Privacy Policy

Last Updated: March 10, 2026

Version: 2.0

1. Introduction

This Privacy Policy explains how our organization uses the personal data we collect from you when you use our website. We are committed to protecting your privacy and ensuring the security of your personal data in transparent, clear, and plain language.

2. Data Controller

The data controller responsible for your personal data is SOI Asia. Our contact information is available at the end of this Privacy Policy.

3. What Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address, full name, and User ID provided by our authentication provider (SOI Asia IdP).
  • Profile Information: Gender, university name and department, course/major of study, academic status, grade/year, student ID number (optional), and email addresses.
  • Enrollment Information: Programs and courses you enroll in, enrollment dates, statuses, completion records, and withdrawals.
  • Technical Data: IP address (specifically for consent logging), user agent (browser information), login timestamps, and session information.

4. How We Use Your Data and Our Legal Basis

Under the GDPR, we must have a lawful basis to process your data. We will process your personal data for the following specific purposes and legal bases:

  • Performance of a Contract: We process your Account, Profile, and Enrollment information to manage your registration, process course enrollments, track your academic progress, and communicate with you regarding your courses.
  • Consent: We rely on your explicit consent to place non-essential cookies on your device and to share your information with optional educational partners. You have the right to withdraw this consent at any time.
  • Legal Obligation: We will process and retain certain data, such as consent logs and deletion request records, to comply with our legal and regulatory accountability requirements under the GDPR.
  • Legitimate Interest: We process your Technical Data to ensure system security, prevent fraud, and generate anonymized statistical reports to improve our educational services.

5. Statutory and Contractual Requirements

Providing your basic Account Information and Profile Information is a contractual requirement necessary to enter into an enrollment agreement with us. Consequence of failing to provide data: If you do not provide the required personal data, you will be unable to register for an account or enroll in any courses on the platform.

6. Data Sharing and Recipients

To facilitate your educational experience, we share your personal data with the following specific categories of recipients:

  • Authentication Providers: Your login data is processed in conjunction with the SOI Asia IdP for secure authentication.
  • Course Instructors:: We share your name, academic status, and enrollment data with the instructors leading the specific courses you request to join.

7. Automated Decision-Making and Profiling

We do not use your personal data for automated individual decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you. All course enrollment approvals and rejections involve human intervention from our administrators or instructors.

8. Data Retention

We will keep your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Our strict retention periods are:

  • Active users: 5 years from your last login activity.
  • Inactive users: 2 years from your last login activity.
  • Enrollment records: 3 years after course completion, or 1 year after voluntary withdrawal.
  • Consent and audit logs: 7 years to fulfill legal accountability obligations. Once these periods expire, your personal data will be securely deleted or permanently anonymized so it can no longer be associated with you.

9. Your Data Protection Rights

We want to ensure you are fully aware of all your data protection rights. Every user is entitled to the following:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data (such as processing based on legitimate interest), under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you in a standard format (JSON).
  • The right to withdraw consent: Where we process your data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

10. Data Breach Notification

We implement robust technical and organizational measures to protect your data, including TLS/SSL encryption for data in transit, role-based access controls, input sanitization, and pseudonymization. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours.

11. Children's Privacy

Our platform is intended strictly for users aged 16 and older. We do not knowingly collect personal data from children under the age of 16 without explicit parental consent. If you believe a child under 16 has provided us with personal data, please contact us immediately so we can delete the information.

12. Changes to This Policy

We keep this Privacy Policy under regular review. If we make material changes to how we process your data by updating the "Last Updated" date at the top of this document.

13. Contact and Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our data practices:

Contact Us

Email: privacy@soi.asia
Keio University – SOI Asia Haneda Campus Zone-K K504, Haneda Innovation City 1-1-4 Hanedakuko Ota-ku Tokyo 144-0041

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

Quick Actions

Download My Data Manage Consent Delete Account Terms of Service