🎉 New here? Get 20% OFF your first lesson Use code: START20

Offer ends in: Loading...
GET STARTED
FOR BUSINESS
GIFT CARD
REFERRAL PROGRAM
FAQ
  1. Introduction
    Cirellum Limited (“Cirellum”, “we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains in detail how we collect, process, store, use, disclose and safeguard personal data when you access or use our website https://cirellum.com (the “Website”) and when you purchase or participate in our online language learning services.
    Cirellum Limited is incorporated in Ireland and operates in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Irish Data Protection Acts 1988–2018, and applicable ePrivacy regulations. We process personal data lawfully, fairly, and transparently, and only to the extent necessary to provide our services and fulfil our legal obligations.
    By accessing or using our Website and services, you acknowledge that you have read and understood this Privacy Policy.
  2. Data Controller
    Cirellum Limited is the Data Controller responsible for your personal data.
    Registered Office: Phibsborough Shopping Centre, Phibsborough Road, Dublin 7, D07 P80E, Ireland.
    Company Registration Number: 803398
    For all privacy-related inquiries and data subject requests, please contact us at: privacy@cirellum.com
  3. Data Protection Officer
    Cirellum Limited has assessed the nature, scope, context, and purposes of its personal data processing activities in accordance with Article 37 of the General Data Protection Regulation (EU) 2016/679. Based on this assessment, Cirellum has determined that the formal appointment of a Data Protection Officer is not mandatory at this stage of its operations, as the company does not engage in large-scale systematic monitoring of individuals, does not process special categories of personal data as a core business activity, and does not process personal data on a large scale as defined under Article 37(1) GDPR.
    Cirellum will keep this assessment under regular review as the business grows in terms of user base, processing volume, and service scope. A Data Protection Officer will be appointed if and when the applicable criteria under Article 37 GDPR are met. This page will be updated accordingly.
    In the meantime, all privacy-related inquiries, data subject requests, and GDPR-related concerns should be directed to: privacy@cirellum.com
  4. Scope of This Policy
    This Privacy Policy applies to all individuals who interact with Cirellum, including visitors of our Website, individuals who create registered accounts, individuals who purchase lesson packages or courses, students participating in online lessons, individuals contacting our support team, and tutors or contractors where applicable to user data interaction. This Policy applies only to adult users aged 18 years and older, as our services are strictly limited to adults.
  5. Categories of Personal Data We Collect
    We collect personal data directly from you, automatically through your use of our Website, and in limited circumstances from service providers involved in delivering our services.
    When you create an account, purchase lessons, or communicate with us, we may collect personal identifiers including your full name, email address, telephone number, billing address, and country of residence. We also collect account-related data such as login credentials stored in encrypted form, lesson history, booking records, payment status, and communications with tutors or support.
    When you purchase services, payment processing is handled exclusively through Stripe, our certified third-party payment processor. We do not store full credit or debit card details. We may receive transactional metadata such as payment confirmation, transaction reference ID, billing country, and partial card identifiers as provided by Stripe.
    During participation in lessons, we may process educational data such as language preferences, learning objectives, progress notes, lesson attendance records, homework assignments, tutor feedback, and related communications necessary to deliver the service.
    If lessons are recorded where applicable, we may process audio, video, and chat transcript data strictly for educational, quality assurance, or internal review purposes, and only where a lawful basis applies.
    When you access our Website, we automatically collect technical data including IP address, browser type, device information, operating system, pages visited, timestamps, referring URLs, and cookie identifiers.
    We do not intentionally collect special categories of personal data such as health data, biometric data, political opinions, or religious beliefs. Users are requested not to provide such data unless strictly necessary.
  6. Lawful Basis for Processing
    We process personal data under the lawful bases established by GDPR. Processing is primarily necessary for the performance of a contract, including account creation, lesson scheduling, tutor assignment, payment processing, and service delivery.
    We may also rely on legitimate interests to maintain platform security, prevent fraud, improve our services, conduct internal analytics, and manage business operations. In such cases, we ensure that our legitimate interests are not overridden by your fundamental rights and freedoms.
    Where required by law, we rely on your consent — particularly for non-essential cookies, marketing communications, or lesson recordings. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.
    We also process certain data to comply with legal obligations, including accounting, taxation, anti-fraud measures, and regulatory compliance under Irish and EU law.
  7. Purposes of Processing
    Your personal data is processed strictly for defined and legitimate purposes, including: providing online language learning services; facilitating lesson booking and scheduling; matching students with tutors; processing payments and maintaining financial records; managing customer support inquiries; ensuring platform functionality and security; preventing fraudulent or abusive behaviour; improving service quality and user experience; sending essential service communications; sending promotional communications where consent has been provided; and complying with legal and regulatory requirements.
    We do not sell personal data to third parties under any circumstances.
  8. Sharing and Disclosure of Data
    We may share personal data with trusted third-party service providers who assist us in operating our business, including hosting providers, Stripe as our payment processor, IT infrastructure services, analytics providers, communication tools, and cloud storage services. All such providers are contractually bound by data processing agreements and are required to implement appropriate security measures.
    Personal data necessary for lesson delivery may be shared with tutors assigned to you. Tutors are contractually obligated to maintain confidentiality and to process personal data only for the purpose of providing educational services.
    We may disclose personal data where required by law, regulatory authority, or court order, or where necessary to establish, exercise, or defend legal claims. In the event of a business restructuring, merger, acquisition, or asset sale, personal data may be transferred as part of the transaction, subject to appropriate safeguards.
  9. International Transfers
    Where personal data is transferred outside the European Economic Area (EEA) — for example, in connection with the use of Stripe or other cloud service providers — we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognised transfer mechanisms under Chapter V of GDPR.
  10. Data Retention
    We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained while the account remains active and for a reasonable period thereafter to allow for dispute resolution and legal compliance. Financial records are retained in accordance with Irish tax and accounting laws, typically up to six years. Marketing data is retained until consent is withdrawn. Lesson-related data is retained for a period consistent with operational and educational needs. Upon expiration of applicable retention periods, data is securely deleted or anonymised.
  11. Data Security
    We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. These measures include SSL/TLS encryption, secure hosting environments, access controls, password encryption, limited staff access on a need-to-know basis, contractual confidentiality obligations with all processors, and periodic security reviews.
    Payment data is handled exclusively by Stripe, which is certified to PCI-DSS Level 1 — the highest standard in the payments industry. Cirellum does not at any point access, store, or transmit full card numbers or CVV codes.
    Despite our efforts, no system can guarantee absolute security. Users are responsible for safeguarding their own account credentials and for notifying us immediately in the event of any suspected unauthorised access.
  12. Your Rights Under GDPR
    As a data subject under the General Data Protection Regulation, you have the following rights with respect to your personal data held by Cirellum Limited:
    Right of access (Article 15)
    You have the right to obtain confirmation of whether we process your personal data and, where we do, to receive a copy of that data together with information about how and why it is processed, the categories of data involved, the recipients with whom it is shared, and the expected retention period.
    Right to rectification (Article 16)
    You have the right to request the correction of inaccurate personal data we hold about you, and the completion of incomplete personal data, without undue delay.
    Right to erasure (Article 17)
    You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and no other lawful basis exists, where you object to processing and there are no overriding legitimate grounds, or where processing is unlawful. This right is subject to certain exceptions under applicable law, including our legal obligation to retain financial records.
    Right to restriction of processing (Article 18)
    You have the right to request that we temporarily limit the processing of your personal data in certain circumstances — for example, where you contest its accuracy, where processing is unlawful but you prefer restriction to erasure, or where we no longer need the data but you require it for legal claims.
    Right to data portability (Article 20)
    Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
    Right to object (Article 21)
    You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately and without requiring justification.
    Right to withdraw consent (Article 7(3))
    Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal. To withdraw consent for marketing communications, you may use the unsubscribe link in any email or contact us directly.
    Right to lodge a complaint (Article 77)
    You have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at any time if you believe that our processing of your personal data infringes GDPR. Contact details: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Website: www.dataprotection.ie. Telephone: +353 57 868 4800.
    How to exercise your rights
    To exercise any of the above rights, please submit a written request to privacy@cirellum.com with the subject line “Data Subject Request”. Please include your full name, the email address associated with your account, and a clear description of the right you wish to exercise and the data concerned. We may ask you to verify your identity before processing your request.
    We will acknowledge receipt of your request within 5 business days. We will respond in full within 30 days of receiving a valid, complete request, as required by Article 12 GDPR. In cases of complexity or where a high volume of requests is received, this period may be extended by a further two months, in which case we will notify you within the initial 30-day period and provide reasons for the extension.
    There is no fee for exercising your rights. However, where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable administrative fee or refuse to act, in accordance with Article 12(5) GDPR.
  13. Adult-Only Policy
    Our services are strictly limited to individuals aged 18 years or older. We do not knowingly collect personal data from minors. If we become aware that personal data of a minor has been collected without a lawful basis, we will promptly delete such data. If you believe that we may have inadvertently collected data from a minor, please contact us at privacy@cirellum.com.
  14. Third-Party Links
    Our Website may contain links to third-party websites, including social media platforms and external service providers. We are not responsible for the privacy practices, content, or data processing activities of such websites. We encourage you to review the privacy policies of any third-party sites you visit.
  15. VAT and Tax Status
    Cirellum Limited is not currently registered for Value Added Tax (VAT) in Ireland, as the company’s annual turnover does not exceed the applicable registration threshold of €40,000 for services under Irish VAT legislation. VAT registration will be obtained and disclosed on this page and in our Terms & Conditions as soon as the statutory threshold is reached or exceeded.
  16. Updates to This Policy
    We reserve the right to update this Privacy Policy at any time to reflect legal, operational, or regulatory changes. Updates will be posted on this page with a revised “Last Updated” date. Where changes are material, we will make reasonable efforts to notify registered users by email. Continued use of the Website after updates are published constitutes acceptance of the revised Policy.
    Contact
    For questions regarding this Privacy Policy, data protection matters, or to exercise your rights under GDPR, please contact:
    Cirellum Limited
    Phibsborough Shopping Centre, Phibsborough Road, Dublin 7, D07 P80E, Ireland
    Company Registration Number: 803398
    Privacy & Data Protection: privacy@cirellum.com
    General Support: support@cirellum.com
    Website: https://cirellum.com

You also have the right to lodge a complaint with the Irish Data Protection Commission at www.dataprotection.ie at any time.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies to provide the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team understand which sections of the website you find most interesting and useful.