English for Rebels is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and what your rights are, in accordance with the General Data Protection Regulation (EU 2016/679, “GDPR”) and the French Data Protection Act (Loi Informatique et Libertés).
1. Data Controller
The data controller responsible for your personal data is:
Name: [YOUR FULL NAME]
Status: Auto-entrepreneur (sole proprietor)
Address: [YOUR PROFESSIONAL ADDRESS]
Email: Contact us via our contact page
2. What Data We Collect
We collect the following personal data when you use our website and services:
Account and booking data:
• First name and last name
• Email address
• Phone number
• Lesson bookings (dates, times, service type, teacher)
Payment data:
• Payments are processed securely by Stripe. We do not store, collect, or have access to your full credit card number. Stripe handles all payment data in compliance with PCI-DSS standards.
Questionnaire and quiz data:
• Responses to the post-booking questionnaire (used to personalise your lessons)
• Level quiz results (used to assess your starting level)
Technical data:
• IP address
• Browser type and version
• Pages visited and time spent
• Cookies (see our Cookie Policy for details)
3. Why We Collect Your Data
We use your personal data for the following purposes:
• To manage your account and lesson bookings
• To process payments securely via Stripe
• To send you booking confirmations, reminders, and lesson links (kMeet)
• To personalise your lessons based on your questionnaire answers and quiz results
• To communicate with you about your lessons (email from your teacher)
• To improve our website and services
• To comply with our legal obligations
Legal basis for processing:
• Contract performance: your data is necessary to provide the tutoring services you have booked
• Legitimate interest: improving our services and website
• Consent: for cookies and marketing communications (if any)
• Legal obligation: accounting and tax records
4. How Long We Keep Your Data
We keep your personal data only for as long as necessary:
• Account and booking data: for the duration of your use of our services, plus 3 years after your last booking
• Payment records: 10 years (French legal requirement for accounting)
• Questionnaire and quiz results: for the duration of your use of our services
• Technical logs: 12 months maximum
After these periods, your data is securely deleted or anonymised.
6. International Data Transfers
Your data may be processed outside the European Economic Area (EEA) by the following services:
• Stripe: may process data in the United States (covered by EU-US Data Privacy Framework)
• GTranslate: may process data in the United States (covered by Standard Contractual Clauses)
Infomaniak, our hosting provider, stores data exclusively in Switzerland, which is recognised by the European Commission as providing adequate data protection.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
• Right of access: you can request a copy of all personal data we hold about you
• Right to rectification: you can ask us to correct any inaccurate or incomplete data
• Right to erasure (“right to be forgotten”): you can ask us to delete your data, subject to our legal obligations
• Right to restriction: you can ask us to temporarily stop processing your data
• Right to data portability: you can request your data in a structured, machine-readable format
• Right to object: you can object to the processing of your data based on legitimate interest
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us via our contact page.
We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL — www.cnil.fr).
8. Cookies
Our website uses cookies. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.
9. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
• SSL/TLS encryption on all pages
• Secure payment processing via Stripe (PCI-DSS compliant)
• Video conferencing via Infomaniak kMeet (servers in Switzerland)
• Access controls: only your assigned teacher(s) can view your lesson data
• kMeet links secured by SHA-256 hashing
• Regular software updates and security monitoring
Despite these measures, no method of transmission over the internet is 100% secure. If you become aware of any security breach, please contact us immediately via our contact page.
10. Children's Privacy
Our services may be used by minors (under 18). In such cases, we require parental consent before collecting any personal data from a minor. Parents or legal guardians may exercise the minor’s data protection rights on their behalf.
If you are a parent or guardian and believe your child has provided personal data without your consent, please contact us via our contact page and we will promptly delete the information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
12. Contact
For any questions about this Privacy Policy or to exercise your rights, please contact us via our contact page.
Last updated: April 2026