Privacy Policy·Policy of record Last updated December 2025

How we handle your personal data

Minimal data. Never sold.

This policy explains what personal data we collect, why we collect it, and how we protect it. We follow GDPR standards for all users regardless of location, and we never sell your information.

GDPR compliant No data sales Private by default Data minimisation

Data controller

Who we are.

The Educational Equality Institute (TEEI) is an international nonprofit organisation dedicated to expanding education access for girls, women, and communities affected by war and displacement. Our motto is Pathways to Independence.

Norway Headquarters

The Educational Equality Institute, 5th Floor, 28 Nydalsveien, 0484 Oslo, Norway. Organisation Number: 928 776 719. This is the data controller.

United States 501(c)(3)

The Educational Equality Institute Inc., 100 Church Street, New York, NY 10007, USA. EIN: 33-2331817.

As an organisation headquartered in Norway and serving learners across Europe, we comply with the General Data Protection Regulation (GDPR). We extend these protections to all users regardless of location.

The detail

What we collect, why, and for how long.

We collect different types of information depending on how you interact with us. We follow a principle of data minimisation, collecting only what is necessary for our educational mission.

Learner and mentee registration

Core service

Data collected when you register as a learner or mentee on our platforms.

  • Name and email address
  • Phone number (for account verification and session reminders)
  • Country of residence and time zone
  • Languages you speak and want to learn
  • Professional background and learning goals
  • Session history and course progress

Privacy by design: Learner and mentee profiles are private. Your personal details are never publicly listed. Only mentors you choose to connect with can see the information needed to schedule and conduct sessions.

Volunteer mentor registration

Core service

Data collected when you register as a volunteer mentor or language partner.

  • Name, email address, and phone number
  • Professional affiliation and LinkedIn profile (for verification)
  • Areas of expertise and languages spoken
  • Availability schedule
  • Photo and biographical information (displayed on your public mentor profile)
  • Session statistics and learner reviews

Donations

When you donate

Data collected when you make a donation to support our programmes.

  • Name and contact information
  • Payment details (processed securely by our payment partners; we do not store full card numbers)
  • Donation history for tax receipt purposes

Website visits

Automatic

Standard data collected when you visit our website.

  • Standard server logs (IP address, browser type, pages visited)
  • Cookies and similar technologies (see Cookie Policy)

We do not intentionally collect sensitive personal data such as health information, political opinions, or religious beliefs. If you voluntarily share such information during mentoring sessions or in your profile, we treat it with heightened protection.

How we use your data

Purposes

Every use of personal data is tied to a specific purpose. Here is what we do and why.

PurposeWhat we use
Delivering our programmesAccount details, learning preferences, session history to match you with mentors, schedule sessions, and track progress
Platform operationsEmail and phone for account verification, password resets, and session notifications
Improving our servicesAggregated and anonymised usage data to understand how our platforms are used and where we can improve
SafeguardingIdentity verification for volunteers, session logs for protection of vulnerable learners
Reporting to fundersAggregated statistics only (e.g., "8,000+ learners served"). Never individual data without consent.
CommunicationsEmail address for programme updates, newsletters (only with your consent), and essential service messages
Legal complianceFinancial records for tax and regulatory requirements

We will never: sell your personal information; share individual learner data with funders or corporate partners without explicit consent; use your data for automated decision-making that affects your access to services; contact you for marketing without your permission.

Legal basis for processing

GDPR Article 6

Under GDPR, we process your data based on the following legal grounds.

GroundWhen it applies
ContractProcessing necessary to provide you with our educational services when you register
ConsentFor optional communications like newsletters, and for any use of your story or testimonial
Legitimate interestsFor improving our services, preventing fraud, and ensuring platform security, balanced against your rights
Legal obligationFor financial record-keeping and regulatory compliance

Where we rely on consent, you can withdraw it at any time by contacting us or adjusting your account settings.

Cookies and tracking

See full policy

We use cookies and similar technologies on our website and platforms.

TypePurposeYour control
EssentialRequired for login, security, and basic platform functionalityCannot be disabled
FunctionalRemember your preferences (language, time zone)Can be disabled in settings
AnalyticsHelp us understand how our website is used (aggregated, anonymised)Can be disabled via cookie banner

We do not use advertising cookies or sell data to advertisers. You can manage cookie preferences through your browser settings or our cookie consent tool. See the full Cookie Policy for every cookie listed.

Data retention

How long we keep it

We keep your data only as long as necessary for the purposes described in this policy.

CategoryRetention period
Active accountsData is retained while you use our services
Inactive accountsWe may delete accounts after 3 years of inactivity, with notice
Donation recordsRetained for 7 years as required by tax regulations
Aggregated statisticsRetained indefinitely for reporting and research (no personal data)

When data is no longer needed, we securely delete or anonymise it.

Protection

How we keep data safe.

We implement robust security measures aligned with industry best practices, and take extra care for vulnerable populations.

Encryption

Data is encrypted in transit (TLS) and at rest.

Access controls

Staff access to personal data is limited to those who need it for their role.

Verification

Volunteer mentors are verified through corporate email and LinkedIn profiles.

Platform security

Our technology partners maintain their own security certifications and audits.

Incident response

We have procedures to detect, investigate, and report data breaches within 72 hours as required by GDPR.

Vulnerable populations

We recognise that many of our learners are refugees, internally displaced persons, or others in vulnerable situations. We design our systems with their safety in mind, keeping mentee profiles private, limiting data collection, and ensuring that participation in our programmes cannot be used to identify or locate individuals at risk.

Children under 18

Our mentoring and language practice platforms are designed for adults. Learners under 18 may only use TEEI Language or TEEI Mentorship if a parent or guardian is present during sessions. For our structured language courses for children (using tools like BOOKR Class), we obtain parental consent before any child participates, and we limit data collection to the minimum necessary for educational delivery.

Vulnerable adults

We apply heightened data protection standards: minimal data collection, private-by-default profiles, no public identification without explicit consent, staff training on working with vulnerable populations, and clear pathways to report concerns.

International data transfers

TEEI serves learners across Europe, Ukraine, and beyond. Some of our technology partners process data in countries outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards: adequacy decisions, Standard Contractual Clauses (SCCs), and technical measures including encryption and access controls. Our US entity operates under the same privacy standards as our Norwegian headquarters.

Your rights

Access, correct, or delete. Your call.

Under GDPR and our commitment to transparency, you have the following rights.

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

Right to Restrict Processing

Ask us to limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw any consent you have given, at any time.

Right to Complain

Lodge a complaint with a supervisory authority. The Norwegian Data Protection Authority (Datatilsynet), P.O. Box 458 Sentrum, 0105 Oslo, Norway: www.datatilsynet.no.

To exercise any of these rights, submit a data request or contact us at privacy@theeducationalequalityinstitute.org. We will respond within 30 days.

Questions

Ask us directly.

Questions about this policy or your personal data go to privacy@theeducationalequalityinstitute.org, or by post to The Educational Equality Institute, 5th Floor, 28 Nydalsveien, 0484 Oslo, Norway. Our team typically responds within 5 working days. For data rights requests, we will respond within 30 days as required by GDPR.

We may update this policy to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will update the date at the top of this page, notify you by email if you have an account with us, and post a notice on our website.

This policy is also available in Ukrainian and Norwegian.