1. Who we are (controller)
This policy explains how Enrollia processes personal data when you browse our site, purchase services (alerts, multi-requests, concierge), or ask us to contact schools on your behalf.
Controller: ITTOYS, LDA (Enrollia), Estrada de Paço de Arcos, 66, 2735-336 Lisbon, Portugal • NIF 517422085.
General: hello@enrollia.pt • Privacy & legal: legal@enrollia.pt
We follow the EU GDPR and Portuguese law. When we share your inquiry with a school at your request, Enrollia and the school act as independent controllers.
In Portugal, the digital age of consent is 13. We contract with adults (18+). If information about a child is provided, we process it via the parent/guardian.
2. What we collect
- Contact & identity: name, email, phone, preferred channel (email/WhatsApp).
- Child-related (minimal): age/grade, curriculum preferences (IB/A-Level/US), general needs you choose to share. Please avoid sensitive data (e.g., health).
- Inquiry content: schools you select, your questions, files you upload.
- Purchase & support: plan type, invoices, support tickets. Payments are processed by our provider; we don’t store full card details.
- Usage & device: pages visited, events, approximate location, device/browser identifiers - collected only after consent for non-essential cookies.
- Communications: your preferences and logs of service messages (for example, alert delivery, multi-request submission confirmations).
3. How we use data and why (legal bases)
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Provide services | Alerts, multi-request, concierge | Art. 6(1)(b) contract necessity |
| Share inquiry with selected schools | Your request to contact schools | Art. 6(1)(a) consent |
| Service notifications | Alert delivered, submission sent | Art. 6(1)(b) contract necessity |
| Marketing updates (optional) | News, offers | Art. 6(1)(a) consent |
| Product improvement & security | Metrics, fraud prevention | Art. 6(1)(f) legitimate interests (with cookie consent where required) |
| Compliance | Tax, accounting, legal claims | Art. 6(1)(c) legal obligation |
6. Data outside the EEA
Some providers may process data outside the EEA/UK. When this happens, we rely on an adequacy decision (e.g., EU-US Data Privacy Framework where applicable) or on the European Commission’s Standard Contractual Clauses with supplementary measures. Ask us about these safeguards at legal@enrollia.pt.
7. How long we keep things
- Account & contact: for your relationship with us and as required by law.
- Alerts logs: typically 18 months.
- Multi-request submissions & correspondence: typically 24 months for reconciliation with schools.
- Concierge work records: 24 months.
- Invoices & tax records: as required by law.
8. Your privacy rights
You can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests. You can withdraw consent at any time (this doesn’t affect past processing). We respond within one month and may extend by up to two more months for complex requests. We may reasonably verify your identity before acting.
9. Children
We contract with adults (18+). If you provide information about a child, keep it minimal (age/grade/curriculum). Where required by law, we rely on parental/guardian consent. Our service isn’t directed to children under 13.
10. Security (how we protect data)
We apply reasonable technical and organizational measures (access controls, encryption in transit, backups, staff training). No online service is 100% secure. If a personal data breach is likely to risk your rights and freedoms, we assess promptly and, where required, notify the supervisory authority within 72 hours and affected individuals without undue delay.
11. Links to other sites
Links to school websites or third-party services are governed by their own privacy policies.
12. If this policy changes
We update this policy when our services or the law change. Material updates are posted here and, when appropriate, emailed.
13. Contact us
Business hours: Mon-Fri, 10:00-18:00 (Europe/Lisbon).
Privacy & legal: legal@enrollia.pt • General: hello@enrollia.pt
© ITTOYS, LDA • NIF 517422085 • Estrada de Paço de Arcos, 66, 2735-336 Lisbon, Portugal