Privacy Policy
Seylearning — Effective Date: 21 March 2026 — Version 1.2
1. Introduction
Seylearning (“we,” “our,” or “us”) is a talent development consulting company registered in the Republic of Seychelles. We offer talent development consulting services, online courses, live training, coaching, and related professional development services.
We are committed to protecting the privacy and security of your personal data in compliance with the Data Protection Act, 2023 (Act 24 of 2023) of Seychelles (“the Act”) and, where applicable, other relevant data protection legislation including the EU General Data Protection Regulation (GDPR) and the UK GDPR.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies whenever you interact with our website, platform, services, or us directly.
If you have any questions about this Policy, please contact our Data Protection Officer using the details in Section 13.
2. Definitions
· The following terms are used throughout this Policy:
| Term | Meaning |
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Data Subject | The individual to whom the personal data relates (i.e., you). |
| Data Controller | Seylearning, which determines the purposes and means of processing personal data. |
| Data Processor | A third party that processes personal data on our behalf and under our instruction. |
| Processing | Any operation performed on personal data, including collection, storage, use, transfer, or deletion. |
| Sensitive Data | Special categories of personal data attracting heightened protection (e.g., health data, biometric data) under Section 28 of the Act. |
3. Data We Collect
We collect personal data in the following categories, depending on how you interact with us:
3.1 Data You Provide Directly
- Identity and contact information: name, email address, phone number, postal address.
- Professional details: job title, employer, industry sector.
- Account credentials: username and password (stored in encrypted form).
- Payment and billing information: card details (processed by our payment provider; we do not store raw card numbers), billing address, and invoicing details.
- Communications: any messages, feedback, or enquiries you send us.
- Assessment data: quiz responses, assignment submissions, course progress, and certificates earned.
3.2 Data Collected Automatically
- Technical data: IP address, browser type and version, device type and operating system, time zone.
- Usage data: pages visited, features used, time spent on the platform, clickstream data.
- Cookie and tracking data: as described in Section 10.
3.3 Data from Third Parties
- Payment processors: confirmation of payment status.
- Corporate clients: where your employer purchases Services on your behalf, we may receive your name and contact details from them.
3.4 Children’s Data
Our Services are intended exclusively for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly. If you believe we have collected data about a child, please contact us immediately at welcome@seylearning.com.
4. How We Use Your Data
We use your personal data for the following purposes. For each purpose, we also identify the legal basis on which we rely (see Section 5 for detail on legal bases):
| Purpose | Legal Basis |
| Creating and managing your account | Contract performance |
| Delivering courses, workshops, and consulting services | Contract performance |
| Processing payments and issuing invoices | Contract performance; Legal obligation |
| Sending transactional communications (e.g., booking confirmations, receipts) | Contract performance |
| Sending marketing communications and promotions | Consent (you may opt out at any time) |
| Improving our website, platform, and services | Legitimate interests |
| Analysing usage patterns and platform performance | Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Detecting fraud and ensuring platform security | Legitimate interests; Legal obligation |
| Responding to your enquiries and complaints | Contract performance; Legitimate interests |
5. Legal Basis for Processing
We process your personal data on one or more of the following legal grounds under Section 15 of the Act:
Consent
Where you have given us clear, specific, and informed consent — for example, to receive marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, please see Section 9 or contact us using the details in Section 13.
Contract Performance
Where processing is necessary to perform a contract with you (e.g., providing the course you have purchased) or to take steps at your request before entering into a contract.
Legal Obligation
Where processing is necessary to comply with a legal obligation to which we are subject, such as tax and financial reporting requirements.
Legitimate Interests
Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. We carry out a balancing assessment before relying on this basis. Our legitimate interests include: improving and securing our platform, preventing fraud, and understanding how users engage with our Services. You have the right to object to processing on this basis (see Section 9).
6. Data Sharing and Third Parties
We may share your personal data with the following categories of third parties:
Service Providers (Data Processors)
We engage third-party service providers to support our operations, including payment processors, cloud hosting providers, email delivery services, video conferencing platforms, and analytics tools. These parties act as Data Processors and are permitted to process your data only on our documented instructions. We enter into written data processing agreements with all processors, requiring them to implement appropriate technical and organisational security measures and to process data only for the specified purpose.
Accrediting or Certifying Bodies
Where a course leads to a certificate or credential issued by a third-party body, we may share relevant completion data with that body. We will inform you of this at the time of enrolment.
Corporate Clients
If your employer or organisation has purchased Services on your behalf, we may share progress and completion data with the relevant contact at that organisation, to the extent agreed in our contract with them.
Legal and Regulatory Authorities
We may disclose personal data to law enforcement agencies, courts, regulators, or other authorities where required to do so by applicable law, or where we have a good-faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity. We will notify you in advance of any such transfer and any changes to this Policy that result from it.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse, in line with Section 20 of the Act. These measures include, but are not limited to:
- Encryption of data in transit (TLS/HTTPS) and at rest where appropriate.
- Access controls limiting data access to authorised personnel on a need-to-know basis.
- Regular security assessments and monitoring.
- Staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commission of Seychelles without undue delay and, where required, notify you directly. We maintain an internal breach register and incident response procedure in accordance with Section 37 of the Act.
While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We encourage you to use a strong, unique password for your account and to notify us immediately if you suspect any unauthorised access.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Section 16 of the Act. The following indicative retention periods apply:
| Data Category | Retention Period |
| Account and profile data | Duration of account, plus 2 years after closure |
| Course and assessment records | 5 years from course completion (to support certificate verification) |
| Payment and billing records | 7 years (to comply with financial and tax obligations) |
| Marketing consent records | Until consent is withdrawn, plus 1 year |
| Support and communication records | 3 years from last interaction |
| Technical/log data | 12 months on a rolling basis |
| Cookie and analytics data | As set out in our Cookie Policy (see Section 10) |
After the applicable retention period, data is either securely deleted or anonymised so that it can no longer be linked to you. Where you request deletion of your data before the end of a retention period, we will comply unless we are required by law to retain it.
9. Your Rights
Under the Data Protection Act, 2023, and where applicable the GDPR, you have the following rights in relation to your personal data:
Right of Access (Section 22 of the Act)
You may request a copy of the personal data we hold about you, along with information about how we use it.
Right to Rectification (Section 23 of the Act)
You may ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure (Section 24 of the Act)
You may ask us to delete your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where it has been unlawfully processed. This right is subject to certain exceptions (e.g., where we are required to retain data by law).
Right to Object (Section 26 of the Act)
You may object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Data Portability (Section 25 of the Act)
Where processing is based on consent or contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format, or transmit it directly to another controller where technically feasible.
Right to Withdraw Consent
Where we process your data on the basis of consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. To withdraw consent for marketing communications, click the unsubscribe link in any marketing email, or update your preferences in your account settings under “Notification Preferences.” For all other consent withdrawal requests, contact us using the details in Section 13.
Rights Related to Automated Decision-Making
We do not currently make decisions about you solely by automated means that produce legal or similarly significant effects. If we introduce such processing in the future, we will update this Policy and provide you with the right to request human review of such decisions.
Right to Lodge a Complaint
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commission of Seychelles. We encourage you to contact us first so we can attempt to resolve your concern directly.
To exercise any of the above rights, please submit a written request to our Data Protection Officer using the contact details in Section 13. We will respond within 30 days of receipt. We may need to verify your identity before processing your request.
10. Cookies and Tracking
We use cookies and similar tracking technologies (such as pixels and local storage) on our website and platform. Cookies are small text files stored on your device that help us recognise you and improve your experience.
10.1 Categories of Cookies We Use
| Cookie Type | Purpose |
| Strictly Necessary | Essential for the platform to function (e.g., session management, login authentication). Cannot be disabled. |
| Functional | Remember your preferences and personalise your experience (e.g., language, region). |
| Analytics / Performance | Help us understand how users interact with the platform so we can improve it (e.g., Google Analytics). |
| Marketing / Targeting | Used to deliver relevant advertising and track the effectiveness of campaigns. Only set with your consent. |
10.2 Managing Your Cookie Preferences
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can update your preferences at any time by clicking the “Cookie Settings” link in the footer of our website.
You may also manage or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our platform. For more information on managing cookies, visit www.allaboutcookies.org.
11. International Data Transfers
Our primary operations and data storage are located in the Republic of Seychelles. Some of our third-party service providers (such as cloud hosting and payment processing services) may be based in, or process data in, countries outside Seychelles.
Where we transfer personal data internationally, we ensure that adequate protection measures are in place in accordance with Section 47 of the Act. The safeguards we rely on may include:
- Transfers to countries recognised by Seychelles as providing an adequate level of data protection.
- Standard Contractual Clauses (SCCs) or equivalent contractual protections approved by the relevant authority.
- Binding Corporate Rules where applicable.
- Your explicit consent, where no other appropriate safeguard is available.
You may request further information about the safeguards we use for specific transfers by contacting our Data Protection Officer.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. The version number and effective date at the top of this document will always reflect the current version.
For material changes — such as changes to the categories of data we collect, the purposes for which we use it, or our data sharing practices — we will notify you by email at least 14 days before the changes take effect and, where appropriate, request your renewed consent. For non-material changes (such as typographical corrections), we will update the Policy and post a notice on our website.
We encourage you to review this Policy periodically. The most current version is always available on our website.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Data Protection Officer:
| Data Protection Officer — Seylearning | |
| Name | Data Protection Officer (see registered details) |
| welcome@seylearning.com | |
| Phone | +248 2567063 |
| Address | Mahe, Seychelles |
| Response time | We aim to respond to all privacy-related requests within 30 days. |
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commission of Seychelles.
TThis Privacy Policy is aligned with the Data Protection Act, 2023 (Seychelles) and reflects our commitment to protecting your privacy.