1. INTRODUCTION

Score Code Reference (“Score Code Reference,” “Company,” “we,” “our,” or “us”) values the privacy of individuals who visit our websites, use our applications, products, software, APIs, educational tools, research services, databases, support services, and other offerings (collectively, the “Services”).

This Privacy Policy explains how we collect, use, process, store, disclose, transfer, and protect personal information obtained through our Services.

We are committed to processing personal information lawfully, fairly, transparently, and securely in accordance with applicable privacy and data protection laws, including but not limited to:

• General Data Protection Regulation (GDPR)
• UK GDPR
• California Consumer Privacy Act (CCPA), as amended by CPRA
• India’s Digital Personal Data Protection Act (DPDP Act)
• Applicable consumer protection and electronic communications laws
• Other applicable regional and international privacy regulations

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• Visitors to our websites
• Registered users
• Customers
• Students
• Educators
• Developers
• Research participants
• Business partners
• Vendors
• Job applicants
• Individuals who communicate with us

This Policy applies to personal information collected through:

• Websites
• Mobile applications
• APIs
• Customer support channels
• Email communications
• Online forms
• Surveys
• Events and webinars
• Social media interactions
• Business relationships

This Policy does not apply to third-party websites, applications, or services that are not owned or controlled by Score Code Reference.

3. DEFINITIONS

Personal Information

Any information that identifies, relates to, describes, or can reasonably be linked to an individual.

Processing

Any operation performed on personal information, including collection, recording, storage, use, disclosure, deletion, or transfer.

User

Any individual who accesses or uses our Services.

Service Provider

A third party that processes information on our behalf.

4. INFORMATION WE COLLECT

4.1 Information You Provide Directly

We may collect information that you voluntarily submit, including:

Identity Information

• Full name
• Username
• Profile information
• Student or employee identification numbers
• Date of birth (where required)

Contact Information

• Email address
• Telephone number
• Mailing address
• Organization address

Account Information

• Login credentials
• Passwords (encrypted and hashed)
• Security questions
• Authentication information

Educational Information

Where applicable, we may collect:

• Academic institution details
• Enrollment information
• Student identifiers
• Course participation information
• Assessment records
• Certification records

Professional Information

• Employer name
• Job title
• Department
• Professional credentials

Communications

Information contained in:

• Emails
• Support tickets
• Surveys
• Feedback forms
• Chat messages
• Phone calls

Transaction Information

When purchasing Services:

• Billing information
• Transaction records
• Invoice details
• Payment confirmations

Complete payment card information is typically processed by authorized payment processors and not stored by us except where necessary and legally permitted.

4.2 Information Automatically Collected

When users access our Services, we may automatically collect:

Device Information

• Device type
• Device identifiers
• Operating system
• Browser type
• Language settings

Network Information

• IP address
• ISP information
• Approximate geographic location
• Connection logs

Usage Information

• Pages viewed
• Features used
• Clickstream data
• Search queries
• Session duration
• Referral sources

Technical Information

• Error logs
• Crash reports
• Performance diagnostics
• API requests

4.3 Cookies and Similar Technologies

We use:

• Cookies
• Pixels
• Tags
• Web beacons
• Local storage technologies
• Analytics technologies

Cookies help us:

• Authenticate users
• Improve performance
• Remember preferences
• Measure engagement
• Detect fraud
• Enhance security

Users may disable cookies through browser settings, although certain features may become unavailable.

4.4 Information from Third Parties

We may receive information from:

• Educational institutions
• Employers
• Identity verification providers
• Analytics providers
• Advertising partners
• Payment processors
• Authentication providers
• Publicly available sources

5. SPECIAL CATEGORIES OF DATA

Unless specifically required by law or contractual obligations, we do not intentionally collect sensitive personal information.

Where sensitive information is processed, we implement enhanced safeguards and process such information only when legally authorized.

Sensitive information may include:

• Government-issued identification
• Biometric information
• Financial account details
• Health-related information
• Protected demographic information

6. PURPOSES OF PROCESSING

We may process personal information for the following purposes:

Service Delivery

• Providing Services
• Managing accounts
• Delivering content
• Facilitating transactions
• Providing customer support

Security

• Fraud detection
• Identity verification
• Risk assessment
• Threat monitoring
• Access management

Business Operations

• Internal administration
• Auditing
• Reporting
• Analytics
• Quality assurance

Communications

• Service announcements
• Security notifications
• Support responses
• Product updates
• Administrative communications

Research and Development

• Product improvement
• Feature development
• Service optimization
• Testing and debugging

Legal Compliance

• Regulatory compliance
• Law enforcement cooperation
• Contract enforcement
• Recordkeeping obligations

Marketing

Subject to applicable laws, we may send:

• Newsletters
• Promotional materials
• Event invitations
• Product announcements

Users may opt out of marketing communications at any time.

7. LEGAL BASES FOR PROCESSING

Where applicable, we rely on one or more of the following legal bases:

Contractual Necessity

Processing necessary to provide requested Services.

Legitimate Interests

Processing necessary for:

• Security
• Fraud prevention
• Business operations
• Service improvement

Consent

Where required by law.

Legal Obligations

To comply with:

• Court orders
• Regulatory requirements
• Tax obligations
• Financial regulations

Vital Interests

To protect individuals from serious harm.

8. DISCLOSURE OF INFORMATION

We may disclose information to:

Service Providers

Including providers of:

• Cloud hosting
• Data storage
• Payment processing
• Customer support
• Security services
• Analytics

Educational Institutions

Where users participate in institution-sponsored programs.

Corporate Affiliates

For operational, legal, or administrative purposes.

Professional Advisors

Including:

• Auditors
• Lawyers
• Consultants
• Accountants

Regulatory Authorities

When required by law.

Law Enforcement

Upon valid legal requests.

Business Transactions

In connection with:

• Mergers
• Acquisitions
• Investments
• Asset transfers
• Corporate reorganizations

9. INTERNATIONAL DATA TRANSFERS

Our operations may involve transferring information across national borders.

Where personal information is transferred internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements
• Adequacy mechanisms
• Contractual protections
• Technical safeguards

10. DATA RETENTION

We retain personal information only for as long as reasonably necessary to:

• Provide Services
• Fulfill contractual obligations
• Resolve disputes
• Maintain security records
• Comply with legal requirements

Retention periods vary depending on:

• Data category
• Legal obligations
• User relationship
• Regulatory requirements

Following expiration of retention periods, information is securely deleted, anonymized, or archived.

11. SECURITY MEASURES

We maintain industry-standard security controls, including:

Administrative Safeguards

• Security policies
• Employee training
• Confidentiality agreements
• Access controls

Technical Safeguards

• Encryption in transit
• Encryption at rest
• Multi-factor authentication
• Network monitoring
• Intrusion detection
• Vulnerability management

Physical Safeguards

• Secure facilities
• Controlled access
• Environmental protections

Despite our efforts, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

12. USER RIGHTS

Depending on applicable law, users may have rights to:

Access

Request copies of personal information.

Correction

Correct inaccurate information.

Deletion

Request deletion of information.

Restriction

Restrict certain processing activities.

Objection

Object to specific processing activities.

Portability

Receive information in a portable format.

Withdraw Consent

Withdraw previously granted consent.

Non-Discrimination

Exercise privacy rights without discrimination.

Requests may be submitted using the contact information below.

13. CALIFORNIA PRIVACY RIGHTS

California residents may have rights under applicable California privacy laws, including rights to:

• Know what information is collected
• Access collected information
• Delete personal information
• Correct personal information
• Opt out of certain sharing activities
• Limit use of sensitive personal information

We do not sell personal information as traditionally defined under California law.

14. EUROPEAN ECONOMIC AREA AND UK RIGHTS

Individuals located in the EEA, Switzerland, and the UK may exercise rights under GDPR and related laws.

Users may also lodge complaints with their local supervisory authority.

15. INDIA DATA PROTECTION RIGHTS

Where India’s Digital Personal Data Protection Act applies, individuals may have rights regarding:

• Access to personal data
• Correction and updating
• Erasure
• Grievance redressal
• Withdrawal of consent

Requests may be directed to our designated contact officer.

16. CHILDREN’S PRIVACY

Our Services are not directed to children under the age required by applicable law without parental authorization.

We do not knowingly collect personal information from children without appropriate legal consent.

If we discover unauthorized collection of a child’s information, we will take reasonable steps to delete it.

17. THIRD-PARTY SERVICES

Our Services may integrate with third-party platforms and services.

These third parties maintain their own privacy policies and practices.

We encourage users to review those policies before providing information.

18. AUTOMATED DECISION-MAKING

We may use automated systems for:

• Security monitoring
• Fraud prevention
• Spam detection
• Service optimization

Where legally required, users may request human review of significant automated decisions.

19. DATA BREACH RESPONSE

In the event of a security incident involving personal information, we may:

• Investigate the incident
• Mitigate risks
• Notify affected individuals
• Notify regulators
• Implement corrective measures

As required by applicable law.

20. CHANGES TO THIS POLICY

We reserve the right to update this Privacy Policy at any time.

Changes become effective upon publication unless otherwise stated.

Material changes may be communicated through:

• Website notices
• Email notifications
• Account notifications

Continued use of the Services after updates constitutes acceptance of the revised Privacy Policy.

21. CONTACT INFORMATION

For privacy-related inquiries, requests, or complaints:

Score Code
Privacy Office
Email:legal@score-code.com

For GDPR, UK GDPR, DPDP, or other privacy requests, please contact:

Data Protection Officer / Privacy Officer
Email: legal@score-code.com

22. GOVERNING LAW

This Privacy Policy shall be governed by and interpreted in accordance with the laws applicable to Score Code Reference’s principal place of business, without regard to conflict-of-law principles.

By using the Services, users acknowledge and agree to the practices described in this Privacy Policy.