Last Updated: Effective Date: March 2020
We at DIY Real Estate Education LLC (“Company”) respect your concerns about privacy. This Privacy Notice (“Notice”) applies to Personal Data obtained by the Company, including through the website, mobile app, products and services, tools, competitions, promotions, newsletters, events and from our partners. (collectively, the “Services”). “Personal Data” means any information relating to you in identified or identifiable form.
The Notice describes the types of Personal Data we obtain about our customers, how we use the Personal Data and with whom we share it. We also describe the measures we take to protect the security of Personal Data and how you can contact us about our privacy practices. The Services are for a general audience, and we do not knowingly collect Personal Data from children under 13 years of age other than through our education platforms. DIY Real Estate Education is compliant with the General Data Protection Regulation (GDPR) of 2018.
We obtain Personal Data about our customers through the Services, publicly and commercially available sources and from our Company affiliates and/or business partners (such as book review platforms, social media networks and other online book communities in order to better understand our customers and to provide better Services to you).
We collect Personal Data (i) to offer Services that you have requested; (ii) that we have a legitimate interest to believe that they are of interest to our customers; (iii) to manage the relationship we have with our customers and partners; and (iv) to perform activities based on your consent.
The types of Personal Data we may obtain include:
Financial information when you buy one of our products or subscribe to one of our services.
The information we obtain through cookies may include IP address, mobile device advertising ID, browser characteristics, device characteristics, operating system, language preferences, referring URLs, logs on actions taken on our Services such as content on which you may click while using the Services, and dates and times you access or use the Services. In connection with our mobile apps, we may use similar automated means and also may obtain your phone number and details about your mobile carrier.
The information we obtain through cookies will tell us, for example, if you have used our Services before, from what country and what contents you have visited. It will also tell us whether you have opened an email we sent to you, what search queries you may have run and what advertisements you may have seen on our Services or on third-party websites and apps.
Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. You also may be able to delete your Flash cookies or adjust your Flash cookie settings by visiting the Adobe Flash Website Storage Settings Panel and Global Storage Settings Panel. Please note, however, that without cookies you may not be able to use all of the features of our Services. Your device settings also may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with us through our apps or other app developers.
Our Services may use third party analytics and advertising cookies, for example, to help create reports and statistics on the performance of the Services and to be able to present you with content tailored to your interests. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used. You can opt out from the use of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add On
Also our Services may use third party analytics and advertising cookies, for example, to help customize and personalize our Services and to be able to present you with content tailored to your interests. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used through the use of Facebook, Twitter, Instagram, Linkedin. Please see the links for each one of those services to see how they use your information.
In addition, if you register with us through or connect your account with us to a third-party social media network (such as Facebook or Twitter), we may obtain certain information about you from the relevant social media network, such as your user ID and/or user name associated with that social media network, the information contained in your public profile on the social media network and friends lists. The specific information we obtain depends on your privacy settings on the applicable social media network.
The providers of third-party apps, tools, widgets and plug-ins on our Services, such as social media sharing tools, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of those features and is subject to the privacy policies or notices of those providers. The Company is not responsible for those providers’ information practices.
We may use the information collected from and about you to:
We also may use your Personal Data in other ways for which we provide specific notice at the time of collection and obtain your consent if required by applicable law.
On our sites, apps and/or emails we and our third-party service providers may obtain information about your activities to provide you with advertising about products and services tailored to your individual interests if you have consented. We and our third-party service providers also may obtain information for this purpose from third-party websites and apps. This section of our Privacy Notice provides details and explains how to exercise your choices.
We engage third-party advertising networks to help us target our messaging to visitors through interest-based and contextual means. Through these ad networks, we can track your online activities over time and across third-party websites and apps by obtaining information through automated means, as described above. The networks use this information to show you advertisements on our Services or other third-party websites and apps that may be tailored to your individual interests. The information our ad networks may obtain on our behalf includes data about your visits to websites and use of apps that serve our advertisements, such as the pages or ads you view and the actions you take on those websites or apps. This data collection takes place both on our sites, apps and emails and on third-party websites and apps that participate in these ad networks. This process also helps us track the effectiveness of our marketing efforts. To learn how to opt out of this ad network interest-based advertising, visit
We will obtain your consent before using your information for interest-based advertising.
If you are a member of one of our online communities some of your information, such as your user name, may be visible to other people, as will any postings you make on the sites. As such you should always exercise care not to disclose private information when posting information on our websites, in your profile or in communications with other users of our websites. We also do not tolerate spam, unrequested, commercial or harassing correspondence sent to other users of the sites via our website forums or other message boards, and we reserve the right to suspend the membership of any user who sends messages of this kind. You should always keep any password used to access your account or profile secret, and should not share it with anyone else. It is your responsibility to keep your password secure and you should contact us immediately if you think someone else has access to your account. If you are a parent of a child using one of our online communities it is your responsibility to make sure that your child is using the online community responsibly and does not break these terms.
We may share the Personal Data we collect with
We require our service providers to protect the confidentiality and security of Personal Data, and to ensure that Personal Data is processed only for the provision of services on our behalf and in compliance with applicable law. Service providers are not authorized to use or disclose Personal Data, except as necessary to perform services on our behalf or to comply with legal requirements.
We may further disclose information about you (1) if we are required to do so by law or legal process, (2) to law enforcement authorities or other government officials, and (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer Personal Data we have about you in the event of a proposed or completed sale or transfer of all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
We offer you certain choices in connection with the Personal Data we obtain about you, such as how we communicate with you.
To update your preferences, ask us to remove your information from our marketing mailing lists or submit a request, please contact us as outlined in the Conclusion and Notice Section below.
You also can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails, and you can unsubscribe from Text Messages as outlined above.
To learn more about how to opt out of ad network interest-based advertising, please visit the customer opt-out pages at http://www.aboutads.info/choices/ and http://www.networkadvertising.org/choices/.
You may request to access, rectify or erase your Personal Data. You have the right to object to the processing of your Personal Data, restrict the processing of your Personal Data and exercise your right to data portability. Where you have given us your consent for our use of your Personal Data, you have the right to withdraw your consent at any time and we will apply your preferences for the future. We will respond to your questions or complaints relating to the processing of your Personal Data. If you are not satisfied with our responses, you have the right to lodge a complaint with a supervisory authority.
GDPR and DIY Real Estate Education
The GDPR (General Data Protection Regulation) will replace the current DPA (Data Protection Act) from 25th May 2018. The main aim of the regulation is to give citizens greater control over what can be done with their personal data by businesses, and DIY Real Estate Education is committed to the protection of the data of our instructors, vendors, and consumers.
Our GDPR process
We have completed a full audit of all our existing applications, websites, information systems and data processing activities. We have mapped out how and where we collect sensitive and personal data and confirmed our legal basis to hold onto it.
We worked with our vendors to ensure all data that we have a legal basis to hold is managed and processed in a way that is GDPR compliant. We have updated our policies and the language we are using for consent when we collect personal and sensitive information to meet the requirements of GDPR.
Finally, we have set up future workflows to ensure we are addressing privacy by design in the planning of any new projects. We are building the appropriate back-end systems to ensure we are compliant with our information security obligations and are equipped to effectively deal with data subject requests.
We broke down our initiatives into eight different focus areas as mapped out below:
Policies: We reviewed centrally located legal policies and guidelines and customised them where necessary. We made policies and guidelines accessible to staff and external customers. This includes incidence response and our Information Security policies and processes.
Applications: We identified enterprise applications that hold sensitive and personal data, investigated and implemented security measures, and identified and reviewed retention periods and policies.
Websites: We identified websites that collect personal data, and updated consent documentation to ensure that it is GDPR compliant. We also standardised collection mechanisms for future website publications.
Vendors: We identified vendors that store and/or process personal data and established additional security measures as necessary such as Stripe such as information shared with a with Stripe to process payments includes Name, Email, Address, Phone, City/State/Zip, Unique payment identifier, Payment provider identifier. Please visit https://stripe.com/gb/privacy on how they treat your payment information. Also we use WooCommerce for our checkout but as you are generally not sharing information about you as the customer with WooCommerce.com. For more information, please visit https://woocommerce.com/gdpr/ for more details on how they share your info. We reviewed agreements and are in the process of inserting model clauses and updating contracts where appropriate.
Legal Basis: We determined our measurement of legal basis to hold onto current data that we have a legitimate business reason to keep and discarded where no legal basis existed.
Privacy by Design: We developed a standardised process where all new products and projects will have a Data Impact Privacy Assessment conducted at the start. We have targeted staff who deal with personal data for training and prepared an ongoing training programme and onboarding procedure.
Data Subject Access Requests: We determined and implemented processes and documentation for
Access, Restrict Processing
Rectification, Data Portability
Erasure, Objections and Breach Escalation Process
Communications and Training: We worked with a core project team as well as business owners across all areas of DIY Real Estate Education to establish a general business awareness of GDPR and detailed expectations of the staff. We have regular meetings and communications pieces and will continue engagement up to, and beyond, May 2018.
Additional technical and organisational security measures we have in place to protect personal data
Access to our systems is granted on a need to basis; regular backups are taken and data is transmitted securely using HTTPS protocol. Systems are protected with anti-malware and patched regularly. Firewall and SIEM tools are in place to detect and prevent intrusion. Staff are also provided with regular cyber security and awareness training.
We maintain administrative, technical and physical safeguards designed to protect the Personal Data we have about you against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and nature of the processing of Personal Data.
We retain Personal Data for the period needed to fulfill the purposes for which Personal Data was collected and as otherwise required or permitted by applicable law, such as in relation to our record retention obligations.
The Services may be hosted in and managed from a country outside the country in which you initially provided the information, including the United States. When your Personal Data is transferred to (or accessed from) a country outside the European Economic Area (“EEA”) for which the European Commission has not issued an adequacy decision, we will implement appropriate safeguards to ensure that your Personal Data remains protected. This may include data transfer agreements, a copy of which you can obtain by contacting us as indicated in the How To Contact Us Section below.
However, your Personal Data may be accessed by the courts, law enforcement and national security authorities of the recipient country in accordance with applicable law. When we transfer your Personal Data, we will protect that information as described in this Privacy Notice.
For your convenience and information, our Services may provide links to third-party sites, apps and services that may be operated by companies not affiliated with DIY Real Estate Education LLC. These companies may have their own privacy notices or policies, which we strongly suggest you review. We are not responsible for the privacy practices of any non- DIY Real Estate Education LLC sites, apps or services.
This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our Personal Data practices. For significant changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Notice when it was most recently updated.
The entity responsible for the collection and processing of Personal Data in connection with the Services is the Company DIY Real Estate Education LLC registered in Indiana and whose registered offices are located at 13295 N Illinois St Ste 313, Carmel, IN 46032.
If you have any questions or comments about this Privacy Notice or the manner in which we or our service providers treat your Personal Data, would like to exercise your rights and choices, or would like us to update information we have about you or your preferences, please contact us as follows: Email us at firstname.lastname@example.org
As a user of our Website, if you feel that we are not following by this terms and conditions policy, you should contact us via mail at our offices at 13295 N Illinois St Ste 313, Carmel, IN 46032.