GDPR Compliance Notice
Crown Science University Website: https://crownscienceuniversity.com Effective Date: May 8th 2026 Last Updated: May 8th2026
This notice supplements our Privacy Policy and applies to users in the European Economic Area (EEA), the United Kingdom, and Switzerland whose personal data is processed under the General Data Protection Regulation (GDPR) and related laws.
1. Data Controller
Crown Science University is the data controller responsible for processing your personal data.
Contact for data protection matters: Email: [email protected] Website: https://crownscienceuniversity.com
2. Legal Bases for Processing
Under GDPR, we only process your personal data when we have a lawful basis. The bases we rely on include:
Contract: When processing is necessary to deliver products or services you purchased (for example, granting course access after payment).
Consent: When you opt in to marketing emails, cookies, or other optional processing. You can withdraw consent at any time.
Legitimate interests: When we have a genuine business need that does not override your rights (for example, fraud prevention, website analytics, or improving our services).
Legal obligation: When we must process data to comply with the law (for example, tax records).
3. Categories of Data We Process
We may process the following types of personal data:
Identification data (name, email)
Account data (username, password, purchase history)
Payment data (handled by our payment processors)
Technical data (IP address, browser, device, cookies)
Communications data (messages you send us)
Marketing preferences
4. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of access: Request a copy of the data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal exceptions.
Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another provider.
Right to object: Object to processing based on legitimate interests, including profiling and direct marketing.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
Right not to be subject to automated decision-making: Where decisions producing legal or similarly significant effects are made solely by automated means, you have the right to request human review.
Right to lodge a complaint: File a complaint with your local data protection authority if you believe we have violated your rights.
5. How to Exercise Your Rights
To exercise any of these rights, email [email protected] with:
Your full name
The email address associated with your account
A description of which right you want to exercise
Any additional details we need to verify your identity
We will respond within 30 days. If your request is complex or if you have submitted multiple requests, we may extend the response time by up to two additional months and will inform you of the reason.
We may need to verify your identity before processing your request. This is to protect your data from unauthorized access.
6. International Data Transfers
If we transfer your personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as:
Transfers to countries with an adequacy decision from the European Commission
Standard Contractual Clauses (SCCs) approved by the European Commission
Other valid transfer mechanisms permitted under GDPR
You can request more information about specific safeguards by contacting us.
7. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, including:
Fulfilling our contractual obligations to you
Complying with legal, accounting, or reporting requirements
Resolving disputes and enforcing our agreements
When data is no longer needed, we securely delete or anonymize it.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, secure hosting, and regular security reviews. No system is perfectly secure, but we work to reduce risk.
9. Data Breach Notification
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required, and will inform affected users without undue delay.
10. Cookies and Tracking
For users in the EEA and UK, we obtain consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie banner or browser settings.
11. Children's Data
We do not knowingly collect data from children under 16 in jurisdictions where this is the GDPR age threshold. If you believe a child has submitted data to us, contact us and we will delete it.
12. Filing a Complaint
If you believe we have not handled your data lawfully, you can file a complaint with the data protection authority in your country. A list of authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en
13. Contact
For all GDPR-related questions or requests:
Email: [email protected] Website: https://crownscienceuniversity.com