Intreea is an online educational platform, accessible at www.intreea.com  (the "Platform"), owned and administered by "Here’s How I Learn" Ltd., UIC 208219391, with its registered office and management address in Sofia, 5 Philip Stanislavov Street, email: hello@etokak.bg ("Data Controller").

I.     Definitions

For the purposes of this Privacy Policy, the following definitions will be used:

•   “Personal Data”  means any information by which an individual is identified or can be identified;

• “Data Subject” is an individual who is identified or can be identified based on certain information. In this case, the data subjects are the users of the website located at www.intreea.com;

•   “Processing” means any operation or set of operations performed on personal data or sets of personal data by automated or other means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making the data available, alignment or combination, restriction, deletion or destruction;

• “Data Controller” means a natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. In this case, the data controller is "Here’s How I Learn" Ltd., UIC 208219391.

II. Types of Personal Data and Purposes for Which They Are Collected, Basis for Collection

1.         Users can access and use the Platform through registration and the creation of a profile. In connection with the registration and use of the Platform on the user profile, the Administrator collects the following personal data:

For students: first and last name, email address, class/parallel, school, unique identifier on the platform, data on educational activity and progress;

For parents: first and last name, email address, relationship to child/children on the platform, data on activity on the platform;

For teachers, educational specialists, and other school employees: first and last name, email address, subject taught, data on activity on the platform. 

2. When using the Platform, the Administrator receives information from log files (a collection of system information about the user): IP address; ISP (Internet Service Provider); the browser that the user is using when visiting the Platform (e.g., Google Chrome, Internet Explorer, and Mozilla Firefox); the time the user spent on the Platform, which internal pages were visited, etc.

3. When a User visits the Platform, our web server automatically recognizes and collects the IP address of the User, which is assigned by the User's Internet Service Provider and does not identify the User personally by itself. The IP address may be processed by the Administrator for the purposes of revealing the identity of a specific User, in cases where this is necessary for compliance with the law, legal proceedings, or to adhere to this Privacy Policy, as well as for traffic analysis to the Platform, prevention of malicious attacks, blocking access of unscrupulous users, and other legitimate purposes.

4. To send a request to the Administrator for receiving a demo version of the Intreea educational tool representing the website, Users must provide their names and email address, as well as indicate whether they want to receive the demo version as a parent, teacher, or other specified role in the registration form.

5. The Administrator uses the provided personal data solely for the purposes of granting access to and using the Intreea educational tool, including the demo version. If the Administrator wishes to process the collected personal data for purposes other than those specified in this Privacy Policy, they will notify the Users and will change the processing purposes after obtaining consent from the users.

6. In connection with the use of the Platform, the Administrator does not require Users to provide and does not process personal data that reveals racial or ethnic origin; reveals political, religious, or philosophical beliefs or membership in trade unions; genetic and biometric data, data about sexual life or sexual orientation.

7. Access to the Platform at www.intreea.com can be achieved through Google Chrome, Internet Explorer, and Mozilla Firefox and other browsers, as well as through social networks – Facebook and Instagram. The website may integrate services related to social networks (e.g., social media messages), through which Users can communicate with the website.

8. The website www.intreea.com may maintain profiles on social networks. Each time a User accesses the website through a social network, the provider of the respective social network may allow the User to share information with us. If the User chooses to share, they will be informed by the social media provider what information will be shared with us. For example, when a User accesses the Platform through a social media profile, certain information (as permitted by the social media provider) may be shared with us. This may include the User's address, age, profession, or photos saved in their profile, etc. More information about the data that social networks share with us can be found in the respective privacy policies of the social networks used by the Users.

9. On the website www.intreea.com, social media buttons (Facebook, Instagram) are integrated. These buttons redirect Users directly to the provider's pages on these social networks. They are integrated on the website only as a link to the respective services. After clicking on the embedded icon representing the respective social media, Users will be redirected directly to it. 

10. The website www.intreea.com uses Google Analytics - a web service provided by Google for compiling detailed statistics about visitors to web pages. The statistics are collected on Google's server and are used by the website Administrator for the purposes of traffic analysis and improving the effectiveness of the website.  To maintain the functionalities of the website, as well as for other legitimate purposes, we use cookies. More information can be found in the Cookie Policy, which is an integral part of this Privacy Policy.

11. The processing of personal data of Users on the Platform is performed based on their voluntary, informed, freely, and clearly expressed consent, as well as other legally permitted grounds, in particular for the purposes of fulfilling the Administrator's obligations to Users, for compliance with a legal obligation applicable to the Administrator, and for the protection of the legitimate interests of the Administrator or a third party.

III. Automated Decision-Making and Profiling

12. The Administrator does not perform automated decision-making with data or profiling of Users.

IV. Provision of Personal Data to Third Parties, Transfer

13. The Administrator does not provide the personal data of Users collected in connection with the use of the website and the Platform to third parties, except in cases where such provision is required by law. Apart from the above, the Administrator/Processor uses cloud services for the purposes of the technological functioning of the Platform, which requires access to personal data of the Users of the Platform. The provider of the cloud services and the cloud services comply with all applicable requirements for the territory of the European Union.

14. The Administrator does not transfer personal data collected in connection with the use of the website and the Platform to third countries outside the European Union.

V. Storage of Personal Data

15. Maintaining the confidentiality and security of Users' personal information is of the highest priority for the Administrator, therefore the Administrator collects only the necessary amount of data through which Users can be identified.

16. The Administrator will keep any personal information provided by Users confidential unless disclosure is required by law or for technical purposes.

17. The personal data collected from Users in connection with the use of the Platform will not be provided for use, whether for a fee or free of charge, by the Administrator to anyone without the personal consent of the Users. Providing personal data to third parties without the consent of the respective data subjects may be carried out at the request of the respective state authorities and institutions, following the procedures and in cases specified in the applicable Bulgarian legislation.

18. The retention periods for the data vary and depend on the nature of the data. The criteria used to determine the retention periods for specific categories of personal data include:

1. The necessity of the data for maintaining and improving the Platform and the services provided through it;

2. The necessity of the data for maintaining the security of the systems and maintaining necessary commercial and financial (accounting, tax, etc.) documentation, as required by applicable legislation;

3. The period for which consent has been given for the processing of the data, if any;

4. Withdrawal of consent for the processing of personal data;

5. The necessity of retaining personal data for the purposes of investigation or legal dispute, consideration of complaints and grievances;

6. Existence of a legal term that obliges the Administrator/Processor to retain personal data for a specific period;

7. Existence of other legal grounds for processing personal data beyond consent.

VI. Measures for Protection of Personal Data

19. The Administrator takes the necessary technical and organizational measures to protect the data from accidental or unlawful destruction, accidental loss, unauthorized access, alteration, or dissemination, as well as from other forms of unlawful processing.

20. The technical and organizational measures taken by the Processor are:

1. Data is stored in the territory of the European Union;

2. Data is encrypted during transmission (HTTPS / TLS);

3. Sensitive data is encrypted during storage;

4. Access to the data is limited based on roles (student / teacher / administrator);

5. Strong authentication and password management;

6. Regular backups are made;

7. Logging and monitoring of accesses;

8. Environment segmentation (production/test).

VII. Users' Rights Regarding the Processing of Personal Data

21. Users have certain rights under applicable legislation regarding the personal data that the Administrator processes. Users have the following rights regarding the personal data processed by the Administrator and may exercise these rights at any time, as applicable:

•       to request access to and receive information about the personal data stored by the Administrator, as well as information regarding the purposes of processing, categories of personal data, recipients to whom the personal data may have been disclosed, etc.;

•       to request correction of inaccurate data collected about them, as well as completion of incomplete data, if appropriate and/or necessary in light of the purpose for which the data is processed;

•       to withdraw their consent for the use of their personal data that they have provided (if such consent has been requested by the Administrator). In this case, the withdrawal of consent for the use or processing of Users' personal data may result in the inability to use all functionalities of the website;

•       to be "forgotten", i.e., Users may request at any time for their personal data to be deleted upon the occurrence of one of the following grounds:

a) the personal data is no longer necessary for the purposes for which it was collected or processed in another way;

b) if the User has withdrawn their consent for processing their personal data;

c) if the personal data is processed unlawfully;

d) if the User has objected to the processing of their personal data;

e) in other cases provided for by legislation governing the protection of personal data;

•       to request, instead of deletion of their personal data, restriction of processing in specific cases defined by applicable law;

•       to lodge an objection with the Administrator against the processing of their personal data, in case of a legal ground for such.

22. All of the listed legal rights can be exercised by submitting a written request in free form to the following email address: hello@etokak.bg. The written request must contain at least the following: full name, email, and other identifying information of the individual; description of the request; preferred form for providing the information. Submitting the request is completely free of charge. The timeframe for reviewing the request is one month from the date of receipt of the request.

23. In case of violation of applicable European and national legislation in the field of personal data protection and/or this Privacy Policy, Users have the right to lodge a complaint with the Commission for Protection of Personal Data.

This Privacy Policy comes into effect on February 19, 2026.