Coursebox General Data Protection Regulation (GDPR) Compliance

Coursebox is committed to protecting the privacy and security of our clients and their learners. As an AI-powered learning platform serving clients globally, we adhere to the General Data Protection Regulation (GDPR), ensuring that all personal

data of individuals in the European Union (EU), European Economic Area (EEA), and other applicable jurisdictions is handled lawfully, fairly, and transparently.

Coursebox Pty Ltd has been formally assessed and certified for GDPR compliance by American Quality Standards Registrars (AQSR), accredited by the United States Accreditation Council (USAC).

Certificate Details:

- Certificate Number: 17412

- Date of Registration: 11 June 2025

- Expiry Date: 10 June 2026

- Re-certification Date: 10 June 2028

- Scope: AI-powered learning platform enabling rapid course creation, corporate training, and vocational education solutions, including automation of assessments, tutoring, and content generation.

What GDPR Compliance Means for Clients

1. Data Protection & Privacy Rights

Coursebox upholds the fundamental rights of individuals under GDPR, including access, rectification, erasure ('right to be forgotten'), restriction or objection to processing, and data portability. Clients and their learners can request access to,

correction of, or deletion of their data at any time.

2. Lawful Data Processing

All personal data collected and processed by Coursebox is based on lawful grounds: contractual necessity, legitimate interests, or consent.

3. Data Security & Safeguards

Coursebox employs industry best practices aligned with SOC 2 and ISO 27001 standards, including encryption, penetration testing, access controls, and secure hosting environments.

4. Data Transfers Outside the EU

Where personal data is transferred outside the EU/EEA, adequate safeguards are ensured through Standard Contractual Clauses (SCCs) and GDPR-compliant cloud providers.

5. Annual Assessments & Certification

Our GDPR certification is valid for three years, subject to annual assessments to ensure ongoing compliance.

What Clients Need to Know

• For EU and EEA Clients: All data processing activities fully align with GDPR requirements, and Coursebox’s certification may be cited in compliance reporting.
• For Clients in Other Regions: Even if GDPR is not legally required, Coursebox applies the same high standards globally.
• Support Requests: Learners or administrators may exercise GDPR rights via Coursebox Support.

How to Verify Our GDPR Certification

Clients can verify the authenticity of Coursebox’s GDPR certificate via the AQSR portal at www.aqsrworld.com using Certificate Number 17412.

In summary: Coursebox is fully GDPR-compliant and certified. We take data protection seriously and provide transparency, security, and control over personal data for all clients, whether in the EU or beyond.