication, security) | Not subject to consent; necessary for contract/legitimate interests |
| Functional / Preference | Remember your language settings and UI preferences | Consent |
| Analytics | Aggregate usage data to improve the Services (Google Analytics, Microsoft Clarity, Contentsquare) | Consent |
| Session Replay | Heatmaps and session recordings via Contentsquare (placement.ezclass.io) and Microsoft Clarity (ezclass.io) | Consent |
No advertising or cross-site tracking cookies are used.
9.3 Google reCAPTCHA v3
Google reCAPTCHA v3 is deployed on the data request forms at ezclass.io/make-data-request and related forms to verify that submissions are made by humans rather than automated bots. reCAPTCHA v3 operates invisibly (without a CAPTCHA challenge) and may collect:
- IP address
- Browser and device characteristics
- User interaction patterns and timing data (device fingerprint)
- Cookies set by Google
This data is transmitted to Google LLC (USA) under the EU–US Data Privacy Framework and is governed by Google's Privacy Policy. The purpose is limited to fraud and abuse prevention. We rely on legitimate interests as the lawful basis for this processing; where required under national implementing law, consent is obtained via the cookie consent mechanism.
10. Automated Processing and AI-Based Assessment
10.1 How the AI Placement Test Works
EZclass's AI Placement Test uses automated processing to generate CEFR level scores (A1–C2) for English language placement purposes. The assessment process involves:
- The user completes written and spoken tasks within the placement test interface.
- Audio responses are transcribed to text by OpenAI Whisper (speech-to-text).
- Both written responses and transcribed speech are evaluated by DeepSeek AI to generate CEFR-level scores and diagnostic feedback.
- The resulting placement level is presented to the user and, where applicable, shared with the user's institution.
10.2 Article 22 GDPR Position
EZclass's AI Placement Test uses automated processing to generate CEFR level scores. This does not constitute automated decision-making with legal or similarly significant effects within the meaning of Article 22 GDPR. Results are for placement guidance only — they are used to suggest an appropriate course level and do not produce legal effects, significantly affect legal rights, or have similarly significant consequences for data subjects. Human review and override are available; students may request a manual review of their placement at any time by contacting [email protected].
10.3 Transparency About AI Scoring
As part of your right of access (§8.1), you may request:
- the CEFR score assigned to your placement test;
- the AI systems used in scoring (OpenAI Whisper + DeepSeek);
- a general explanation of the scoring criteria applied; and
- a human review of the placement outcome.
To make such a request, use the form at ezclass.io/make-data-request or email [email protected].
11. Voice Recordings and Speech Data
11.1 Collection and Processing
During the AI Placement Test, users are invited to submit spoken responses. These audio recordings are:
- Transmitted to OpenAI (Whisper API) for speech-to-text transcription.
- The resulting transcript (not the original audio) is then transmitted to DeepSeek for language evaluation and CEFR scoring.
The original audio recording is retained by EZclass for a maximum of 90 days and then permanently deleted (see §7).
11.2 Scope of Processing — Important Clarification
EZclass does not use voice data for:
- biometric identification or identity verification;
- voice recognition for authentication purposes;
- the creation of voice profiles or biometric templates;
- profiling based on voice characteristics unrelated to language assessment.
Processing of voice recordings is strictly limited to:
- speech-to-text transcription for the purpose of language assessment; and
- CEFR-level English language evaluation.
11.3 Children's Voice Data
Where a user aged 16 or 17 takes the placement test with appropriate institutional or parental authorisation, their voice recordings are subject to the same 90-day retention and deletion commitment, and no biometric processing occurs.
12. Children's Privacy
The Services are intended for users aged 16 and above, consistent with the minimum age requirement set out in our Terms and Conditions. We do not knowingly collect personal data from individuals under 16 except where an educational institution or guardian has provided appropriate consent for participation in a supervised programme. If we discover that we have inadvertently collected personal data from an individual under 16 without appropriate consent, we will delete it promptly.
Where EZclass is deployed by educational institutions for younger learners, the institution acts as a controller (or joint controller) for those students' data, and is responsible for obtaining appropriate consents under applicable law.
13. Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Measures include:
- Encryption of data in transit (TLS 1.2 or higher) and at rest
- Access controls and role-based permissions for staff
- Regular security assessments and penetration testing
- Incident response procedures aligned with GDPR 72-hour breach notification requirements
- Contractual security requirements imposed on all sub-processors
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate within 72 hours and, where required, notify affected individuals without undue delay.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. When we make material changes, we will:
- update the Effective Date at the top of this document;
- post the revised Policy on our websites; and
- notify registered users by email (for material changes) or via an in-platform notice.
We encourage you to review this Policy periodically. Continued use of the Services after the effective date of a revised Policy constitutes acceptance of the changes, to the extent permitted by applicable law.
Previous versions of this Policy are available on request from [email protected].
15. CCPA / CPRA Addendum (California Residents)
This section supplements the main Policy and applies to residents of California, USA, pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
15.1 Categories of Personal Information Collected
In the preceding 12 months, EZclass has collected the following CCPA categories of personal information:
| CCPA Category | Examples Collected |
|---|---|
| Identifiers | Name, email address, IP address, account identifiers |
| Personal information (Cal. Civ. Code §1798.80(e)) | Name, email address |
| Internet or network activity | Browsing history on the Services, usage data |
| Audio/electronic data | Voice recordings submitted during the placement test |
| Education information | Placement test results, course progress, certificates |
| Inferences | CEFR placement level derived from test performance |
15.2 Purposes of Use
Personal information is used for the purposes described in §4 of the main Policy: providing the Services, processing transactions, improving the Services (with consent), security and fraud prevention, and legal compliance.
15.3 Sale or Sharing of Personal Information
EZclass does not sell personal information as defined by CCPA/CPRA. EZclass does not share personal information with third parties for cross-context behavioural advertising.
15.4 Sensitive Personal Information
Under CPRA, voice recordings may constitute "sensitive personal information." EZclass processes voice recordings solely for language assessment purposes as described in §11. We do not use sensitive personal information to infer characteristics about users beyond CEFR English language level. You may direct us to limit our use of sensitive personal information to that which is necessary to perform the Services by contacting [email protected].
15.5 Your California Rights
California residents have the right to:
- Know what personal information we collect, use, disclose, and sell.
- Delete personal information we hold about you, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of sale or sharing (not applicable — we do not sell or share for advertising).
- Limit use of sensitive personal information to necessary processing.
- Non-discrimination — we will not discriminate against you for exercising your rights.
15.6 How to Submit a Request
Submit requests via ezclass.io/make-data-request or email [email protected]. We will respond within 45 calendar days, with an option to extend by a further 45 days with notice.
We will verify your identity before processing any request. We do not charge a fee for reasonable requests.
16. UK GDPR Addendum (United Kingdom Residents)
This section applies to users in the United Kingdom. The UK GDPR (the retained version of EU GDPR, as amended by the Data Protection Act 2018) applies independently to the processing of personal data of UK-based individuals, regardless of the EU GDPR's application.
16.1 UK Representative
EZclass OÜ processes personal data of UK residents in the course of offering services to individuals in the UK. Users in the UK may exercise their rights under UK GDPR by contacting [email protected].
16.2 Supervisory Authority (UK)
The competent supervisory authority for UK residents is:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Web: ico.org.uk
Tel: 0303 123 1113
You have the right to lodge a complaint with the ICO if you consider that our processing of your personal data infringes UK GDPR.
16.3 International Transfers (UK)
Transfers of UK residents' personal data to non-adequate countries are safeguarded using:
- the International Data Transfer Agreement (IDTA) (for transfers under UK GDPR); or
- the EU SCCs supplemented by the ICO's UK Addendum (where applicable),
in each case as agreed with the relevant sub-processor.
16.4 Your Rights Under UK GDPR
UK residents enjoy the same rights as described in §8 of the main Policy (access, rectification, erasure, restriction, portability, objection, and rights regarding automated decision-making), exercisable against EZclass OÜ as controller.
17. Brazil LGPD Notice (Brazilian Residents)
This section applies to users located in Brazil, pursuant to the Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13,709/2018.
17.1 Legal Bases Under LGPD
| LGPD Basis | Processing Activities |
|---|---|
| Consent (Art. 7, I) | Analytics cookies, session replay, marketing communications |
| Contract performance (Art. 7, V) | Account creation, service delivery, placement test, certificates |
| Legal obligation (Art. 7, II) | Financial records, regulatory compliance |
| Legitimate interests (Art. 7, IX) | Security monitoring, fraud prevention, error tracking |
17.2 Your Rights Under LGPD
Brazilian residents have the right to:
- Confirm the existence of processing and access personal data (Art. 18, I–II)
- Correct incomplete, inaccurate, or outdated data (Art. 18, III)
- Anonymise, block, or delete unnecessary or excessive data (Art. 18, IV)
- Data portability (Art. 18, V)
- Delete personal data processed with consent (Art. 18, VI)
- Information about third parties with whom data is shared (Art. 18, VII)
- Information on the possibility of denying consent and the consequences (Art. 18, VIII)
- Withdraw consent (Art. 18, IX)
- Lodge a complaint with the ANPD (Art. 18, X)
17.3 How to Exercise Rights
Submit requests via ezclass.io/make-data-request or email [email protected]. We will respond within 15 days as required under LGPD.
17.4 Supervisory Authority (Brazil)
Autoridade Nacional de Proteção de Dados (ANPD)
Web: www.gov.br/anpd
17.5 International Transfers (Brazil)
Transfers of Brazilian residents' personal data to countries not recognised as providing adequate protection under LGPD are carried out under standard contractual clauses or other safeguards as permitted by ANPD regulation.
EZclass OÜ — Privacy Policy — Effective Date: April 9, 2026
Questions? Contact us at [email protected] or write to: EZclass OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia.