1. Our commitment
Terra Institute Ltd, operating as “Terra Institute”, and located in Sukabumi, Indonesia, values the privacy and information rights of Users and is committed to protecting your personal data with care. Although Terra Institute is incorporated in Sukabumi, the Terra Institute platform is still subject to the laws and regulations of Indonesia, specifically the Republic of Indonesia Law Number 27 of 2022 on Personal Data Protection (PDP Law).
Terra Institute complies with its legal obligations regarding personal data protection, not only for data subjects (Users) in Indonesia, but also to all Terra Institute Users worldwide.
2. Collection, processing and storage of data
The Terra Institute platform may collect and process personal data relating to past and present users and learners in the course of business. Terra Institute collects data directly from the User input but also in automated ways such as through system logs, cookies, web beacons and integration with third party service providers. Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking. This policy governs Terra Institute’s approach to data and does not apply to any third party organisations which may have integrated their systems to the Terra Institute platform.
3. Personally Identifying Information (PII)
Personally Identifying Information (PII) may be required to uniquely identify a User upon Registration (e.g. a personal email address) and other information may be required to complete purchases and receive certification if requested. You may also be invited to create a personal profile and resumé (including date of birth, existing education, work experience and career ambitions) and to generate or supply other personal information (such as completing personality, psychometric and workplace assessments) to build out your profile to determine your suitability for different careers, job opportunities and to establish your own tailored learning pathway. You will have the option to share or unshared some or all of this information in your own public profile.
Personal data is stored within your User account on the platform and access is completely restricted via encrypted networks and access permissions in order to ensure the highest levels of confidentiality and protection. No personal data is available to download or remove from the platform by employees or third parties, and Terra Institute ensures that only authorised personnel have online access to a User’s account data.
Users may decide to post comments on the Terra Institute Blog or interact with other Users in a way which is public or widely available to Terra Institute Users through postings, sharing, course reviews, direct communications, giving testimonials, uploading photos or commenting on different parts of the Terra Institute platform (“Shared Content” or “Public Posting”). Terra Institute will collect and store Public Postings and Shared Content which will become publicly available or viewable by others. When you share content or make a public posting you are consenting to granting Terra Institute a non-exclusive right and license to reproduce, distribute, publicly perform, offer, market and otherwise use and exploit the Public Postings and Shared Content. However Terra Institute is not responsible for how other Users may use such publicly available information or otherwise accessible to others who have access to the Services. Users are expected to use their discretion when making such posts. In the event that a User is selected as "Learner of the Day" or "Learner of the Month", the User agrees to allow Terra Institute to publish their Registration Information (except for your email address), Profile Information, and Course Information as well as your response to the accolade for marketing purposes and/or via Terra Institute Services.
4. Course information
After registration, a User can enroll in a course offered by Terra Institute or its affiliated Publishers. Aggregated data on age, gender (where available) and country of origin is shared with affiliated Publishers relating to the Users enrolled on the courses they teach, and is subject to a legal agreement between Terra Institute and each individual Publisher. There is no way for a Publisher to access or derive User level information from this aggregated information.
Terra Institute processes certain data relevant to the publication and playback of course content by publishers and learners. Certain data is collected to ensure Users, publishers and learner progress are uniquely identified and accurate records are maintained in order to deliver the Terra Institute learning service and to comply with relevant legal obligations. This will include regular emails to keep Users informed of their progress and make various suggestions and recommendations. Patterns of usage behaviour and course content evaluation is also collected and stored as metadata to help Terra Institute and Publishers improve the services and offer the most appropriate content and courses to registered Users.
5. Third party information processors and service providers
All User personal data is stored securely on third party cloud-based electronic storage and safeguarded. User purchases of physical goods require a home delivery address to process orders. Terra Institute uses payment processing and fulfilment partners who will receive sensitive PII to enable payment collection and when necessary, physical fulfilment. Highly sensitive data, such as credit card information and passwords are never received by Terra Institute (e.g. when you allow third party authentication via your social media sign-on, or by choosing third party payment providers such as Paypal or Stripe, that isolate Terra Institute from your payment details). Recurring payment details are stored by a third party payment provider that you choose and not by Terra Institute.
Although Terra Institute allows Users to register with their social media single sign-on (such as Facebook, Google, Linked-in etc.), the information available on these third party platforms is governed by their terms and information sharing practices. Terra Institute only takes necessary information from these social platforms (i.e. your name, email address, and country for legitimate purposes) and does NOT take any other personal or social information on your friends and contacts from these platforms.
Terra Institute tests and operates a number of analytical tags, scripts and tracking pixels (also known as web beacons) from third party providers such as Google, Facebook, Bing, and Hotjar) to enable browser and mobile analytics that measure page views and sessions. This helps Terra Institute understand User behaviours as the visit, navigate and leave the Terra Institute platform.
Terra Institute provides free learning supported through advertising services managed by third parties. Terra Institute both buys online ads and sells online ads through third party providers (e.g. Google AdWords, Bing, Facebook Ads and Google AdSense). Cookies and tracking pixels are used by advertising service providers as independent third party data controllers to enable personalised advertising to the User based on intent, search history and demographics built up by advertising service providers over time. Terra Institute has no access to these third party cookies or tracking technology nor any control over how third party advertising service providers use the data they collect.
6. Technical data collection
As an internet based service, web server log files are also collected and monitored for usage and behaviour patterns over time. User device information and IP addresses are also collected to understand platform traffic flows how each User interacts with Terra Institute Services and to ensure the right balance of technical support, customer service resources and device expertise is available to Users.
Terra Institute also stores and uses cookie information (a piece of text saved on each User’s device) to help track unique user sessions, to personalise Terra Institute Services for the User. Terra Institute stores Preference, Security, Functional and Session cookies to tailor the usage experience, securely automate User login and enable purchase transactions. Terra Institute uses web beacons to help monitor email communications with our registered Users to understand which messages are successfully delivered and read.
7. User consent and self-service control
By using Terra Institute Services and directly inputting your information on the platform, you the User are consenting to the collection and use of your data by Terra Institute. You have full access to your information through your user account, and are responsible for ensuring that you keep your personal details up-to-date through the platform. You have the power to modify your personal data and the power to deactivate your account and request the removal of your personally identifiable information when you delete your account. You may modify your email client, browser settings or use browser add-ons to control how cookies, beacons and other third party services work. Privacy settings are also provided on your mobile device operating system to give you more control over your data. Reducing the level of data shared and advertising options may reduce the quality of, or disable, some or all Terra Institute services.
To understand and control how the digital advertising industry uses your data please visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link. These help you to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, You can visit the Google Ads Settings page. Opting out means that your personal data is not used to personalise ads. Opting out does not mean you will not receive ads. Terra Institute has no affiliation nor control over these industry initiatives and how you use these tools is your own responsibility.
Terra Institute recognises the privacy interests of children. Parents and guardians need to take an active role in their children's online activities and interests. Digital consent is generally not legally recognised for children under the age of 13, or under the age of 16 where such children reside in the European Economic Area. Parents and legal guardians should not allow their children defined as such to register, enrol and learn on the Terra Institute platform without full time supervision. Terra Institute reserves the right to delete any User account that we discover was created by a child unable to give digital consent. If a parent or guardian discovers that Terra Institute has unlawfully collected the personal information from a child please contact our data protection officers who will take all reasonable steps to delete such information promptly.
8. Retention of data
Terra Institute is under a legal obligation to keep certain data for a specified period of time. Furthermore Terra Institute aggregates data and anonymises User accounts that are deleted so that it is no longer reasonably associated with an identified or identifiable natural person. Such Other Information is used by Terra Institute for other relevant business purposes for as long as necessary.
This may include keeping Other Information after the User has deleted their account for whatever period of time needed for Terra Institute to pursue its legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce commercial agreements.
9. Security and disclosure of data
The organisation will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of electronically stored data. The platform is large and public and subject to regular attack by hackers. The platform has been hardened extensively over time however no online system is perfect or immune from breach. Terra Institute has appropriate security measures in place to protect against unauthorised access. Safeguards are applied to the processing and retention of data. These include:
- Limitations on access to prevent unauthorised consultation, alteration, disclosure or erasure of personal data.
- Strict time limits for erasure of personal data in line with our retention policy.
- Logging mechanisms to permit verification of whether and by whom personal data has been consulted, altered, disclosed or erased.
- Pseudonymisation, anonymisation and encryption.
The platform databases are not accessible directly by employees or software developers other than authorised DevOps administrators. Multi factor authentication is required for all authorised DevOps administrators to ensure access to sensitive data is restricted to the maximum possible.
Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access.
Customer Support employees will have access to a certain amount of personal data relating to users and other third parties. Employees must not disclose User’s personal data, except where necessary in the course of their employment or in accordance with law. They must not remove or destroy personal data except for lawful reasons and with the permission of the organisation. Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal. All Terra Institute employees must adhere to the following data protection principles:
- Process data fairly, lawfully and transparently.
- Keep data only for specified, explicit and legitimate purposes.
- Process data only in ways which are compatible with the purposes for which it was given.
- Ensure data is accurate and up-to-date.
- Ensure data is adequate, relevant and limited to what is necessary for the purpose for which
10. Data transfers
Terra Institute may transfer personal data to countries outside the Indoensia where Terra Institute or its affiliates have servers located. When transferring personal data outside the Indoensia, Terra Institute takes appropriate steps to ensure that the recipient protects the privacy and security of personal data in accordance with applicable law. These steps may include:
- Entering into data transfer agreements with the recipient that require the recipient to protect personal data in accordance with applicable law.
- Requiring the recipient to comply with the General Data Protection Regulation (GDPR) or other applicable data protection laws.
- Encrypting personal data before transferring it outside the Indoensia.
11. Your rights
Under applicable law, you have a number of rights in relation to your personal data, including the right to:
- Access your personal data.
- Request that your personal data be corrected if it is inaccurate or incomplete.
- Request that your personal data be erased.
- Restrict the processing of your personal data.
- Object to the processing of your personal data.
- Receive your personal data in a structured, commonly used and machine-readable format.
- Port your personal data to another organisation.
You can exercise these rights by contacting Terra Institute's data protection officers at [email protected]
12. Changes to this policy
Terra Institute may change this policy from time to time. If we make any material changes to this policy, we will notify you by email or through the platform.
13. Contact us
If you have any questions or concerns about this policy, please contact Terra Institute's data protection officers at info@terra-institute.org