Scroll Top

Data Security Policy

Introduction

Terra Education is dedicated to safeguarding the personal data of our customers, employees, and any other individuals whose data we collect and process. This Data Security Policy establishes our commitment to data security and privacy, ensuring compliance with the California Consumer Privacy Act (CCPA  and other applicable U.S. federal and state privacy and data protection laws.

As a California-based and headquartered company, Terra Education uses California privacy requirements as its primary compliance framework while generally aligning its data protection practices with recognized international privacy principles, including key concepts reflected in the General Data Protection Regulation (GDPR), where applicable.

Scope

This policy applies to all individuals, including employees, contractors, and third-party vendors, who handle personal data on behalf of Terra Education.

Data Protection Principles

Terra Education adheres to the following data protection principles:

  • Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and transparently, with clear purposes communicated to individuals.
  • Purpose limitation: Personal data is collected and processed for specified, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes.
  • Data minimization: Only the personal data reasonably necessary for the intended purpose is collected and processed.
  • Accuracy: Personal data is maintained as accurately as reasonably possible, kept up to date where appropriate, and corrected when inaccuracies are identified.
  • Storage limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected, to comply with legal obligations, or to support legitimate business operations.
  • Integrity and confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Data Security Measures

Terra Education implements robust data security measures, including:

  • Access Control: Access to personal data is restricted to authorized personnel based on the principle of least privilege.
  • Encryption: Personal data is encrypted both in transit and at rest using industry-standard encryption methods where appropriate.
  • Data Minimization: Only the minimum amount of personal data necessary for the intended purpose is collected and processed.
  • Data Retention: Personal data is retained only for the period necessary to fulfill the purposes for which it was collected, satisfy legal obligations, or support legitimate business needs.
  • Data Subject and Consumer Rights: Individuals are provided access to applicable privacy rights, including rights to access, correct, delete, and obtain information regarding their personal data, consistent with CCPA requirements and other applicable laws. Where GDPR or similar international privacy regulations apply, Terra Education endeavors to facilitate applicable rights in accordance with those requirements.
  • International Data Transmission: Transfers of personal data across jurisdictions are conducted in accordance with applicable legal requirements and appropriate safeguards.
  • Anonymization: Personal data is anonymized or de-identified where possible to minimize the risk of identification.
  • Data Sharing: Personal data is shared with third parties only when necessary and with appropriate contractual, technical, and organizational safeguards in place to protect data security and privacy.
  • Exemptions: Any exemptions to data protection obligations are assessed on a case-by-case basis and documented accordingly.
  • Complaints Handling: Terra Education maintains procedures for handling privacy and data protection complaints, including mechanisms for individuals to raise concerns regarding the processing of their personal information.
  • Conditions for Processing: Personal data is processed in accordance with applicable legal requirements, including lawful business purposes, contractual obligations, consent where required, and other recognized legal bases.
  • Data Quality: Terra Education maintains the quality and accuracy of personal data through regular reviews and updates as necessary.
  • Training: All employees receive comprehensive training on data security practices, their obligations under this policy, and applicable privacy and data protection laws.
  • Data Redaction and Pseudonymization: Personal data is redacted, de-identified, or pseudonymized where appropriate to protect sensitive information while still allowing for legitimate business use.
  • Profiling: Any profiling activities involving personal data are conducted in accordance with applicable legal requirements and with appropriate safeguards in place.
  • PCI Compliance: Terra Education, its parent company, and the platforms it uses to process customer payments meet or exceed all standards identified in the Payment Card Industry Data Security Standard (PCI DSS).

Policy Review & Updates

This Data Security Policy is regularly reviewed and updated to ensure alignment with evolving legal requirements, industry standards, and best practices in data security and privacy.

Contact Information

For inquiries or concerns regarding this policy or Terra Education’s data protection practices, please contact:

Korissa Zanrosso – korissa@experiencegla.com

Brett Scuiletti – brett@experiencegla.com

Document Control

This policy is maintained in a central document repository and made accessible to all relevant personnel. All updates and revisions to this policy are documented and tracked for transparency and accountability.

This policy is designed to reflect Terra Education’s commitment to privacy, security, and responsible data stewardship, with primary alignment to California privacy requirements under CCPA while incorporating broadly recognized privacy principles reflected in GDPR and other applicable data protection frameworks where relevant.

Learn More