ZenX Academy operates as the data controller for all processing activities described in this Privacy Policy. All references to "ZenX Academy" denote the institutional digital system responsible for determining the purposes and means of processing personal data.

This Privacy Policy is issued by ZenX Academy in compliance with Regulation (EU) 2016/679 (GDPR) and applicable European data protection standards.

This document establishes the principles, conditions, legal bases, and institutional framework governing the processing of personal data by ZenX Academy. It applies to all individuals and entities interacting with ZenX Academy's systems, including users, visitors, subscribers, and any party accessing services, platforms, or digital infrastructures operated by the institution. It defines obligations, rights, and regulatory alignment without serving as a marketing or explanatory instrument.

For the purposes of this Privacy Policy:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, whether automated or not.
• Data Controller: The entity determining the purposes and means of processing personal data.
• Data Processor: A third party processing data on behalf of the controller.
• User: Any individual or entity interacting with ZenX Academy's systems.

ZenX Academy may process the following categories of personal data, depending on user interactions:

• Identification data
• Contact information
• Account credentials
• Transaction and billing information
• Access logs and system interaction metadata
• Device, browser, and network information
• Cookies and tracking identifiers (as referenced in the Cookies Policy)
• Subscription and service usage records

No special categories of personal data are intentionally collected unless required by law and supported by appropriate safeguards.

ZenX Academy processes personal data under the legal bases permitted by GDPR Article 6, including:

• Performance of a contract
• Compliance with legal obligations
• Legitimate interests, balanced against data subject rights
• Consent, where explicitly required
• Preparation or execution of payment transactions through Paddle or Polar as independent controllers or processors

Each processing activity operates under at least one lawful basis.

Personal data is collected through:

• Direct provision by users
• Automated technical systems
• Account creation and configuration
• Transaction workflows managed through Paddle and Polar
• Cookies and similar technologies
• System access and usage monitoring
• Administrative or compliance-related correspondence

Only data necessary for defined purposes is collected, in accordance with data minimization principles.

ZenX Academy processes personal data for the following purposes:

• Account creation, identity verification, and authentication
• Provision, maintenance, and operation of institutional services
• Subscription and payment administration
• Compliance with tax, accounting, and regulatory obligations
• Security monitoring and fraud prevention
• Enforcement of institutional rules and contractual terms
• System optimization and performance analysis
• Legal claims, audits, and governance requirements
• Communication strictly related to services, transactions, or compliance

Processing is limited to the scope necessary for these purposes.

Personal data is retained only for the duration necessary to fulfill the purposes for which it was collected or to meet legal obligations. Retention periods reflect:

• Contractual requirements
• Statutory obligations (e.g., financial recordkeeping)
• Security, audit, and compliance needs
• Limitation periods for legal claims

Data is deleted or anonymized when no longer required under applicable law.

ZenX Academy may disclose personal data under controlled conditions to:

• Paddle and Polar, which operate as independent payment processors responsible for handling billing data under their own legal obligations
• Service providers acting as data processors under data protection agreements
• Legal, regulatory, or administrative authorities when required by law
• Technical infrastructure providers supporting system functionality
• Professional advisors involved in governance, compliance, or audits

No personal data is sold or transferred for marketing purposes.

Where international transfers occur, they are governed by:

• Adequacy decisions issued by the European Commission
• Standard Contractual Clauses
• Risk assessments aligned with EDPB recommendations
• Additional safeguards where required

Transfers occur only when legally justified and aligned with institutional compliance obligations.

In accordance with GDPR Articles 12–23, data subjects may exercise the following rights:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent where processing is based on consent

Requests must be submitted to the contact information listed in Section 17.

Data subjects have the right to lodge a complaint with a competent supervisory authority within the European Union, particularly in the Member State of habitual residence, place of work, or place of alleged infringement.

ZenX Academy implements technical and organizational measures designed to safeguard personal data, maintain system integrity, ensure confidentiality, and prevent unauthorized access, alteration, or loss. Measures are proportionate to institutional risk assessments and regulatory requirements.

ZenX Academy uses cookies and similar technologies for system operation, analytics, authentication, and session management. Details are provided in the Cookies Policy, which operates as a separate regulatory document referenced by this Privacy Policy.

Third-party service providers may process personal data strictly for purposes aligned with ZenX Academy's operational requirements. All processors operate under binding agreements establishing confidentiality, security, and compliance obligations. Payment processing is conducted independently by Paddle and Polar in accordance with their regulatory frameworks.

ZenX Academy may update this Privacy Policy to maintain regulatory alignment, reflect institutional governance developments, or adapt to system changes. Modifications take effect upon publication on the official platform. Continued use of ZenX Academy's services is subject to the policy version in force at the time of processing.

All data protection inquiries, rights requests, or governance-related communications shall be addressed to:

This Privacy Policy constitutes an authoritative institutional legal document governing the processing of personal data by ZenX Academy. It operates within the institutional policy hierarchy and must be interpreted consistently with applicable EU law and the governance framework of ZenX Academy.