At UNI EdTech, we are committed to safeguarding personal information and ensuring compliance with international data protection laws, including the General Data Protection Regulation (GDPR). This document outlines our Binding Corporate Rules (BCRs) to facilitate secure and lawful international transfers of personal data within UNI EdTech’s global operations.

1. Introduction to Binding Corporate Rules (BCRs)

Our BCRs provide a comprehensive framework for processing and transferring personal data across our corporate group, including transfers to locations outside the EU and UK. These rules are legally binding and ensure that all personal data is handled securely and in compliance with GDPR principles, regardless of location.

2. Scope and Applicability

Our BCRs apply to:

• All entities and employees within UNI EdTech.
• All personal data processed by UNI EdTech, including but not limited to learner and instructor data, payment details, and communication records.
• Transfers of personal data to third-party partners located in Japan, Hong Kong, and Pakistan.

3. Data Protection Principles

UNI EdTech adheres to the following core principles when processing and transferring personal data:

1. Lawfulness, Fairness, and Transparency: Personal data is processed in a fair and transparent manner, ensuring that users are informed about how their data is used.
2. Purpose Limitation: Data is collected for specific, legitimate purposes and not processed in a way incompatible with those purposes.
3. Data Minimization: Only data strictly necessary for the intended purpose is collected and processed.
4. Accuracy: We take steps to ensure personal data is accurate and up to date.
5. Storage Limitation: Personal data is retained only as long as necessary to fulfill the purpose of collection.
6. Data Security: Robust technical and organizational measures are implemented to protect data from unauthorized access, alteration, or destruction.