X-Factor-Ed

What is your X-Factor?

Data Protection Policy – X-Factor-Ed S.A.C.

Data Protection Policy (Website) — X-Factor-Ed S.A.C.

Document owner: X-Factor-Ed S.A.C (X-Factor-Ed)
Applies to: Visitors and users of the X-Factor-Ed website at https://x-factor-ed.com/
Effective date: 31 January 2026
Last reviewed: 31 January 2026

This Data Protection Policy explains how X-Factor-Ed collects, uses, stores, and protects personal information through the Website, including where the Website links to or embeds third-party services such as YouTube.

1) Purpose

X-Factor-Ed is committed to protecting personal information and handling it responsibly, transparently, and securely. This policy sets out:

  • what personal information we collect via the Website
  • why we collect it and how we use it
  • who we share it with
  • how we store and protect it
  • how you can exercise your privacy rights

2) Scope

This policy covers personal information collected through the Website, including:

  • enquiries and messages you send us (e.g., via contact forms or email)
  • newsletter/updates sign-ups (if enabled)
  • analytics and cookies (if enabled)
  • embedded content and outbound links (e.g., YouTube links shown on the Website) (x-factor-ed.com)

This policy does not cover third-party websites you may visit via links from our Website; those providers have their own privacy practices.

3) Key definitions

  • Personal information / personal data: Information that identifies you or could reasonably identify you (e.g., name, email, IP address).
  • Processing: Any use of personal data
  • Controller: The entity deciding how and why personal data is processed (generally X-Factor-Ed for Website interactions).
  • Processor: A service provider processing data on behalf of the controller

4) Who we are (Data Controller details)

Data Controller: X-Factor-Ed
Contact: harry@x-factor-ed.com
Postal address: Jiron Juan de Aliaga 305, Dept 404, Magdalena del Mar, Lima 15076, PERU
Privacy Officer / Data Protection contact: Ian Stuart HILDEBRAND

5) What we collect

Depending on how you use the Website, we may collect:

A. Information you provide directly

  • Name
  • Email address
  • Phone number (if you provide it)
  • Organisation/school name (if you provide it)
  • Message/enquiry content and any attachments you send us

B. Information collected automatically

  • IP address
  • Browser type and device information
  • Pages visited, time on site, referring page
  • Approximate location (derived from IP)
  • Cookie identifiers (if cookies are enabled)

C. Information from embedded/linked services

The Website includes links to external platforms (e.g., YouTube links are visible on the Website). Those platforms may collect data independently when you click or view their content. (x-factor-ed.com)

6) How we collect personal information

We collect data through:

  • contact or enquiry forms (if present)
  • When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
  • An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
  • email communications
  • cookie consent tools
  • If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
  • If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
  • When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
  • If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
  • analytics tools (if present)
  • server logs and security monitoring
  • third-party embedded content or links (e.g., YouTube) (x-factor-ed.com)
  • Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
  • These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

7) Why we collect it (purposes)

We process personal information to:

  1. Respond to enquiries and provide requested information or services
  2. Provide and improve the Website, including performance and user experience
  3. Send updates/communications you request or opt into (and allow opt-out)
  4. Maintain security, prevent fraud, and protect Website integrity
  5. Meet legal obligations (e.g., record-keeping, compliance, dispute resolution)

8) Lawful basis for processing (where applicable)

Where privacy laws such as the GDPR/UK GDPR apply, we rely on these lawful bases:

  • Consent (e.g., newsletter sign-up, non-essential cookies)
  • Contract or steps prior to contract (e.g., responding to service enquiries)
  • Legitimate interests (e.g., website security, basic analytics, improving services) — balanced against your rights
  • Legal obligation (e.g., compliance with applicable laws)

9) Cookies and analytics

A. Cookies

Cookies are small files stored on your device. We may use:

  • Essential cookies: required for the Website to function
  • Preference cookies: remember choices (if enabled)
  • Analytics cookies: understand usage and improve the Website (if enabled)
  • Marketing cookies: only if you explicitly enable them (recommended: do not use unless necessary)

Your choice: If a cookie banner/consent tool is used, you can accept or reject non-essential cookies and change preferences later.

B. Analytics

If we use analytics (e.g., Google Analytics or similar), data may be processed in countries outside your own. We will take steps to ensure appropriate safeguards are used (see Section 11).

Action to finalise: List your exact cookie/analytics tools here (name + purpose + retention).
Example: “Google Analytics 4 — aggregated site usage statistics.”

10) Sharing and disclosure

We do not sell personal information.

We may share personal information with trusted service providers only as necessary, such as:

  • website hosting and infrastructure providers
  • email and communications providers
  • analytics providers (if enabled)
  • spam prevention/security services (if enabled)
  • professional advisers (legal/accounting) where required
  • regulators or law enforcement where legally required

All service providers should be contractually required to protect data and only use it for agreed purposes.

11) International data transfers

Some service providers may store or process data outside your country (including outside Australia, the UK, or the EEA). Where required, we will use appropriate safeguards such as:

  • contractual protections (e.g., Standard Contractual Clauses)
  • vendor security and privacy assessments
  • limiting data shared to what is necessary

12) Data security (how we protect information)

We take reasonable technical & organisational measures to protect personal data, including:

  • TLS/HTTPS encryption in transit
  • access controls and least-privilege access to admin systems
  • strong passwords and multi-factor authentication
  • regular updates/patching of website software and plugins
  • malware scanning and firewall protection (where available)
  • secure backups and recovery procedures
  • staff/contractor confidentiality obligations

If a data incident occurs, we follow a breach response process (Section 14).

13) Data retention

We keep personal information only as long as needed for the purpose it was collected, including legal and operational requirements.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

14) Data breaches (incident response)

If we suspect or confirm unauthorised access, disclosure, or loss of personal information, we will:

  1. contain and assess the incident (scope, risk, impacted data)
  2. remediate (patch, reset credentials, block malicious activity)
  3. notify affected individuals and relevant regulators where required by law
  4. document the incident and implement improvements

15) Your rights

Depending on your location and applicable law, you may have rights to:

  • request access to your personal information
  • request correction of inaccurate data
  • request deletion (where applicable)
  • object to or restrict processing (where applicable)
  • withdraw consent (for consent-based processing)
  • data portability (where applicable)
  • lodge a complaint with a regulator

How to exercise rights: Contact us at harry@x-factor-ed.com We may need to verify your identity before processing requests.

16) Children’s privacy

X-Factor-Ed services relate to education; however, the Website is intended for a general audience (including educators and organisations). We do not knowingly collect personal information from children through the Website without appropriate consent.

If you believe a child has provided personal information, contact harry@x-factor-ed.com and we will take steps to delete it where required.

17) Third-party links and embedded content

The Website may reference or link to third-party platforms (including YouTube links displayed on the Website). (x-factor-ed.com)
When you interact with third-party services, their privacy policies apply. We recommend reviewing those policies before providing information to those platforms.

18) Changes to this policy

We may update this policy from time to time to reflect changes to the Website, tools we use, or legal requirements. The updated version will be published on the Website with a revised effective date.

19) Contact and complaints

Privacy contact: harry@x-factor-ed.com
Postal address: Jiron Juan de Aliaga 305, Dept 404, Magdalena del Mar, Lima 15076, PERU

If you are not satisfied with our response, you may have the right to lodge a complaint with your local regulator (for example, the Office of the Australian Information Commissioner for Australia, the ICO for the UK, or an EU/EEA data protection authority where applicable).

https://x-factor-ed.com/ is hosted by WordPress.com