Last Updated: March 2026
Effective Date: March 2026
Lingoodle is an Irish company providing online Mandarin Chinese tutoring services for children, delivered exclusively as an enterprise benefit to employees of corporate partners.
Company Name: Lingoodle
Registered Country: Ireland
Data Controller: Lingoodle
Contact Email: hello@lingoodle.com
Lead Supervisory Authority: Irish Data Protection Commission (DPC)
For users located in the UAE: UAE Data Office (uaedataoffice.ae). For users with data processed through DIFC-registered enterprise clients: DIFC Commissioner of Data Protection.
This Privacy Policy applies to:
- Enterprise Partners — companies that purchase Lingoodle packages
- Parents and Guardians — who create and manage accounts on behalf of their children
- Children (Learners) — who use the Lingoodle tutoring service
We take the privacy of children extremely seriously. This policy complies with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL), and the US Children's Online Privacy Protection Act (COPPA). Note: COPPA applies to US users only.
We collect only the minimum data necessary to deliver our service.
| Data | Purpose | Lawful Basis |
|---|---|---|
| Company name | Account administration | Contract |
| Contact name | Account administration | Contract |
| Work email address | Communication and account access | Contract |
| Job title | Account administration | Legitimate interest |
| Payment information | Processed by Stripe — we never store card data | Contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Full name | Account creation and verification | Contract |
| Email address | Account access and communication | Contract |
| Confirmation of parental status | COPPA and GDPR Article 8 compliance | Legal obligation |
| Child's age range | Age-appropriate consent handling | Legal obligation |
| Data | Purpose | Lawful Basis |
|---|---|---|
| First name | Personalisation of sessions | Contract (via parent) |
| Course progress and assessment results | Delivery of educational service | Contract (via parent) |
| Session attendance records | Programme administration | Contract (via parent) |
We do not collect:
- Video recordings of sessions
- Photographs
- Sensitive personal data
- Behavioural or advertising data
- Any data beyond what is listed above
Under GDPR Article 8, children under 16 require parental or guardian consent for data processing. Lingoodle requires a parent or guardian to create and manage all child accounts. We do not accept account registrations directly from children.
For users in the United States, Lingoodle complies with the Children's Online Privacy Protection Act (COPPA) for children under 13.
For users located in the UAE, parental consent is required for all learners under the age of 18, in accordance with UAE Federal Decree-Law No. 45 of 2021 (PDPL). This applies to all Lingoodle learners in the UAE.
We do not profile, track, or analyse children's behaviour for any purpose beyond delivering the educational service. We do not serve advertising to children. We do not sell children's data.
We use the data we collect solely to:
- Create and manage accounts
- Deliver the Lingoodle tutoring programme
- Communicate with parents and enterprise partners about the programme
- Generate anonymised, aggregated Neural Capital Impact Summaries for enterprise partners
- Comply with our legal obligations
- Respond to data subject requests
The anonymised cohort summaries shared with enterprise partners contain no personally identifiable information relating to any individual child.
We share data only with the following approved sub-processors, each bound by GDPR-compliant Data Processing Agreements:
| Sub-Processor | Purpose | Location | Data Residency |
|---|---|---|---|
| Instructure (Canvas) | Learning management system | USA | EU |
| Zoom Video Communications | Live tutoring sessions | USA | EU |
| Stripe | Payment processing | USA | EU |
We do not share personal data with any other third party. We do not share data with any Chinese government entity or institution. No personal data is transferred outside the European Economic Area (EEA) except under appropriate safeguards (Standard Contractual Clauses) with the sub-processors listed above.
For users located in the UAE: Data processed on your behalf is stored on servers in the European Union. Under UAE Federal Decree-Law No. 45 of 2021 (PDPL) Article 22, this constitutes a transfer of personal data outside the UAE. The legal basis for this transfer is contractual necessity — the transfer is required to perform the tutoring services you or your employer has contracted for. For further information, contact hello@lingoodle.com.
| Data Type | Retention Period |
|---|---|
| Enterprise partner data | Duration of contract + 2 years |
| Parent account data | Duration of active subscription + 1 year |
| Child progress and attendance records | Duration of active subscription + 1 year |
| Payment records | 7 years (Irish tax law requirement); minimum 5 years for UAE-based clients (UAE VAT Law) |
| Anonymised cohort summaries | 3 years |
Payment records are also retained for a minimum of 5 years in accordance with UAE Federal Decree-Law No. 8 of 2017 (UAE VAT Law) for transactions involving UAE-based clients.
When retention periods expire, data is securely and permanently deleted.
Under GDPR, you have the following rights:
Under COPPA (US parents):
- Review personal information collected from your child
- Request deletion of your child's personal information
- Refuse further collection of your child's information
UAE residents have rights under UAE Federal Decree-Law No. 45 of 2021 (PDPL), including rights of access, correction, and erasure. UAE residents may raise complaints with the UAE Data Office (uaedataoffice.ae).
To exercise any of these rights, contact: hello@lingoodle.com
We will respond within 30 days.
Lingoodle implements appropriate technical and organisational measures to protect personal data including:
In the event of a personal data breach, Lingoodle will:
- Notify the Irish Data Protection Commission within 72 hours where required
- Notify affected individuals without undue delay where the breach poses a high risk
- Maintain a record of all breaches
For breaches affecting UAE residents, Lingoodle will additionally notify the UAE Data Office within 72 hours in accordance with UAE PDPL Article 14. For breaches involving data processed through DIFC-registered enterprise clients, the DIFC Commissioner of Data Protection will also be notified.
Lingoodle uses only essential cookies necessary for the platform to function. We do not use advertising, tracking, or analytics cookies on any pages accessible to children. Our cookie policy is available at lingoodle.com/cookies.
We will notify enterprise partners and parents of any material changes to this Privacy Policy by email at least 30 days before changes take effect.
Privacy enquiries: hello@lingoodle.com
If you are not satisfied with our response, you have the right to lodge a complaint with:
Irish Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie
US users may also contact:
Federal Trade Commission (FTC) at www.ftc.gov
UAE users may also contact:
UAE Data Office — uaedataoffice.ae