Privacy Policy

Nexavira OÜ – Privacy Policy

Last Updated: 18 April 2026

Nexavira OÜ Harju maakond, Tallinn, Lasnamäe linnaosa, Tuulemäe tn 5, 11411 support@learniumzone.com

1. Introduction

This Privacy Policy explains how Nexavira OÜ (“Nexavira”, “we”, “us”, or “our”) collects, uses, shares, stores, protects, and otherwise processes personal data in connection with the website https://learniumzone.com/, including account registration, purchases, support, refunds, complaints, and related digital services.

We process personal data in accordance with applicable data protection law, including the EU General Data Protection Regulation and applicable Estonian laws.

2. Data Controller

Data controller: Nexavira OÜ
Registration number: 17296692
Registered address: Harju maakond, Tallinn, Lasnamäe linnaosa, Tuulemäe tn 5, 11411
Email for privacy questions and rights requests: support@learniumzone.com

3. Relationship With Other Policies

This Privacy Policy should be read together with our Terms & Conditions, Refund Policy, and Cookie Policy.

When you register an account or confirm a payment, you may be asked to acknowledge the Terms & Conditions, Refund Policy, Privacy Policy, and Cookie Policy.

4. Categories of Personal Data We Collect

Depending on how you use the website, we may collect the following categories of personal data.

4.1 Account Data

(a) email address;

(b) password or password-related authentication data stored in a secure form;

(c) account creation date, settings, and status; and

(d) purchase and access history associated with your account.

4.2 Transaction and Purchase Data

(a) order and transaction reference numbers;

(b) purchase date and time;

(c) content purchased or unlocked;

(d) payment amount and currency in EUR or the EUR equivalent;

(e) Line Token-related transaction data where applicable;

(f) refund, cancellation, and chargeback history; and

(g) records necessary for invoicing, accounting, or legal compliance.

4.3 Limited Payment-Related Metadata

We do not collect or store full payment card details on our own systems. Card payments are processed by external payment gateway and payment service providers.

However, we may receive limited payment-related metadata from them, such as:

(a) payment status;

(b) payment reference identifiers;

(c) chargeback or refund identifiers;

(d) card brand;

(e) issuing country or region;

(f) masked card details, such as the last four digits, where made available by the processor; and

(g) anti-fraud and payment-risk indicators.

4.4 Communications Data

(a) support emails and messages;

(b) complaints and appeals;

(c) correspondence relating to refunds or technical issues; and

(d) attachments or evidence you provide to us.

4.5 Technical and Usage Data

(a) IP address;

(b) browser, device, and operating system information;

(c) website log data;

(d) login, security, and anti-fraud event data;

(e) cookie-related information; and

(f) website usage and interaction data, where permitted by law.

5. Why We Collect and Process Personal Data

We collect and process personal data for the following reasons:

(a) to create and manage user accounts;

(b) to process purchases, payments, token credits, and access to digital Content;

(c) to verify transactions and prevent fraud, abuse, chargebacks, and unauthorised activity;

(d) to provide customer support and respond to technical issues, complaints, appeals, and refund requests;

(e) to maintain, secure, and improve the website and its performance;

(f) to comply with legal, tax, accounting, consumer protection, sanctions, and regulatory obligations;

(g) to enforce our Terms & Conditions and protect our rights, users, and operations; and

(h) where permitted, to send service notices or marketing communications in accordance with applicable law and your preferences.

6. Legal Bases for Processing

Depending on the circumstances, we rely on one or more of the following legal bases under the GDPR:

(a) performance of a contract or taking steps prior to entering into a contract;

(b) compliance with legal obligations;

(c) legitimate interests, provided these are not overridden by your rights and freedoms; and

(d) consent, where required by law, for example for non-essential cookies or certain marketing communications.

7. Why Particular Cardholder-Related Information Is Collected and Tracked

Although we do not collect or store full customer card data, we may process limited payment-related metadata provided by our payment processors. We do this only for legitimate and necessary purposes, including:

(a) confirming whether payment succeeded or failed;

(b) detecting and preventing fraud or suspicious transactions;

(c) investigating duplicate, reversed, or unauthorised payments;

(d) handling refunds, cancellations, and chargebacks;

(e) complying with accounting, audit, tax, and legal obligations; and

(f) responding to customer support queries relating to a specific payment.

8. Sources of Personal Data

We collect personal data:

(a) directly from you when you register, purchase Content, contact support, or otherwise interact with us;

(b) automatically from your device and browser when you access the website; and

(c) from payment processors, hosting providers, analytics providers, fraud-prevention tools, communication providers, and other service providers involved in operating the website.

9. With Whom We Share Personal Data and Why

We may share personal data with the following categories of recipients where necessary:

(a) payment gateway providers and payment service providers, to process payments, refunds, anti-fraud checks, and chargebacks;

(b) hosting, cloud, IT, infrastructure, and security providers, to operate and protect the website;

(c) email, communication, and support service providers, to handle customer communications;

(d) analytics and performance providers, where permitted by law, to understand website usage and improve the service;

(e) fraud-prevention, risk-screening, and cybersecurity providers, to detect, prevent, and investigate abuse or unlawful activity;

(f) accountants, auditors, legal advisers, insurers, and professional advisers, where necessary for compliance or protection of our business;

(g) courts, supervisory authorities, consumer authorities, tax authorities, law enforcement, or other competent public bodies, where required by law or necessary for legal claims; and

(h) a purchaser, investor, or successor in connection with a merger, acquisition, restructuring, financing, or sale of assets, subject to appropriate confidentiality safeguards.

We do not sell personal data. We do not sell, share, or disclose customer card data to unrelated third parties for their own marketing purposes.

10. International Transfers

Some service providers may process personal data outside the European Economic Area. Where that occurs, we use a lawful transfer mechanism recognised under applicable data protection law, such as an adequacy decision or the European Commission Standard Contractual Clauses.

11. Data Retention Periods

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Our standard retention periods are:

(a) account data: while the account remains active and for up to 3 years after account closure or last meaningful interaction, unless a longer period is necessary for legal claims, fraud prevention, or legal compliance;

(b) order, invoice, accounting, and transaction records: 7 years from the end of the relevant financial year, or longer where required by law or active dispute handling;

(c) support, complaint, appeal, and refund correspondence: up to 3 years after the case is closed, unless longer retention is necessary for legal claims or fraud investigations;

(d) security, anti-fraud, and access logs: generally up to 2 years, unless a security incident or legal matter requires longer retention;

(e) marketing preference and suppression records: for as long as necessary to honour your marketing choices and demonstrate compliance; and

(f) cookies: as described in the Cookie Policy, with session cookies deleted when the browser session ends and persistent cookies retained for up to 12 months unless deleted earlier.

Where personal data is no longer needed, we will delete it, anonymise it, or securely isolate it unless further retention is required by law or for legal claims.

12. Methods of Personal Data Protection

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Depending on the context, these measures may include:

(a) access controls and role-based permissions;

(b) secure transmission methods;

(c) logging and monitoring;

(d) data minimisation;

(e) secure backup and recovery procedures;

(f) staff confidentiality measures and internal need-to-know restrictions; and

(g) due diligence and contractual safeguards with service providers.

No method of transmission or storage is completely secure, but we take commercially reasonable and legally appropriate steps to protect personal data.

13. Your GDPR Rights

Subject to applicable law and the circumstances of the processing, you may have the right to:

(a) be informed about the processing of your personal data;

(b) access your personal data;

(c) request correction of inaccurate or incomplete data;

(d) request deletion of your personal data;

(e) request restriction of processing;

(f) object to certain processing, including processing based on legitimate interests and direct marketing;

(g) receive data portability for personal data you provided to us, where applicable; and

(h) not be subject to a decision based solely on automated processing where the GDPR provides that protection.

14. Procedure for Exercising Your Rights

To exercise your rights, contact us at support@learniumzone.com. Please describe your request clearly and provide sufficient information for us to verify your identity and locate the relevant data.

We will respond without undue delay and, in principle, within 1 month of receiving your request. If the request is complex or numerous, we may extend this period by up to 2 additional months, in which case we will inform you within the initial 1-month period.

If we cannot comply fully with your request, we will explain the reasons to the extent permitted by law. We may request additional information to verify your identity where reasonably necessary.

15. Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. You may also contact the Estonian Data Protection Inspectorate.

16. Children

The website is not intended for persons who are not legally permitted to enter into a purchase contract under applicable law. We do not knowingly collect personal data from children in breach of applicable law. If you believe a child has provided personal data unlawfully, please contact us so that we can review and delete the data where appropriate.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, business operations, or service providers. The latest version will always show the “Last Updated” date.

18. Contact

If you have any questions about this Privacy Policy or the way we process personal data, please contact:

support@learniumzone.com