This notice explains the types of personal data we collect, how we use and disclose it, the legal bases we rely on, how we keep it secure, your privacy rights, and how to contact us.

• Controller: DeDataHub Limited (Company No. SC 848215).
• Registered office: 2/3, 48 West George Street, Glasgow, G2 1BP, United Kingdom.
• Primary Contact: privacy@dedatahub.io
• Data Protection Officer (for UK services): Law Accent LP UK ( hello@lawaccent.co.uk; +44 7367 678102 ).

DeDataHub Limited is a UK-based company that helps people grow their careers through learning and data skills. We offer online tools, career support, and personalised guidance to help individuals build confidence and improve their professional opportunities.

You can use our platform anywhere, at home, at work, or on the go. Whether you are just starting out, switching careers, or deepening your skills, we are here to support your journey.

We work with learners from many backgrounds, including professionals, STEM graduates, bootcamp participants, and those exploring data and technology. Our services include mentorship, learning resources, and career advice - all designed to meet your personal goals.

Our team is based in Glasgow, Scotland, and we serve individuals and organisations across the UK and internationally. At Dedatahub, we believe learning should be flexible, inclusive, and built on trust. We are committed to helping you grow in a way that works for you.

DeDataHub Limited acts as a Data Controller when we decide why and how personal data is used. This applies when we:

• Provide learning, career, and professional development services directly to individuals using our platform.
• Manage internal operations, including staff records, platform development, and business planning.
• Collect and use personal data to improve services, support users, and meet legal or contractual obligations.
• Communicate with users about updates, opportunities, or changes to our services.
• Ensure compliance with relevant laws, including employment, education, and data protection regulations.

We ensure your personal data is:

1. Used fairly, lawfully, and transparently.
2. Collected for clear and specific purposes.
3. Limited to what is necessary.
4. Accurate and kept up to date.
5. Stored securely and only for as long as needed.

We comply with applicable data protection laws in the countries where our users access our services. These laws set out clear rules for how we collect, use, store, and protect your personal information. This includes, but is not limited to, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Nigeria Data Protection Act (NDPA) 2023.

In some cases, particularly when we provide platform services or data processing support on behalf of an educational institution, corporate client, or government agency, we act as a Data Processor. This means we process personal data only on the instructions of the Data Controller (e.g. the institution or commissioning organisation).

In these instances:

• We do not determine the purpose or legal basis for processing the data.
• The Data Controller is responsible for responding to and managing any data subject rights requests (such as access, correction, or deletion of personal data).
• However, we are committed to supporting the Data Controller in fulfilling these requests, in accordance with our contractual and legal obligations.

If you have any questions about how we handle your personal data, or if you would like to exercise your data protection rights, please contact our Data Protection Officer (DPO):

Data Protection Officer (DPO): dpo@dedatahub.io | +44 7367 678102 (Managed by Law Accent LTD as our appointed DPO service provider).

We only collect the personal data we need to deliver our services, run our platform, and meet legal requirements. The type of data we collect depends on how you interact with us - whether as a learner, professional, partner, employee, job applicant, or visitor.

Here are the types of personal data we may collect and examples of each:

We collect this data to personalise your learning experience, improve our services, and meet our legal and contractual responsibilities. All data is handled in line with relevant data protection laws including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We use your personal data to provide our services, improve your experience, and meet legal requirements. We only use your data when it's necessary, fair, and clearly linked to your learning and career goals.

Here is how we may use your personal data:

We obtain consent before using any cookies or similar technologies that are not strictly necessary. Our cookie settings tool (CMP) blocks non-essential cookies and tags until you allow them, and remembers your choices. You can withdraw consent at any time with immediate effect and without losing access to core services. For details, see our Cookie Notice and the Cookie Settings link in the footer.

In addition, we use two AI-enabled features: AI Career Advisory (chat and optional voice guidance) and AI Accountability and Engagement (proactive check-ins, reminders, and nudges to help you stay on track). You can disable any category of proactive messages at any time in Settings.

Also, we limit non-urgent notifications to a maximum of 3 per day and 12 per week, with at least a 4-hour gap between messages, and we do not send notifications during Quiet Hours i.e (10:00 pm to 8:00 am) unless you change these times in Settings.

Note: Mobile push notifications require your device permission and can be turned off at any time in your device settings.

We are required to have a lawful basis for collecting, using, and sharing your personal data, in accordance with applicable data protection laws in the countries where our users access our services. The legal basis depends on the nature of your relationship with us and the purpose for which your data is being processed. We rely on one or more of the following legal bases:

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, and in accordance with applicable laws. The general retention periods are as follows:

When your data is no longer needed, we will ensure it is either deleted or anonymised in line with data protection regulations.

Under applicable data protection laws in the countries where our users access our services, you have rights that give you control over how your personal data is used. These rights are consistent across jurisdictions and are summarised below to help you understand what they mean in practice.

To exercise any of these rights, contact our DPO at dpo@dedatahub.io. We may need to verify your identity before acting on your request.

Note that withdrawing consent is as easy as giving it and takes effect immediately. You will not lose access to core services for choosing essential-only cookies.

At DeDataHub Limited, protecting your personal data is a top priority. Whether it‘s your account details, learning history, career preferences, or contact information, we take steps to keep your data secure, private, and only accessible to people who need it.

Here‘s how we protect your data:

• We store your data securely and use encryption for sensitive information.
• Only authorised team members can access personal data, and only when needed.
• We carry out regular security checks to find and fix any risks.
• Our staff receive training on data protection and privacy best practices.
• We monitor our systems to prevent misuse, unauthorised access, or data loss.

Ultimately, we use TLS 1.3 to protect data in transit and AES-256 to protect data at rest, with role-based access controls.

To provide a safe, effective learning experience and meet our legal obligations, we may need to share your personal data with trusted third parties. We only share information when it is necessary, lawful, and in compliance with data protection legislation. Whenever data is shared, we ensure it is done securely and only with authorised individuals or organisations.

Below is a summary of who we may share data with and why:

• Mentors and Learning Coaches/architects: To deliver personalised guidance, feedback, and support as part of your learning journey.
• IT and Platform Providers: We may use secure software and systems for course management, scheduling, analytics, and payment processing. These providers are bound by strict confidentiality and data processing agreements.
• Key processors: Anthropic (conversation text for advisory), OpenAI (voice processing), and AWS (infrastructure hosting). These processors operate on our servers under data processing agreements and do not place their own cookies on your device for our services. We maintain a current list of sub-processors and infrastructure providers at https://dedatahub.io/legal/subprocessors
• The register displays a "Last updated" date at the top of the page and a brief change log so you can see when providers were added, removed, or revised.
• Regulatory and Compliance Authorities: We may be required to share data with educational regulators, accreditation bodies, or government agencies to comply with legal or regulatory obligations.
• Legal Advisors and Insurers: In the event of legal crimes, audits, or investigations, we may share relevant information with legal advisors, insurers, or claims handlers.
• Emergency Contacts: with your consent, we may share information with designated family members or legal representatives to ensure your safety or support in urgent situations.

We do not sell or trade your personal data. Any sharing is done lawfully, securely, and only when necessary to fulfil our duties or with your consent. Any sharing is done securely and only when necessary.

While DeDataHub Limited is based in the United Kingdom, we serve users across multiple countries. This means personal data may be transferred or accessed across borders, depending on where our users access our services.

When personal data is transferred outside the country of origin, we ensure it is protected through appropriate safeguards, such as:

• Using secure systems and encrypted connections
• Working only with trusted service providers
• Applying Standard Contractual Clauses (SCCs), Adequacy Decisions, Binding Corporate Rules (BCRs), Data Processing Agreements (DPAs), or other recognised legal mechanisms to ensure compliance with international data transfer standards.

We protect cross-border transfers with strong security: your connection to us is encrypted while data is in transit (like a locked, private tunnel), and stored data is scrambled using industry-standard encryption, so it is unreadable without the right keys.

We take steps to ensure that your data remains safe, and your rights are protected, no matter where you access our services from.

While we primarily provide learning and mentorship services to adults, we may occasionally collect or process personal data about minors, for example, when supporting families, delivering courses in a household where children are present, or addressing safeguarding concerns.

We recognise that minors‘ data requires special protection under data protection laws. Where we do collect or handle data about a minor, we ensure the following:

• We only collect data that is necessary for delivering educational services, ensure safeguarding, or comply with legal obligations.
• We seek consent from a parent or legal guardian whenever appropriate.
• We treat minors‘ data with the highest level of confidentiality and care, in line with data protection laws including the UK GDPR, and UK Data Protection Act 2018.
• We do not use minors‘ data for marketing, profiling, or promotional purposes.

The minimum age for valid consent may vary depending on the laws of the country where the user resides. For example, under 13 in the United States, under 16 in parts of the EU, and under 18 in Nigeria. We apply the most protective standard where applicable.

We do not knowingly collect personal data from children who fall below this age threshold. If you believe we have collected information about a minor inappropriately, or if you wish to exercise any data rights on their behalf, please contact us at dpo@dedatahub.io.

Users in different jurisdictions are entitled to rights under their respective laws. These rights are consistent with those outlined in the “Your Data Rights” section of this notice, including access, correction, deletion, restriction, objection, and portability of personal data.

If you have questions or concerns about how we handle your personal data, please contact our Data Protection Officer (DPO) at:

• Tel: +44 7341 576072 (For users in the UK)
• Email: dpo@dedatahub.io
• Postal Address: 2/3, 48 West George Street, Glasgow G2 1BP, United Kingdom

United Kingdom - Information Commissioner‘s Office (ICO):

• Helpline: 030 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Nigeria - Nigeria Data Protection Commission (NDPC):

• Email: info@ndpc.gov.ng
• Address: No. 12 Dr. Clement Isong Street, Asokoro, Abuja
• Helpline: +234 916 061 5551

If you are not satisfied with our response, you may escalate your concern to the relevant supervisory authority in your country. For users within the EU, a list of supervisory authorities in the EU is available here.

We are working to make this notice available in other languages and plain language formats to support accessibility for all users.

We may update this Privacy Notice from time to time. If we make significant changes, we will notify you through appropriate channels. The latest version will always be available on our website, and we recommend checking it periodically.

We have updated this Privacy Notice. Here‘s what changed:

1. Why we use your data (consent clarifications)
   • Analytics and marketing run only if you opt in. They are off by default, and the service still works without them.
   • Voice Mode needs its own opt-in. You choose it separately before first use.
2. Cookies and tracking (choice respected by default)

   Our consent tool blocks all non-essential cookies and tags until you switch them on. If you turn them off later, we stop right away, no penalty to your core experience.

3. Notifications (now with limits and quiet time)

   We have added guardrails: max 3 per day, 12 per week, at least 4 hours apart. Quiet Hours: No non-urgent messages 10:00 pm- 8:00 am. You can opt out anytime.

4. How long we keep things (clear timetable)
   • Conversation transcripts: kept go days after you delete them (for safety and audit) and then removed.
   • Uploaded files: kept 30 days.
   • Notification history: kept 90 days.
5. Our service providers and data transfers (named and safeguarded)

   We have listed our main processors (Anthropic, OpenAI, AWS) and linked to a live register so you can see the current list. We restated our transfer safeguards: Standard Contractual Clauses (SCCs) for international data flows and modern encryption (TLS 1.3 in transit, AES-256 at rest).

This version took effect on the date shown at the top of this notice.

Previous versions (summary):

15 March 2025 - Initial UK Privacy Notice (Link) For older versions or a full change history, contact dpo@dedatahub.io

Older versions: Email dpo@dedatahub.io to request an earlier version or the detailed change log.