TutorBaba

Flat 10% discount on every order

Order via WhatsApp 👉

Order via WhatsApp 👇

+91 7717763500
Become an Expert
+91 7717763500
Become an Expert
Order Now
tutorbaba
Order Now
tutorbaba
Order Now

Privacy Policy

Last updated: __ (20th May 2025)

We are committed to keeping your personal data/information private, confidential, and secure. We understand the sensitivity of your personal data, which needs to be kept protected, except as used in a limited and defined way as outlined in our privacy policy published herein below, with a firm dedication and assurance of redressal whenever called upon alleging breach or even otherwise.

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to TutorBaba.
  • Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analysing how the Service is used.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to TutorBaba, accessible from www.tutorbaba.com
  • You mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data

We collect this information to provide and improve our Service, and for other purposes as outlined in this policy, with your explicit consent.

Usage Data

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information from Third-Party Social Media Services

The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services:

  • Google
  • Facebook
  • Instagram
  • Twitter
  • LinkedIn
If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal data that is already associated with Your Third-Party Social Media Service’s account, such as Your name, Your email address, Your activities, or Your contact list associated with that account.

You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service’s account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:

  • Cookies or Browser Cookies A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
  • Necessary / Essential Cookies
    • Type: Session Cookies
    • Administered by: Us
    • Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance Cookies
    • Type: Persistent Cookies
    • Administered by: Us
    • Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality Cookies
    • Type: Persistent Cookies
    • Administered by: Us
    • Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our Service, products, services, marketing, and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyse the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures, and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You, and view Your profile.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The duration of data retention will be in compliance with applicable laws and regulations.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. We adopt reasonable security practices and procedures, including administrative, physical, and technical controls, to protect Your Personal Data.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Compliance with Indian Data Protection Laws

We comply with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Consent

We collect and process personal data only after obtaining explicit consent from the user. This consent can be withdrawn at any time by contacting us.

Purpose Limitation

We collect personal data only for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimization

We ensure that personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Security Practices

We implement and maintain reasonable security practices and procedures, including administrative, physical, and technical controls, to safeguard personal data.

Retention of Data

Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.

User Rights

Users have the right to access, correct, or delete their personal data, and to withdraw consent at any time. They can exercise these rights by contacting us.

Disclosure to Third Parties

Personal data is disclosed to third parties only with the user’s consent, or as required by law, and we ensure that third parties have equivalent data protection measures in place.

Transfer of Data

We transfer personal data to other jurisdictions only if adequate data protection measures are in place, and with the user’s consent.

For Users in Canada

If you are a user from Canada, kindly note that we will process information only after obtaining your consent for processing or using your personal data for a specific purpose or in situations where implied consent is applicable. You can withdraw your consent at any time.

In some cases, we may have legal permission under applicable law to process your data without consent, such as:

  • If the collection is for an individual’s interest and we cannot obtain consent in a timely manner.
  • If the collection is necessary for assessing, processing, and settling an insurance claim for a witness statement.
  • If it is reasonable to expect collection and use with consent would compromise data availability and accuracy, and the collection is reasonable for investigating a breach of an agreement or an infringement of the Canadian province or laws.
  • If an individual produced it during the course of their profession or business, and the collection is consistent with the purpose of data production.
  • If the collection is for sole purposes like art, journalism, and literature.
  • If the data is publicly available, as specified by the regulations

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which sets the ground rules for handling users’ personal information during commercial activities. We abide by the fundamental principles of PIPEDA, including accountability, identifying purposes, consent, accuracy, safeguards, limiting collection, openness, individual access, limiting use, disclosure, and retention, and challenging compliance.

The Privacy Act (RSC, 1985, c. P-21) governs how the federal government manages the data it collects and uses personal information from its employees and the general public. The Act gives individuals inside or outside Canada the right to request data access held by the federal government and request correction. The legislation aims to protect individuals’ privacy and provide them with the right to access their personal data.

Canada’s Anti-Spam Legislation (CASL) is the federal law that handles spam and other electronic threats. It is responsible for investigating false or unsolicited electronic messages, alteration of data transmission, and deceptive marketing practices. Unregulated data collection or collecting data by violating the applicable laws can result in a hefty penalty of up to CAD 100,000 under PIPEDA and CAD 10,000 under CASL.

For Users in the USA

California Residents' Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits our users, who are residents of California, to request information from us once a year without any charge. The personal information would be in categories we disclosed to other parties for marketing purposes, including the names and addresses of all the parties with whom we shared data the preceding year. As a California resident, you can place similar requests by sharing your queries with us through our contact information provided below. If you are below 18 and have availed of our services, you can write to us to remove unwanted data or public posts on the services. Contact our team immediately, and remember to include the email address you used to register and a residential statement suggesting you are a California resident. We assure you that none of your information will be publicly displayed on the availed services. However, kindly be aware that data will not be completely removed from our systems for legal, safety, and other factors abiding by the law.

CCPA Privacy Notice

Under the California Code of Regulations, a “resident” is:

  • Anyone who is in California for a temporary or transitory purpose.
  • Any individual domiciled in California but currently outside the state for a transitory or temporary purpose.

If either of the definitions applies to you, ensure you abide by certain legal rights and obligations related to personal data.

Rights under the CCPA

The CCPA provides California residents with specific rights for the protection of personal data, including:

  • Right to Notice: You have the right to be notified before data collection. You also have the right to know which categories of information are being collected and processed and for what purpose.
  • Right to Request: You have the right to ask us to disclose information to you regarding data collection, use, sale, sharing, and disclosure of information for business purposes.
  • Right to Say No or Opt-Out: You have the right to opt-out of the sale of personal information. Note: WE DO NOT SELL YOUR DATA TO THIRD PARTIES.
  • Right to Delete: You have the right to request us to delete your personal data. Once you confirm, we will delete your records unless an exceptional situation arises. We will also direct our network providers to do the same.

However, we may deny your request in case your data is necessary for:

  • Completing the transaction, providing the requested services, taking anticipatory actions for your ongoing professional relationship, or otherwise performing our contract with you.
  • Helping ensures security and integrity, using your personal information reasonably and proportionately for necessary purposes.
  • Debugging products to identify and repair unintended errors in the existing functionality.
  • Exercising free speech to ensure another consumer’s rights in exercising their free speech right or other legal rights.
  • Engaging in public or peer-reviewed scientific, statistical, or historical research for public benefit while adhering to applicable ethics and privacy laws when deleting data may seriously impair the achievement of research that you had previously given consent for.
  • Enabling solely internal uses aligned with your expectations based on your relationship with our team.
  • Complying with a legal obligation to ensure no one is discriminated against. You have the right to exercise your consumer rights without any discrimination.

Moreover, you can exercise your rights in the following situations:

  • Denying your services or products.
  • Providing unacceptable or different quality products or services.
  • Charging different rates, use of discounts, or imposing penalties.
  • Suggesting you will receive the products or services at a different level of services.

Correcting inaccurate personal data on request. Once you confirm the request, we will correct your details in our records. Limiting the use and disclosure of sensitive information. That said, be aware that we don’t use or disclose any sensitive information to other parties.

Exercising the CCPA Data Protection Rights

As a California resident, you can exercise your CCPA rights by contacting us with the details shared in the last section below. If you are an authorized agent submitting the request on behalf of a consumer, you should have a copy of the written authorization signed by a particular consumer.

After receiving your request, we will verify your identity to determine if you are the same person on whom we have all the necessary information in our system. To verify, we will ask you certain questions or request you to provide certain information that matches your previous information shared with us. For example, we may ask you for information we already have, like your phone or email address. If required, we may use another verification process to determine your identity or authority to make a request. If you cannot verify the primary identification information, we may ask for more safety and fraud prevention information. We will delete all the additional information after verification.

US Penalties

CCPA (California Consumer Privacy Act)

Violating the CCPA can result in civil penalties of up to $7,500 for every violation. In case of a wilful violation, the penalty is $2,500 per violation, while for inadvertent violation after notice, 30 days are offered to find a cure. A user can seek statutory damages of $100 and not more than $750 per consumer in every occurrence, or actual damages, whichever is greater, brought by them for violating security breach.

VCDPA (Virginia Consumer Data Protection Act)

If the processor continues to violate the VCDPA after 30 days of the cure period, or if the processor fails to comply with a written statement by the Attorney General, the Attorney General will announce action on behalf of the Commonwealth. S/he will seek an injunction to prevent VCDPA violations and a civil penalty close to $7,500.

CPA (Colorado Privacy Act)

According to the Colorado Consumer Protection Act, a violation is an act of deceptive trade practice. Even though the CPA does not have a fixed penalty amount, the Colorado Consumer Protection Act stipulates a penalty of $20,000 per violation.

UCPA (Utah Consumer Privacy Act)

Under the UCPA, the Attorney General has enforcement responsibilities, and entities must be informed in writing of the suspected violations and given 30 days to correct them. They can file a lawsuit for uncured offenses and seek damages and civil fines of $7,500 from the consumer for every violation. Even though there’s no private right of action, local privacy laws are pre-empted based on statute.

For Users in New Zealand

Harmful Digital Communications Act (HDCA)

The HDCA is intended to deter, prevent, and lessen harmful digital communication, cyberbullying, and harassment. Furthermore, it suggests that digital communication should not:

  • Disclose sensitive information.
  • Be obscene or offensive.
  • Be grossly indecent.
  • Be used for harassment.
  • Make false allegations.
  • Break someone’s confidence.
  • Encourage someone to send harmful messages deliberately.
  • Encourage someone to harm someone.
  • Be used for demeaning others based on color, race, religion, ethnicity, gender, disability, and sexual orientation.

The Act empowers users to take action against the alleged breaches and resolve the issue with the help of a suitable legislative body.

Anti-Spam Law/Unsolicited Electronic Messages Act (UEMA)

The main intent of UEMA is to identify spam sent from, to, or within New Zealand. This Act allows users to raise complaints against the company sending spam messages. The company can also be fined for spamming with SMS, faxes, email, and other instant messages. However, please note that UEMA doesn’t cover the following:

  • Telemarketing.
  • Internet pop-ups.
  • Warranty information.
  • Response to a quote.
  • Confirmation of a previously agreed arrangement.
  • Employment-related or benefit information.
  • Services or products related to the previous purchase.
  • Factual information about an ongoing membership.

Consent doesn’t end by clicking “unsubscribe.” A business can use an existing database with previously given consent. However, you can complain if you continue to receive spam despite unsubscribing or not giving consent. In such cases, a business can be fined up to $500,000 for compensation for the losses.

Privacy Act 2020

The Privacy Act 2020 aims to promote and protect individual privacy by giving effect to international privacy standards and providing a framework for ensuring security for personal data, including your access to information and practicing other rights and interests. There are 13 privacy principles related to data storage, use, collection, and disclosure of information, and an individual’s right to access personal information and request correction.

Penalties in New Zealand for the unregulated collection of personal data are either NZ$10,000, the cost of damages from such a violation, or the blocking of the resource.

For Users in SAR (South African Republic)

Protection of Personal Information Act 4 of 2013

The Protection of Personal Information Act 4 of 2013 assures to:

  • Promote personal information protection processed by different bodies.
  • Introduce specific conditions for establishing minimum requirements for personal data processing.
  • Provide for establishing an Information Regulator for exercising certain powers and performing duties in terms of this Act and the Promotion of Access to Information Act, 2000.
  • Provide to issue codes of conduct.
  • Provide for people’s rights regarding unsolicited electronic communications and automated decision-making.
  • Regulate the flow of personal information across Republic borders for connected matters.

Cybercrimes Act No. 19 of 2020 ('Cybercrimes Act')

Under South African law, cybercrimes are treated as a criminal offense. The Act mandates everyone to clearly understand the regulations before prosecuting them. Cyber extortion, cyber fraud, malicious communication, and unlawful access to the computer system are some of the cybercrimes listed in this Act.

Furthermore, unregulated collection of personal data that is collected by violating the applicable law can invite the following penalties:

  • Fine and/or imprisonment for a maximum term of ten years.
  • Fine and/or imprisonment for a maximum term of 12 months.
  • The amount of the fine is from EUR 10,000 to EUR 520,000 in the equivalent.

In addition, from February 1st, 2022, data collection can begin only after obtaining the appropriate permission from the owner of such data. Therefore, it is necessary to install a pop-up on the site that will appear when entering from the territory of South Africa, which will request permission to collect and process and only after that let on the site.

For Users in the United Arab Emirates (UAE)

UAE Federal Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
The PDPL is the primary legislation governing personal data protection in the UAE. It applies to the processing of personal data within the UAE, including data collected online or offline. As a user in the UAE, you have the following rights:

  • Right to Consent: We must obtain your explicit consent before collecting, processing, or sharing your personal data unless the processing is necessary for fulfilling a legal obligation or protecting your vital interests.
  • Right to Access and Correction: You have the right to request access to your personal data that we hold, and to request corrections to any inaccuracies.
  • Right to Deletion: You may request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected, or if you withdraw your consent.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You can object to the processing of your personal data in certain circumstances, such as for direct marketing purposes.

Cross-Border Data Transfers

Cross-border data transfers are permitted under the PDPL if the recipient country ensures an adequate level of data protection, or with your explicit consent. Transfers may also occur if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Violations of the PDPL can result in substantial administrative fines. The penalties can range from AED 50,000 to AED 1 million, depending on the nature and severity of the breach. The UAE Data Office has the authority to impose these penalties, which may also include suspending data processing activities or taking other corrective actions.

For Users in Kuwait

Kuwait Electronic Transactions Law (Law No. 20 of 2014)

Kuwait does not have a comprehensive data protection law, but the Electronic Transactions Law provides some protection for personal data in electronic communications and transactions. As a user in the UAE, you have the following rights:

  • Right to Data Security: We are obligated to protect the confidentiality, integrity, and availability of your personal data during its collection, processing, and storage.
  • Right to Consent: Your explicit consent is required before we can process your personal data, except in situations where processing is necessary for compliance with legal obligations or for the performance of a contract.
  • Right to Access: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.

Cross-Border Data Transfers

The transfer of personal data outside Kuwait is restricted and requires either your explicit consent or a legal basis for the transfer, such as the performance of a contract. Transfers must ensure that the recipient provides adequate protection for your personal data.

Penalties

Violations of the Electronic Transactions Law, particularly related to unauthorized access, misuse, or disclosure of personal data, can result in fines ranging from KD 500 to KD 5,000. In severe cases, violations can also lead to imprisonment for up to two years.

For Users in Israel

Israel Protection of Privacy Law, 1981

The Protection of Privacy Law (PPL) is Israel’s principal data protection legislation, which applies to all entities processing personal data within Israel. As a user in the UAE, you have the following rights:

  • Right to Information: We must inform you about the purposes of collecting and processing your personal data and obtain your explicit consent.
  • Right to Consent: Your consent is required before we collect or process your personal data unless processing is necessary for compliance with a legal obligation, the performance of a contract, or the protection of vital interests.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Erasure: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.

Cross-Border Data Transfers

Cross-border data transfers are restricted unless the recipient country provides an adequate level of protection, or if you have given your explicit consent. Transfers may also occur based on specific contractual clauses approved by the Israeli Privacy Protection Authority.

Penalties

Non-compliance with the PPL can result in fines of up to NIS 1 million (approximately USD 300,000) for severe breaches. Criminal penalties may include imprisonment for up to five years for offenses such as unauthorized processing or intentional breaches of data protection regulations.

For Users in Uzbekistan

Uzbekistan Law on Personal Data (2019)

The Law on Personal Data regulates the collection, processing, and storage of personal data in Uzbekistan. It applies to all entities processing personal data within Uzbekistan. As a user in the UAE, you have the following rights:

  • Right to Consent: Your explicit consent is required before we process your personal data, except where processing is necessary for compliance with a legal obligation or for the performance of a contract.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Deletion: You can request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected or if you withdraw your consent.
  • Right to Object: You can object to the processing of your personal data in certain circumstances.

Cross-Border Data Transfers

Cross-border data transfers are only permitted to countries that provide adequate protection for personal data, or with your explicit consent. The transfer may also be permitted if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Violations of the Law on Personal Data can result in administrative fines ranging from UZS 5 million to UZS 50 million (approximately USD 450 to USD 4,500). In cases of severe or repeated violations, criminal charges may be brought, potentially leading to imprisonment.

For Users in Qatar

Qatar Law No. 13 of 2016 on the Protection of Personal Data

Qatar’s data protection law provides a comprehensive framework for the protection of personal data. It applies to all entities processing personal data within Qatar. As a user in the UAE, you have the following rights:

  • Right to Information: We must inform you about the purposes for which your data is collected and processed, and obtain your explicit consent.
  • Right to Consent: Your explicit consent is required before we can collect, process, or share your personal data unless processing is necessary for compliance with a legal obligation or the performance of a contract.
  • Right to Access, Correction, and Deletion: You have the right to access your personal data, request corrections for inaccuracies, and request the deletion of your data when it is no longer necessary.
  • Right to Object: You can object to the processing of your personal data for specific purposes, such as direct marketing.

Cross-Border Data Transfers

Cross-border data transfers are restricted under Qatari law and are only permitted to countries with adequate levels of data protection or with your explicit consent. Transfers may also occur if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Non-compliance with Qatar’s data protection law can result in fines ranging from QAR 1 million to QAR 5 million (approximately USD 275,000 to USD 1.37 million). Additional sanctions may include the suspension of data processing activities or other corrective actions as determined by the Qatari authorities.

For Users in Saudi Arabia

Saudi Arabia Personal Data Protection Law (PDPL), 2021

The PDPL is Saudi Arabia’s primary legislation governing personal data protection, applicable to all entities processing personal data within the Kingdom. As a user in the UAE, you have the following rights:

  • Right to Consent: We must obtain your explicit consent before collecting and processing your personal data unless processing is necessary for compliance with a legal obligation or the performance of a contract.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Deletion: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You can object to the processing of your personal data in certain circumstances, such as for direct marketing purposes.

Cross-Border Data Transfers

Cross-border data transfers are restricted and require regulatory approval unless the recipient country provides adequate protection or you have given your explicit consent. Transfers may also occur if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Violations of the PDPL can result in fines of up to SAR 5 million (approximately USD 1.33 million). Repeated violations may lead to doubled fines and the possibility of additional sanctions, such as suspension of data processing activities.

For Users in Jordan

Jordan Electronic Transactions Law

Jordan does not have a comprehensive data protection law, but the Electronic Transactions Law governs data privacy in electronic communications. Key rights include:

  • Right to Data Security: We are required to protect the confidentiality, integrity, and availability of your personal data during its collection, processing, and storage.
  • Right to Consent: Your explicit consent is required before we can process your personal data, except in situations where processing is necessary for compliance with legal obligations or for the performance of a contract.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Deletion: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.

Cross-Border Data Transfers

The transfer of personal data outside Jordan is restricted and requires either your explicit consent or a legal basis for the transfer, such as the performance of a contract. Transfers must ensure that the recipient provides adequate protection for your personal data.

Penalties

Violations of the Electronic Transactions Law can result in penalties, including fines ranging from JD 500 to JD 5,000 (approximately USD 700 to USD 7,000). Severe breaches may also lead to imprisonment for up to three years.

For Users in Russia

Russia Federal Law on Personal Data No. 152-FZ

The Federal Law on Personal Data regulates the processing of personal data in Russia. As a user in the UAE, you have the following rights:

  • Right to Consent: We must obtain your explicit consent before processing your personal data, except where processing is necessary for compliance with a legal obligation or for the performance of a contract.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Deletion: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Cross-Border Data Transfers

Russia mandates the localization of personal data within the country, meaning personal data of Russian citizens must be stored on servers within Russia. Cross-border data transfers are only permitted to countries that provide adequate protection or with your explicit consent.

Penalties

Violations of the Federal Law on Personal Data can result in fines ranging from RUB 10,000 to RUB 75,000 (approximately USD 130 to USD 1,000) for minor breaches. Severe violations, such as unauthorized cross-border data transfers or breaches of data localization requirements, can lead to fines of up to RUB 18 million (approximately USD 240,000). In some cases, criminal charges may result in imprisonment.

For Users in the United Kingdom (UK)

UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018

The UK GDPR and Data Protection Act govern the processing of personal data in the UK. As a user in the UAE, you have the following rights:

  • Right to Notice: We are required to inform you about the purposes for collecting and processing your personal data, and the legal basis for processing.
  • Right to Access and Correction: You have the right to access your personal data and request corrections if it is inaccurate or incomplete.
  • Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You can object to the processing of your personal data for specific purposes, such as direct marketing.

Cross-Border Data Transfers

Cross-border data transfers are restricted under the UK GDPR and may only take place if the recipient country provides an adequate level of protection for personal data or with your explicit consent. Transfers may also occur if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Non-compliance with the UK GDPR can result in significant penalties, including fines of up to £17.5 million or 4% of annual global turnover, whichever is higher. The Information Commissioner’s Office (ICO) has the authority to impose these penalties, which can also include corrective actions such as suspension of data processing activities or orders to delete data.

For Users in Turkey

Turkey Law on the Protection of Personal Data No. 6698

The Law on the Protection of Personal Data (KVKK) regulates the processing of personal data in Turkey. As a user in the UAE, you have the following rights:

  • Right to Information: We must provide you with information about how your personal data will be processed, including the purposes of collection and the legal basis for processing.
  • Right to Consent: Your explicit consent is required before we can process your personal data, unless processing is necessary for compliance with a legal obligation or the performance of a contract.
  • Right to Access, Correction, and Deletion: You have the right to access your personal data and request corrections if it is inaccurate or incomplete. You can also request the deletion of your data when it is no longer necessary.
  • Right to Object: You can object to the processing of your personal data in certain circumstances, such as for direct marketing purposes.

Cross-Border Data Transfers

Cross-border data transfers are only permitted under KVKK if the recipient country provides an adequate level of protection or with your explicit consent. Transfers may also occur if necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims.

Penalties

Violations of KVKK can result in significant fines, administrative sanctions, and other penalties. Fines can range from TRY 5,000 to TRY 1 million (approximately USD 340 to USD 68,000), depending on the nature and severity of the violation. The Personal Data Protection Authority (KVKK) may also impose additional sanctions, such as orders to suspend data processing activities or mandates to delete unlawfully processed data.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: 

By visiting the contact us page on our website: www.tutorbaba.com

OTP Verification

Enter 4 digit OTP sent to your registered email address.

If you don’t see the email, check your spam/junk folder.

Don’t receive the OTP? Resend OTP