Last updated January 17, 2024

This privacy notice for EA5 (doing business as EA5) ('EA5', 'we', 'us', or 'our',), describes how and why we might collect, store, use, and/or share ('process') your information when you use our services ('Services'), such as when you:

• Use our website at http://www.ea5.com, our online platform or any online service hosted by us that links to this privacy notice.

• Engage with us at our in-person talks, workshops or events.

• Communicate with us via email, text or other electronic messages between you and our platform.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact@ea5.com.

Summary of Key Points

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for. You can also click here to go directly to our table of contents.

• How do we safeguard children’s personal data? Our services are designed and developed specifically to promote the positive health and wellbeing of young people aged 13 and above. Therefore decisions are made in their best interest and are age-appropriate. Click here to learn more.

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with EA5 and the Services, the choices you make, and the products and features you use. Click here to learn more.

• Do we process any sensitive personal information? We may collect and use sensitive health-related information shared with us to enhance our online learning platform and performance psychology service. The collection and processing of this data are governed by strict security measures and transparency to prioritise the wellbeing of young people. Click here to learn more.

• Do we receive any information from third parties? We exclusively use Framer to host our platform and they collect some information automatically. We do not receive information from other third-party services. Click here to learn more.

• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Click here to learn more.

• In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Click here to learn more.

• How do we keep your information safe? We have organisational and technical security in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Click here to learn more.

• What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Click here to learn more.

• How do you exercise your rights? The easiest way to exercise your rights is by contacting us at contact@ea5.com. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what EA5 does with any information we collect? Click here to review the notice in full.

Table of Contents

1. How do we safeguard children’s personal data?

2. What personal information do we collect?

3. How do we use your information?

4. What sensitive information do we collect and use?

5. What legal bases do we rely on to process your personal information?

6. When and with whom do we share your personal information?

7. How long do we keep your information?

8. How do we keep your information safe?

9. What are your privacy rights?

10. Controls for Do-Not-Track features

11. Do California residents have specific privacy rights?

12. Do we make updates to this notice?

13. How can you review, update, or delete the data we collect from you?

Contact us:

1. How do we safeguard children’s personal data?

In Short: Our services are designed and developed specifically to promote the positive health and wellbeing of young people aged 13 and above. Therefore decisions are made in their best interest and are age-appropriate.

Our Services are designed following the “Children’s Code”, or the “Age Appropriate Design Code”, a set of standards developed by the Information Commissioner's Office (ICO) in the United Kingdom. Conforming to this statutory code of practice ensures we take into account the best interest of children when designing our online services, recognising the potential risks associated with the collection and processing of their personal data.

Some of the measures we take include:

• We provide a ‘high level of privacy’ by default.

• We take a ‘data protection by design and default’ approach and put appropriate data protection measures in place throughout the entire lifecycle of our processing operations.

• We only collect and retain the minimum amount of personal data needed to provide our service in which a child is actively and knowingly engaged.

• We do not use nudge techniques to encourage children to provide more personal data.

• We switch off geolocation services.

In accordance with the General Data Protection Regulation (GDPR), children under the age of 13 are unable to legally consent to the processing of their personal data. Therefore, our online Services are only intended for children aged 13 and above. If you are under 13 years of age, immediately discontinue use of this site. We do not knowingly collect, maintain, or disclose any personally identifiable information from a child under 13 years of age.

If you are a parent or guardian who has discovered that your child under the age of 13 has submitted their personally identifiable information without your permission or consent, we will make reasonable efforts to remove the information from our databases, at your request. To request the removal of your child's information, please contact us at contact@ea5.com with the email address your child submitted.

2**. What personal information do we collect?**

In Short: We collect personal information you provide and automatically gather certain data to enhance your online experience with our services.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

A. Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Personal details: When you create an account or otherwise use the Services, we collect information such as your name, email address, school name, age or year group.

• User account identifiers: When you create an account, other identifiers are created, such as user ID, customer number, or similar identifier that can be used to identify a user or account.

• Your communications with us: We collect information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide and that may be associated with your communications, such as support enquiries and feedback.

• Payment information: We may receive information associated with your payment information, such as billing address and transaction information, but we do not directly store payment information on the Services. Payment information is stored and processed by our payment providers on our behalf, this may be Stripe or PayPal. You may find their privacy notice links here:

  • Stripe: https://stripe.com/gb/privacy

  • Paypal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

• Questionnaires and assessment tools: If you consent to completing our questionnaires and assessment tools we may collect information relating to your health, lifestyle, decision-making, performance data and other related information depending on the activities and Services you use. This will be used for the sole purpose of enhancing the quality of our Services and a commitment to customer care.

• Surveys: We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include contact information and other information about you and your feedback on our Services.

• Interactive features: We may offer interactive features such as forums, comment sections, chat and messaging services. We and others who use our Website or Services may collect the information you submit or make available through these interactive features.

B**. Information Collected Automatically**

When you engage with our online platform, certain personal information is collected automatically to enhance your experience and ensure security. Our platform operates on Framer, an all-in-one service that facilitates various features and data processes. Framer acts as a processor on our behalf, and the information collected through its features includes:

• Device and browser information: Information about your device type, operating system, browser type, and IP address is automatically collected.

• Usage data: We gather usage data to understand how you interact with our content and services, including details about the pages visited, features used, and session durations.

• Cookies and Similar Technologies: Cookies and similar technologies are employed to enhance your browsing experience, analyse usage patterns, and remember preferences.

• Email and communication data: If you subscribe to our newsletters or communications, interactions such as email opens and link clicks are tracked. You will always have the option to unsubscribe.

• Integration with Framer: Our platform seamlessly integrates with Framer to provide a unified experience. Information exchanged between our platform and Framer adheres to Framer's privacy practices (https://legal.Framer.com/policies/privacy).

• Security measures: Industry-standard security measures are implemented by Framer to protect your information and maintain the confidentiality of transmitted data.

By using our online platform, you consent to the automatic collection of personal information as described above. You can find out more information of the terms and conditions under which Framer processes personal data on our behalf here:

• Framer’s Data Processing Addendum: https://legal.Framer.com/policies/dpa

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

3**.** How do we use your information?

In Short: We use your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also use your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

Provide the Services or requested information, such as:

• Fulfilling our contract with you;

• Identifying and communicating with you, including providing newsletters and marketing materials;

• Managing your information;

• Processing your payments (which are processed and stored by our third-party payment processors on our behalf) and otherwise servicing your purchase orders;

• Responding to questions, comments, and other requests;

• Providing access to certain areas, functionalities, and features of our Services; and

• Answering requests for customer or technical support.

Serve administrative and communication purposes, such as:

• Essential messages to support the operation of the Service.

• Messages to support the EA5 methodology and reinforce your learning.

• Announcements regarding changes to the Service or products.

• Announcements of new EA5 products, services, offers, or opportunities.

• Measuring interest and engagement in our Services, including analysing your usage of the Services;

• Developing new products and improving the Services;

• Ensuring internal quality control and safety;

• Authenticating and verifying individual identities;

• Carrying out audits;

• Communicating with you about your account, activities on our Services and Privacy Policy changes;

• Preventing and prosecuting potentially prohibited or illegal activities;

• Enforcing our agreements; and

• Complying with our legal obligations

You may opt out of receiving non-essential messages or emails in your Settings.

Facilitating collaboration in our community: We may process your information if you choose to use any of our Services that allow for communication and a shared experience with other members or participants, such as online community spaces, live virtual events or in-person group activities.

Consent: We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

To comply with law and prevent harmful activities: We may process your information when necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity, to assist law enforcement, or to prevent imminent harm. This may include sharing information with other companies, lawyers, agents, or government agencies.

De-identified and aggregated information use: We may use de-identified and/or aggregated information that can no longer be reasonably linked to you or your device from the information we collect. De-identified and/or aggregated information is not subject to this Privacy Policy, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

4**. What sensitive information do we collect and use?**

In Short: We may collect and use sensitive health-related information shared with us to enhance our online learning platform and performance psychology service. The collection and processing of this data are governed by strict security measures and transparency to prioritise the wellbeing of young people.

When you engage with our online learning platform, we may collect and process the information you willingly share with us. Our Services are focused on enhancing the health, psychology and performance of young people and therefore it is likely that sensitive information may be shared through our reflective process.

A. Information Collected

Sensitive information may include, but is not limited to;

• Health-related data

• Philosophical or religious beliefs

• Social beliefs, attitudes and opinions

The purpose of collecting this information is to enhance the care, support and quality of our learning experiences and Services.

B. Security Measures Implemented

We implement robust security measures to protect the sensitive information we collect and process, including:

• Encryption: All sensitive health data is encrypted during transmission and storage to protect it from unauthorised access.

• Access controls: Access to sensitive information is restricted to authorised personnel only, and strict access controls are enforced.

• Data minimisation: We collect only the necessary health-related data for the specified purposes, minimising the amount of sensitive information processed.

5**. What legal bases do we rely on to process your personal information?**

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to fulfil our contractual obligations, or to fulfil our legitimate business interests.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

• Consent: We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Click here to learn more.

• Performance of a contract: We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

• Legitimate interests: We may process your personal information based on our legitimate business interests, which include delivering quality services, improving user experience, and ensuring the security of our platform. Our interests are always balanced against your rights and freedoms, and you have the right to object to such processing.

• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

• Vital Interests. We may process your personal information to protect your or another person's vital interests, particularly in situations where it is necessary to prevent harm or protect life.

6**. When and with whom do we share your personal information?**

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We do not sell, trade, or otherwise transfer your personal information to other third parties.

We may share personal information that we collect or you provide in accordance with this Privacy Notice:

Service providers: We may share information we collect about you to our third-party service providers. The categories of service providers to whom we entrust your information include service providers for: (i) the provision of the Services, such as Framer; (ii) payment and transaction processing, such as Stripe or Paypal; (iii) customer service activities, such as Framer and Notion; (iv) the provision of IT and related services, such as Framer; and (v) fraud prevention and user authentication, such as Framer.

Legal requirements: We may access, preserve, and share any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.

Business transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution, or similar event, Personal Data may be part of the transferred assets.

We have the right to disclose aggregated information about our users, and information that does not identify any individual.

7**. How long do we keep your information?**

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8**. How do we keep your information safe?**

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9**. What are your privacy rights?**

In Short: In some regions, such as the European Economic Area (EEA) and United Kingdom (UK), you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us at contact@ea5.com.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us here [link to bottom of page]

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us here [link to bottom of page]. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account information

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at contact@ea5.com.

10**. Controls for Do-Not-Track features**

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

11**. Do California residents have specific privacy rights?**

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the 'Shine The Light' law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

12. Do we make updates to this notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

13. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us.

Contact us:

If you have questions about this notice or your data, please email us at contact@ea5.com or by post to:

EA5 Group Limited 71-75 Shelton Street Covent Garden London United Kingdom WC2H 9JQ