Privacy Policy for EBTD LMS

Effective date: 1 September 2025
Last updated: 1 September 2025

Thank you for learning with Evidence‑Based Teacher Development (“EBTD“, “we“, “us“). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Learning Management System (the “LMS“) and related services on ebtd.education (the “Site“). It also sets out the choices and rights available to you.

Short version: We collect the minimum data needed to run your courses, track progress, issue certificates, and improve teaching and learning. We never sell your data.

1. Who we are & how to contact us

Controller: Evidence‑Based Teacher Development (EBTD)
Registered/Trading address: Dhaka, Bangladesh
Email: info@ebtd.education
Website: https://www.ebtd.education
If you have questions, concerns, or wish to exercise your rights, email info@ebtd.education.

If you study with EBTD via your employer/school, EBTD is the data controller for the LMS. Your institution may be a separate controller for data it provides or receives.

2. Scope of this Policy

This Policy covers personal data processed through the LMS and associated services (enrolment, assessments, certificates, forums, webinars, helpdesk, email/SMS notifications). It also covers pages on the Site that relate to your learning experience. Our general website cookies may be governed by a separate Cookie Policy.

3. What we collect

We collect information that you provide directly and data generated by using the LMS.

3.1 Information you provide

Account & profile: name, email, password (hashed), profile photo, job role, organisation/school, country/region, bio, preferred language.
Course enrolments & submissions: course selections, lesson activity, quiz answers and scores, assignments, uploaded files (e.g., lesson plans), reflections, forum posts, messages to instructors, attendance logs, certificate claims.
Support & communications: enquiries via contact forms (e.g., Brevo), email threads, helpdesk tickets, feedback surveys.
Payments & invoices (if applicable): billing details, transaction references (we do not store full card numbers—payments are handled by our processor(s)).

3.2 Information collected automatically

Usage & diagnostics: pages viewed, time on task, lesson/video playback analytics, clicks, crash logs.
Device & network: IP address, device type, operating system, browser, approximate location (city/region), referrer/UTM, session IDs.
Cookies & similar tech: session cookies, LMS progress cookies, analytics cookies, consent records (see Section 10).

3.3 Single Sign‑On (Google Sign‑In — optional)

If you choose Google Sign‑In, we receive your Google account name, email address, and profile ID to create or link your LMS account. You can revoke access in your Google account settings at any time.

3.4 Learning tools & integrations

Depending on the course, we may use integrated tools that process learner data on our behalf:

Tutor LMS (WordPress): enrolments, progress, quizzes, assignments, certificates.
H5P / xAPI content: interaction events (e.g., task attempts, scores, timestamps).
Video hosting (e.g., YouTube/Vimeo): streaming analytics; we use privacy‑enhanced mode where possible.
Email & messaging (Brevo) & WhatsApp Business: course notifications, reminders, service updates.
Webinars/meetings (e.g., Zoom/Google Meet): registration details and attendance.
Analytics (if enabled, e.g., GA4/Matomo): aggregated usage statistics to improve the LMS.

We configure these services to minimise data collection. They act as our “processors” under contract, unless stated otherwise.

4. Why we use your data (purposes) & legal bases

We only process your data where we have a lawful basis. Depending on your location, these include contract, legitimate interests, consent, and legal obligation.

Purpose	Examples	Legal basis
Deliver the LMS	create/manage your account; enrol you; save progress; mark assessments; issue certificates	Contract
Communicate with you	service emails, reminders, updates, support responses	Contract; Legitimate interests
Improve courses & platform	troubleshoot, analytics, QA, pedagogy research using aggregated data	Legitimate interests
Personalise learning	recommend content, remember preferences	Legitimate interests; Consent (for certain cookies)
Comply with law	tax, accounting, security, lawful requests	Legal obligation
Marketing (optional)	newsletters about new courses/events	Consent (you can withdraw any time)

We do not use your data for automated decisions with legal or similarly significant effects. We do not sell personal data.

5. Sharing & disclosure

We share personal data only as necessary:

Service providers (processors): hosting, LMS plugins, email delivery (Brevo), analytics, webinar platforms, video hosting, authentication, customer support. Bound by contracts and confidentiality.
Payment processors (if used): e.g., Stripe/SSLCommerz/PayPal. We receive confirmation of payment and transaction IDs; processors receive your card/banking details.
Your employer/school (if sponsored): with your enrolment, progress, and completion data where the course is funded or managed by your institution under an agreement.
Instructors & course staff: access to your submissions and progress for teaching, feedback, and awarding.
Legal & safety: to comply with law, enforce terms, or protect rights, property, and safety.
Business transfers: if we reorganise, merge, or transfer services, data may transfer under the same protections.

6. International transfers

We operate services that may process data in Bangladesh, the United Kingdom, the European Economic Area (EEA), and other countries where our providers host systems (e.g., the United States). Where required, we implement appropriate safeguards (such as Standard Contractual Clauses or equivalent) and minimise what is transferred.

7. Retention

We keep data only as long as necessary for the purposes described:

Account & profile: while your account is active and for up to 24 months after inactivity (unless you request deletion sooner or have ongoing certificates).
Course records (progress, grades, certificates): typically 6 years to evidence training/awards and for audit/complaints.
Assignments & uploads: up to 3 years after course end, unless retained longer for accreditation evidence.
Support correspondence: 2 years.
Analytics & logs: 12–24 months in aggregated or pseudonymised form.
Marketing lists: until you unsubscribe or your email bounces.

We may retain limited information to comply with law, resolve disputes, or enforce agreements.

8. Your rights

Your rights depend on where you live. If you are in the UK/EEA, you have rights under UK/EU GDPR, including: access, rectification, erasure, restriction, objection, data portability, and the right to withdraw consent at any time.
If you are in Bangladesh, we handle your data in line with applicable law and this Policy; when national data protection rules are enacted, we will honour the rights they provide.

To exercise rights, email info@ebtd.education. We will verify your identity and respond within the applicable timeframe.

You also have the right to lodge a complaint with your local data protection authority (e.g., the UK Information Commissioner’s Office) or competent authority where you live.

9. Security

We use administrative, technical, and organisational measures appropriate to the risk, including encryption in transit (HTTPS), strong authentication, role‑based access, regular updates/patching, and restricted production access. No system is 100% secure; please use a strong, unique password and keep your login details confidential.

10. Cookies & similar technologies

We use cookies to run the LMS and improve your experience. Categories include:

Strictly necessary: session, authentication, security, LMS progress (Tutor LMS/WordPress).
Preferences: language (e.g., TranslatePress), layout.
Analytics (optional): usage statistics (e.g., GA4/Matomo).
Marketing/communications (optional): email performance (Brevo), embedded media (YouTube/Vimeo privacy‑enhanced mode where possible).

Where required, we ask for consent via a banner. You can change preferences at any time via the banner or your browser settings. See our Cookie Policy for details and a current list of cookies.

11. Google Sign‑In details (if enabled)

If you choose to sign in with Google:

We receive your name, email, and Google profile ID to create or link your LMS account.
We do not access your Google Drive, contacts, or emails.
You can revoke EBTD’s access in myaccount.google.com/permissions; you can also set an LMS password to continue logging in without Google.

12. Learning analytics & research

We may analyse de‑identified or aggregated learning data to evaluate course effectiveness and improve pedagogy. We publish only anonymised insights. If a course involves additional research beyond normal operations, we will provide a separate information sheet and consent process.

13. Children’s privacy

Our LMS is designed for adult educators and school staff. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact info@ebtd.education so we can delete it.

14. Third‑party links & embeds

The LMS may link to or embed third‑party services (e.g., YouTube, Zoom). Their privacy practices are governed by their own policies. We encourage you to review those policies.

15. Changes to this Policy

We may update this Policy to reflect changes to our services or the law. We will post the new version on this page and update the “Last updated” date. If the changes are material, we will notify you by email or an in‑app notice.

16. How to exercise your choices

Access/erase/export: email info@ebtd.education with your request.
Update your details: edit your profile within the LMS.
Unsubscribe: use the link in any marketing email or email us.
Cookies: use the consent banner or browser settings to adjust preferences.
Close account: email us; closing your account may not delete all course records retained for legal/audit reasons (see Section 7).

17. Contact

Evidence‑Based Teacher Development (EBTD)
Dhaka, Bangladesh
Email: info@ebtd.education
If you are in the UK/EEA, you can also contact your local supervisory authority (e.g., ICO in the UK) for advice or to make a complaint.

Annex A — Our main processors & tools (illustrative)

We will maintain an up‑to‑date internal register. The list below is indicative; not all services are active in every course.

Hosting & CMS: WordPress & managed hosting provider [Name].
LMS: Tutor LMS Pro (Themeum) on WordPress.
Interactive content: H5P (xAPI statements).
Email & forms: Brevo (transactional + marketing).
Authentication: Google Sign‑In (OAuth).
Analytics: [GA4/Matomo] (aggregated).
Video: YouTube (privacy‑enhanced mode) / Vimeo.
Webinars: Zoom / Google Meet.
Payments: Stripe / SSLCommerz / PayPal (if applicable).
Translations: TranslatePress (may process page text for translation).

Annex B — Cookie summary (example)

Cookie	Provider	Type	Purpose	Typical expiry
_ebtd_session	EBTD/WordPress	Strictly necessary	Maintains secure session/login	Session
tlms_progress	Tutor LMS	Strictly necessary	Saves lesson/quiz progress	Up to 30 days
tp_preferred_lang	TranslatePress	Preferences	Stores language selection	1 year
_ga / _gid	Google Analytics	Analytics	Usage statistics	13 months / 24 hours
_brevo_id	Brevo	Marketing/Comms	Email performance & automation	Up to 13 months

Exact names and durations may vary by version; see the Cookie Policy or consent banner for the live list.

Annex C — Definitions

Personal data: any information relating to an identified or identifiable person.
Processor: a service provider that processes personal data for us according to our instructions.
Legitimate interests: our interest in operating and improving the LMS in a way that does not override your rights and freedoms.