Privacy Notice

Last updated: 26/03/2024

This Privacy Notice describes the ways in which Morphoses Skills Ltd and its subsidiaries (collectively “we” “us” or “Morphoses”) collect, process, and disclose information about the Users of our Website and our Services (as defined below). By visiting our Website or using our Services, you acknowledge that you accept this Privacy Notice.

The access and use of the Website and Services by the Child User requires Parent’s acceptance of this Privacy Notice. Parents must carefully read the contents of this page before accepting. If the Parent does not Consent or withdraws Consent, then we will not be able to provide our Services to the Child User in any way.

  1. Definitions

We”, “us” or “Morphoses” means Morphoses Skills Ltd and its subsidiaries.

You” or “yours” means a visitor or a user of our Website.

Child” means a minor under the age of fifteen (15) years.

Parent” means the parent, legal guardian, or anyone with parental responsibility for Children Users.

User” means the person accessing and using the Services.

Parent User” means the Parent that registers for the Services.

Parent Account” means an account that is created by a Parent User.

Child User” means any child under 15 who uses the learning portion of the Services.

Child Profile” means a profile that is created for a Child User.

School” means a provider of educational services that uses the Services for educational purposes.

School Account” means an account that is purchased by or on behalf of a School.

Website” means www.morphoses.io and all subdomains, including our learning platform (https://app.morphoses.io/).

Services” means the offerings of Morphoses made available via the Website.

Instructor” means the instructor conducting a particular online class where a Child User is enrolled.

Controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) the General Data Protection Regulation 2016/679 (“GDPR”); (b) the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018; (c) any applicable national law, regulation, and guidelines from the competent data protection authority; and (d) any applicable successor texts or other similar national data protection law.

Personal Data” means any information relating to a Data Subject such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.

Recipient” means the natural or legal person to which the personal data are disclosed, whether a third party or not.

Processing” means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Consent” of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  1. Who is the Controller of the Personal Data?

The Controller of the Personal Data is:

Morphoses Skills Ltd
Kemp House, 160 City Road,
EC1V 2NX, London, UK,
Company registration number 13526879

For the EU-based data subjects, the Controller possesses and establishment in the EU (as per the relevant definition of Article 27 of the GDPR) with the following details:

Morphoses Skills Single Member P.C.
83-85, Akadimias Street,
10678, Athens, Greece
Company registration number: 160873201000

  1. What Personal Data is processed and where does this data originate?

In order to be able to use our Services, Parent Users must first purchase a subscription plan and then register on the Website following the respective instructions. During the Parent Account creation process, the Parent User may create individual profiles for each Child authorized by the Parent User to use the Services through the Parent Account. Each Child Profile must be associated with a Parent Account, and Children cannot access the Services without the Parent User first signing in to the Parent Account with their login credentials. After the Parent User logs into a Parent Account, the Child User selects the Child Profile to use the Services. Children Users cannot enroll in classes through the Services and can only attend classes if the Parent enrolls them.

The Services may also be purchased by Schools that use our Services for educational purposes. Schools are provided with the purchased set of unique codes to access the Services for their students. When Morphoses contracts with a School to provide its Services, it is the School’s responsibility to obtain proper Consent from Parents where required by law to process and disclose to Morphoses the Personal Data of Children Users.

  • Parent Users

Parent Users are asked to provide certain Personal Data about themselves when registering for a Parent Account to access and use the Website and our Services, including their: (a) identification and contact information; (b) name or publicly posted name from a linked third party account; (c) email address; (d) credit card or other payment information if provided; (e) demographic data; (f) questions that are put to the community and responses returned to the community and (g) login credentials. In case the Services are provided to Parent Users as a benefit from their employers, we collect their identification and contact information of the Parent Users from their employer.

  • Children Users
  • Personal Data provided by Parents

Parent Users who register for a Parent Account are asked to provide certain Personal Data about the relevant Children Users who will be accessing the Services through their Children Profiles during the registration process, including: (a) first name; (b) date of birth; (c) gender; (d) descriptions of the type of schooling the Child User attends; (e) local time zone; (f) information relevant to teaching (such as dates of examinations, grades, learning disabilities etc.); and (g) any additional notes for the Instructor. When a Parent User submits any Personal Data relating to a Child User in connection with the Services, they represent that they have the authority to do so and agree to Morphoses using the Personal Data of Children Users in accordance with this Privacy Notice.

  • Special Category Data

Parents may voluntarily provide Special Category Data such as health or disability information included in forms or messages to aid with learning of the Child User. Special Category Data is not mandatory for the provision of the Services and its disclosure by Parents is purely voluntary.

  • Personal Data provided by Schools

Schools which are registered for a School Account are asked to provide certain Personal Data about the relevant Children Users during the registration process, including their first and last name, year of birth and email of Children Users who will be accessing the Services through their Children Profiles. When a School submits any Personal Data relating to a Child User in connection with the Services, it represents that it has obtained proper Consent from Parents where required by law to process and disclose to Morphoses the Personal Data of Children Users.

  • Personal Data provided by Children Users themselves

In cases where parental Consent has been provided, we collect personal data directly from Child User. In any case, we do not condition participation in our Services for Children on the collection of more Personal Data than is reasonably necessary. We collect the following Personal Data directly from Children Users: (a) information about themselves they may share during online classes; (b) classes for which Children Users have enrolled; (c) video of image and audio of Child User’s voice during classes which are automatically recorded; (d) content and communications that Child User may include or upload or messages Child User shares with the class; (e) content and files. At times, we may allow Child-User to submit content, including photos and artwork, along with other information about the Child User (like age, first name or initials and city, state, and country) that Child User may allow us to display publicly. In any case, Parents should review Child User’s submissions and avoid uploading any private information about the Child User, family members, or others; and (f) information about themselves that Children Users share with the Instructor and the rest of their class during the class session voluntarily, including content, images, and videos they may upload and share with their class.

IMPORTANT NOTICE. While we expect Instructors and Children Users to abide by our standards of conduct and we take reasonable steps to monitor certain communications and posts, please note that we are not able to control or monitor all Personal Data a Child User may share with Instructors or other Children-Users, nor what those third parties ultimately do with that information.

  • Class video recordings

Each of our courses is recorded. Children Users’ video image and voice audio and potentially background images of their home and family members are shared with the Instructor and the rest of the class as they participate in classes. The video recordings are made available to the Instructor of the class and potentially to the entire class (and their Parents) to view and review the Instructor and the content. Instructors may access the recordings of their classes and may use the recordings to improve their curriculum. We may also use class recordings to provide feedback to Instructors, to improve our Services, for customer support and for compliance purposes. Such recordings cannot be downloaded and we request that our Instructors or the Parents who have access to such recordings refrain from creating copies of the recordings in any other way.

Consent to record the course. By using the Services, you understand, agree, and Consent to Child User appearing in class recordings for the limited purposes set forth above. Recordings are retained for 10 days and then permanently deleted. If a Parent wishes their Child User’s image not to be captured, they shall not open and they shall procure that the Child User will not open the camera during the session. We will not use class recordings containing images of the Child User for promotional or any other purposes without your express written Consent.

  • Schools

When a teacher, school administrator, or other authorized person associated with a School registers for an account in order to use our Services or corresponds with us, we may collect Personal Data of this person such as (a) name; (b) email address; (c) job title; and (d) login credentials.

  • Personal Data we collect automatically for all Users

When a User uses or interacts through the Website and the Services, we may automatically collect the following Personal Data through cookies, web beacons, and other technologies: (a) usage data, such as login times, search terms used and pages viewed, as well as other information about User’s device and browser; (b) identifiers and device information. We collect User’s IP Address, device identifiers, operating system type, and browser type. We may use such information and pool it with other information to track usage, device, and system data, for example, the total number of visitors to the Website and the number of visitors to each page of the Website. For more information about our use of cookies, please visit our Cookie Policy.

  1. What are the purposes and the legal bases of the Processing?

We may process Personal Data for the following purposes:

  1. To authenticate Users and to provide our Services. Such Processing is necessary for the performance of our contractual obligations.
  2. To communicate with you to confirm registration, to send you updates and notifications regarding upcoming lessons and/or their delay or cancellation, to provide customers support and security alerts, and other administrative messages. To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your information to respond. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. Such Processing is necessary for the performance of our contractual obligations and for the purposes of our legitimate interests to handle your requests.
  3. To communicate with you about new product features, to send you promotional communications or other news about Morphoses. Such Processing is necessary for the purposes of our legitimate interests to promote our Services. You may unsubscribe at any time from this type of communications by clicking the unsubscribe link provided in each such promotional communication. In case you have subscribed to our newsletter, such Processing is based on your Consent, and you may unsubscribe from our newsletter at any time by clicking the unsubscribe link provided in each promotional communication.
  4. For business operations such as processing your payment for the Services, billing, accounting, improving our internal operations, account management and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. Such Processing is necessary for the performance of our contractual obligations.
  5. To enforce compliance with our Terms of Service and applicable law or regulation. This may include developing tools and algorithms that help us prevent violations. Such Processing is necessary for the purposes of our legitimate interests to protect our Website and Services.
  6. To protect the rights and safety of Users and third parties, as well as our own. To investigate and help prevent security issues and abuse to detect fraudulent or illegal activity. Such Processing is necessary for the purposes of our legitimate interests to protect our Website and Services.
  7. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. Such Processing is necessary for our compliance with legal obligations to which Morphoses is subject.
  8. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Such Processing is necessary for our compliance with legal obligations to which Morphoses is subject and for the purposes of our legitimate interests to establish, exercise or defend our legal claims.
  9. To provide and enhance the Website and our Services, including troubleshooting, maintaining, improving, and personalizing the Website and our Services. Such Processing is necessary for the purposes of our legitimate interests to ensure the proper functioning of our Website and provide you with personalized Services. You can choose to opt-out of recommendations based on your Child User’s activities and instead choose the learning topics you want to hear about.
  10. To conduct research and develop new services or features; analyze website usage and usage of the Site features, content, and pages. Such Processing is necessary for the purposes of our legitimate interests to improve, maintain, and analyze our Services.

Automated decision making and profiling. We do not use your Personal Data for the purposes of automated decision-making. However, we may combine data we collect from different sources to achieve these purposes and to give you a more seamless, consistent, and personalized experience.

  1. Who are the Recipients of Your Personal Data?

Information collected from both Parent and Child Users will not be disclosed except as follows:

  1. to third party service providers and partners who provide data processing services to us for purposes that are described in this Privacy Notice, such as Instructors or service providers that process debit and credit cards and payments, email marketing providers, hosting services providers etc.;
  2. with our group companies who process personal information for purposes that are described in this Privacy Notice;
  3. to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary;
  4. to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use Personal Data only for the purposes disclosed in this Privacy Notice; and
  5. to any other person with your Consent to the disclosure.

We do not disclose Personal Data of any Child User to third parties for any marketing or promotional purposes.

  1. Third Party Links

Please note that the Website may include references or links to or suggestions to engage with third parties whose privacy practices may differ from ours. Instructors may also suggest third party resources for Users. If you provide Personal Data to any of those third parties, or allow us to share Personal Data with them, that data is governed by their respective privacy statements.

  1. International Transfer

Our Services may be provided using resources and servers located in various countries around the world. Therefore, your Personal Data may be transferred across international borders outside the country where you use our Services, including to countries outside the European Economic Area (EEA) or the UK.

When we transfer Personal Data from the EEA or UK, we do so on the basis of adequacy decisions regarding the country of transfer and transfer mechanisms such as the Standard Contractual Clauses adopted by the European Commission (and their approved equivalents for the UK). Users may contact Morphoses regarding the above by sending an email at privacy@morphoses.io.

  1. Safeguarding Personal Data

We have implemented generally accepted standards of technology and operational security to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We require all employees and partners to keep Personal Data confidential and only authorized personnel have access to this information. All web traffic (file transfer) between this Website and your browser is encrypted and transferred via the HTTPS protocol using Secure Sockets Layer (SSL). We will report any unlawful violation of our database or any third-party data processing database to all relevant stakeholders as well as to competent authorities within 72 hours of the violation, according to the law.

  1. For how long will the Personal Data be stored?

We will retain Personal Data for as long as your account is active or as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or Consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For more information on the above, please send us an email at privacy@morphoses.io.

  1. What rights do you have?

Users are provided with a variety of rights regarding the Processing of their Personal Data:

Right of access. You have the right to request access to your Personal Data or your Child User’s Personal Data. This enables you to receive a copy of the Personal Data we hold about you or your Child User and to check that we are lawfully processing it.

Right to rectification. You have the right to request correction of the Personal Data that we hold about you or your Child User. This enables you to have any incomplete or inaccurate data we hold about you or your Child User corrected or updated, though we may need to verify the accuracy of the new Personal Data you provide to us.

Right to erasure. You have the right to request erasure of your or your Child User’s Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your or your Child User’s Personal Data where you have successfully exercised your right to withdraw your Consent or to object to Processing, where we may have processed your Personal Data unlawfully or where we are required to erase your or your Child User’s Personal Data to comply with law. Please keep in mind that a request to delete records may lead to a termination of an account, membership, or other Services.

Right to object. You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. You also have the right to object to where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your rights and freedoms.

Right to restrict processing. You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to data portability. You have the right to request the transfer of your Child User’s Personal Data to you or to a third party. We will provide to you or a third party you have chosen your Personal Data in a structured, commonly used, machine-readable format.

Right to withdraw Consent. You have the right to withdraw your Consent at any time where we are relying on Consent to process your or your Child User’s Personal Data. However, this will not affect the lawfulness of any Processing carried out before you withdraw your Consent. If you withdraw your Consent, we may not be able to provide certain products or Services to you or your Child User. We will advise you if this is the case at the time you withdraw your Consent.

You may exercise the above rights by contacting us at: privacy@morphoses.io

We will use our best efforts to respond to any request within one (1) month. You will not have to pay in order to exercise your rights. We may request further information from you to confirm your identity and/or your connection with the Personal Data in question.

Complaints. If you have any concerns about the way your or your Child User’s Personal Data are handled, you can contact us at privacy@morphoses.io. You have the right to make a complaint at any time at:

(a) For EU Users: Hellenic Data Protection Authority, Kifissias 1-3, 115 23 Athens, Greece. For more information on lodging a complaint, please see here: https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa

(b) For UK Users: the Information Commissioner’s Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF, England. For more information on lodging a complaint, please see here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/.

  1. Changes and updates of this Privacy Notice

We may amend this Privacy Notice from time to time. Any updates or modifications will be posted on this Website with a date indication to let you know what the most recently updated version is.