How we handle your personal data
Minimal data. Never sold.
This policy explains what personal data we collect, why we collect it, and how we protect it. We follow GDPR standards for all users regardless of location, and we never sell your information.
Data controller
Who we are.
The Educational Equality Institute (TEEI) is an international nonprofit organisation dedicated to expanding education access for girls, women, and communities affected by war and displacement. Our motto is Pathways to Independence.
Norway Headquarters
The Educational Equality Institute, 5th Floor, 28 Nydalsveien, 0484 Oslo, Norway. Organisation Number: 928 776 719. This is the data controller.
United States 501(c)(3)
The Educational Equality Institute Inc., 100 Church Street, New York, NY 10007, USA. EIN: 33-2331817.
As an organisation headquartered in Norway and serving learners across Europe, we comply with the General Data Protection Regulation (GDPR). We extend these protections to all users regardless of location.
The detail
What we collect, why, and for how long.
We collect different types of information depending on how you interact with us. We follow a principle of data minimisation, collecting only what is necessary for our educational mission.
Learner and mentee registration
Core serviceData collected when you register as a learner or mentee on our platforms.
- Name and email address
- Phone number (for account verification and session reminders)
- Country of residence and time zone
- Languages you speak and want to learn
- Professional background and learning goals
- Session history and course progress
Privacy by design: Learner and mentee profiles are private. Your personal details are never publicly listed. Only mentors you choose to connect with can see the information needed to schedule and conduct sessions.
Volunteer mentor registration
Core serviceData collected when you register as a volunteer mentor or language partner.
- Name, email address, and phone number
- Professional affiliation and LinkedIn profile (for verification)
- Areas of expertise and languages spoken
- Availability schedule
- Photo and biographical information (displayed on your public mentor profile)
- Session statistics and learner reviews
Donations
When you donateData collected when you make a donation to support our programmes.
- Name and contact information
- Payment details (processed securely by our payment partners; we do not store full card numbers)
- Donation history for tax receipt purposes
Website visits
AutomaticStandard data collected when you visit our website.
- Standard server logs (IP address, browser type, pages visited)
- Cookies and similar technologies (see Cookie Policy)
We do not intentionally collect sensitive personal data such as health information, political opinions, or religious beliefs. If you voluntarily share such information during mentoring sessions or in your profile, we treat it with heightened protection.
How we use your data
PurposesEvery use of personal data is tied to a specific purpose. Here is what we do and why.
| Purpose | What we use |
|---|---|
| Delivering our programmes | Account details, learning preferences, session history to match you with mentors, schedule sessions, and track progress |
| Platform operations | Email and phone for account verification, password resets, and session notifications |
| Improving our services | Aggregated and anonymised usage data to understand how our platforms are used and where we can improve |
| Safeguarding | Identity verification for volunteers, session logs for protection of vulnerable learners |
| Reporting to funders | Aggregated statistics only (e.g., "8,000+ learners served"). Never individual data without consent. |
| Communications | Email address for programme updates, newsletters (only with your consent), and essential service messages |
| Legal compliance | Financial records for tax and regulatory requirements |
We will never: sell your personal information; share individual learner data with funders or corporate partners without explicit consent; use your data for automated decision-making that affects your access to services; contact you for marketing without your permission.
Legal basis for processing
GDPR Article 6Under GDPR, we process your data based on the following legal grounds.
| Ground | When it applies |
|---|---|
| Contract | Processing necessary to provide you with our educational services when you register |
| Consent | For optional communications like newsletters, and for any use of your story or testimonial |
| Legitimate interests | For improving our services, preventing fraud, and ensuring platform security, balanced against your rights |
| Legal obligation | For financial record-keeping and regulatory compliance |
Where we rely on consent, you can withdraw it at any time by contacting us or adjusting your account settings.
Cookies and tracking
See full policyWe use cookies and similar technologies on our website and platforms.
| Type | Purpose | Your control |
|---|---|---|
| Essential | Required for login, security, and basic platform functionality | Cannot be disabled |
| Functional | Remember your preferences (language, time zone) | Can be disabled in settings |
| Analytics | Help us understand how our website is used (aggregated, anonymised) | Can be disabled via cookie banner |
We do not use advertising cookies or sell data to advertisers. You can manage cookie preferences through your browser settings or our cookie consent tool. See the full Cookie Policy for every cookie listed.
Data retention
How long we keep itWe keep your data only as long as necessary for the purposes described in this policy.
| Category | Retention period |
|---|---|
| Active accounts | Data is retained while you use our services |
| Inactive accounts | We may delete accounts after 3 years of inactivity, with notice |
| Donation records | Retained for 7 years as required by tax regulations |
| Aggregated statistics | Retained indefinitely for reporting and research (no personal data) |
When data is no longer needed, we securely delete or anonymise it.
Protection
How we keep data safe.
We implement robust security measures aligned with industry best practices, and take extra care for vulnerable populations.
Encryption
Data is encrypted in transit (TLS) and at rest.
Access controls
Staff access to personal data is limited to those who need it for their role.
Verification
Volunteer mentors are verified through corporate email and LinkedIn profiles.
Platform security
Our technology partners maintain their own security certifications and audits.
Incident response
We have procedures to detect, investigate, and report data breaches within 72 hours as required by GDPR.
Vulnerable populations
We recognise that many of our learners are refugees, internally displaced persons, or others in vulnerable situations. We design our systems with their safety in mind, keeping mentee profiles private, limiting data collection, and ensuring that participation in our programmes cannot be used to identify or locate individuals at risk.
Children under 18
Our mentoring and language practice platforms are designed for adults. Learners under 18 may only use TEEI Language or TEEI Mentorship if a parent or guardian is present during sessions. For our structured language courses for children (using tools like BOOKR Class), we obtain parental consent before any child participates, and we limit data collection to the minimum necessary for educational delivery.
Vulnerable adults
We apply heightened data protection standards: minimal data collection, private-by-default profiles, no public identification without explicit consent, staff training on working with vulnerable populations, and clear pathways to report concerns.
International data transfers
TEEI serves learners across Europe, Ukraine, and beyond. Some of our technology partners process data in countries outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards: adequacy decisions, Standard Contractual Clauses (SCCs), and technical measures including encryption and access controls. Our US entity operates under the same privacy standards as our Norwegian headquarters.
Your rights
Access, correct, or delete. Your call.
Under GDPR and our commitment to transparency, you have the following rights.
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct any inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data (subject to legal retention requirements).
Right to Restrict Processing
Ask us to limit how we use your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Withdraw any consent you have given, at any time.
Right to Complain
Lodge a complaint with a supervisory authority. The Norwegian Data Protection Authority (Datatilsynet), P.O. Box 458 Sentrum, 0105 Oslo, Norway: www.datatilsynet.no.
To exercise any of these rights, submit a data request or contact us at privacy@theeducationalequalityinstitute.org. We will respond within 30 days.
Questions
Ask us directly.
Questions about this policy or your personal data go to privacy@theeducationalequalityinstitute.org, or by post to The Educational Equality Institute, 5th Floor, 28 Nydalsveien, 0484 Oslo, Norway. Our team typically responds within 5 working days. For data rights requests, we will respond within 30 days as required by GDPR.
We may update this policy to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will update the date at the top of this page, notify you by email if you have an account with us, and post a notice on our website.