Privacy Policy
Last updated: August 10, 2025
Our Commitment to Data Protection
Investa Prime is committed to protecting your personal information and respecting your privacy rights. This privacy policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our educational services, with particular attention to our advertising data practices and partnerships with Google, Facebook, and Microsoft.
We operate under the principles of transparency, data minimization, and user control. Our advertising partnerships enable us to deliver relevant educational content while maintaining high standards for data protection and user privacy rights.
This policy applies to all information collected through our website, related services, and interactions with our educational programs. By using our services, you acknowledge that you have read and understood this privacy policy.
Data Collection by Advertising Platforms
Google Services Data Collection
Google Analytics Data Points: Page views, session duration, bounce rates, user flow patterns, device information (browser type, operating system, screen resolution), geographic location (country, region, city), referral sources, and interaction events with our educational content.
Google Ads Conversion Data: Form submissions, course page visits, contact requests, newsletter signups, demographic information, interest categories based on browsing behavior, and remarketing audience assignments for educational content targeting.
Cross-Device Tracking: When you're signed into your Google account, Google may associate your activity across devices to create comprehensive user profiles for more effective educational content delivery and measurement.
Data Integration Points: IP addresses (for geographic targeting), cookie identifiers, device IDs, referring website information, search terms used to find our site, and time stamps of all interactions.
Retention Periods: Google Analytics retains user and event data for 26 months by default. Google Ads remarketing lists retain visitor information for up to 540 days depending on interaction frequency and settings configuration.
Facebook/Meta Data Collection
Facebook Pixel Tracking: Page views, button clicks, form interactions, scroll depth, time spent on pages, course interest indicators, and conversion events related to educational inquiries and enrollments.
Custom Audience Creation: Website visitor data is hashed and matched against Facebook user profiles to create targeted advertising audiences interested in stock market education and investment training courses.
Behavioral Data Collection: User engagement patterns, content preferences, interaction sequences, device information, browser characteristics, and behavioral signals indicating interest in financial education topics.
Cross-Platform Integration: Facebook connects website behavior data with user activity across Facebook, Instagram, WhatsApp, and other Meta platforms to build comprehensive advertising profiles and deliver relevant educational content.
Data Retention: Facebook maintains website visitor data for remarketing purposes for up to 180 days, with some aggregated data retained longer for advertising optimization and measurement purposes.
Microsoft/Bing Data Collection
Universal Event Tracking (UET): Page visits, goal completions, user actions, conversion events, session data, and engagement metrics specifically related to our trading education courses and investment training programs.
Remarketing Data Collection: Website visitor segments, page category interactions, content engagement levels, course interest indicators, and user behavior patterns for creating targeted advertising audiences.
Search Integration Data: Search query data from Bing searches, click behavior on Microsoft advertising network, demographic insights, and interest-based targeting information related to financial education topics.
Microsoft Account Integration: When users are signed into Microsoft accounts, data may be linked across Microsoft services including Office 365, LinkedIn, and other Microsoft properties for enhanced advertising targeting.
Data Retention Policies: Microsoft retains UET conversion data for up to 390 days maximum, with remarketing audience data maintained according to user interaction frequency and campaign requirements.
How We Use Your Data
Purposes of Processing
Service Delivery and Contract Fulfillment: Processing course enrollments, delivering educational materials, providing customer support, managing user accounts, and fulfilling our contractual obligations for trading education services.
Marketing and Advertising Optimization: Creating targeted advertising campaigns, measuring advertisement effectiveness, building remarketing audiences, personalizing content recommendations, and improving our marketing strategies for educational services.
Analytics and Performance Measurement: Understanding website usage patterns, measuring user engagement with educational content, analyzing course completion rates, and optimizing the user experience for our learning platforms.
Fraud Prevention and Security: Detecting and preventing fraudulent activities, protecting against unauthorized access, maintaining website security, and ensuring the integrity of our educational platform and user accounts.
Legal Compliance and Obligations: Meeting regulatory requirements for educational service providers, tax obligations, data protection compliance, and responding to legal requests from authorities when required by law.
Legal Basis for Processing
Consent
For marketing communications, cookies and tracking technologies, advertising personalization, and newsletter subscriptions. You can withdraw consent at any time.
Legitimate Interest
For website analytics, security measures, fraud prevention, improving our services, and conducting business operations necessary for educational service delivery.
Contract Performance
For providing educational services, course delivery, customer support, payment processing, and fulfilling our obligations under service agreements.
Legal Obligation
For tax reporting, regulatory compliance, responding to legal requests, maintaining records as required by law, and meeting educational service provider obligations.
Data Sharing with Third Parties
Advertising Partners
Google (Analytics, Ads, Tag Manager): Receives website interaction data, conversion events, user behavior patterns, and demographic information for advertising optimization and measurement of our educational content marketing effectiveness.
Meta/Facebook (Pixel, Conversions API): Processes visitor behavior data, course interest signals, and conversion events to create targeted advertising audiences and measure the performance of our investment education campaigns.
Microsoft (Bing Ads, Clarity): Collects user engagement data, conversion tracking information, and website usage patterns for advertising optimization across Microsoft's network and search platforms.
Programmatic Advertising Networks: Third-party advertising exchanges may receive anonymized behavioral data for delivering relevant educational content advertisements across various websites and platforms.
Retargeting Platforms: Specialized remarketing services process visitor data to deliver personalized advertisements related to our trading courses and investment education programs across the internet.
Service Providers
Web Hosting Providers: Process website data, user interactions, and technical information necessary for maintaining our educational platform and ensuring reliable service delivery to students.
Email Service Providers: Handle subscriber information, engagement metrics, and communication preferences for delivering course updates, educational content, and marketing communications.
Payment Processors: Securely process financial information, transaction data, and billing details for course enrollments while maintaining PCI DSS compliance standards.
Customer Support Tools: Access user inquiries, support interactions, and account information to provide effective assistance and resolve issues related to our educational services.
Cloud Storage Services: Store user data, course materials, and system backups in secure cloud environments with appropriate encryption and access controls to protect student information.
International Data Transfers
EU-US Data Privacy Framework: We work with service providers that participate in recognized data transfer frameworks, ensuring adequate protection for personal data transferred outside the European Union.
Standard Contractual Clauses (SCCs): When transferring data to countries without adequacy decisions, we implement European Commission-approved Standard Contractual Clauses to ensure appropriate safeguards.
Adequacy Decisions Compliance: We prioritize working with service providers in countries recognized by the European Commission as providing adequate levels of data protection.
Data Localization Requirements: Where required by local laws, we ensure that certain categories of data are processed and stored within specific geographic boundaries.
Your Rights and How to Exercise Them
GDPR Rights (EU/UK Residents)
Right to Access
Request a copy of all personal data we have collected about you, including data from advertising platforms and analytics services.
Right to Rectification
Correct any inaccurate or incomplete personal data we hold about you in our systems and third-party platforms.
Right to Erasure
Request deletion of your personal data, subject to certain legal exceptions and business requirements for record-keeping.
Right to Restrict Processing
Limit how we process your data while disputes are resolved or when you contest the accuracy of your information.
Right to Data Portability
Receive your personal data in a structured, machine-readable format for transfer to another service provider.
Right to Object
Opt-out of marketing communications, profiling activities, and direct marketing based on legitimate interests.
CCPA Rights (California Residents)
Right to Know: Understand what personal information we collect, the sources of collection, our business purposes for collection, and the categories of third parties with whom we share information.
Right to Delete: Request deletion of personal information we have collected about you, subject to certain exceptions for business operations and legal compliance requirements.
Right to Opt-Out: Opt-out of the sale or sharing of personal information for advertising purposes. Note that we do not sell personal information in the traditional sense but may share data for advertising.
Right to Non-Discrimination: Receive equal service and pricing regardless of whether you exercise your privacy rights, though some services may be limited if you restrict data processing.
Right to Correct: Request correction of inaccurate personal information we maintain about you in our systems and with our service providers.
Platform-Specific Privacy Controls
How to Exercise Your Rights
Contact Form: Use our website contact form to submit privacy-related requests. We will verify your identity before processing requests involving personal data access or deletion.
Platform Privacy Settings: Use the direct platform controls linked above to manage advertising preferences and data usage settings for Google, Facebook, and Microsoft services.
Browser Privacy Controls: Modify cookie settings, enable Do Not Track signals, and use private browsing modes to limit data collection during website visits.
Response Timeframe: We will respond to your privacy requests within 30 days for GDPR requests and 45 days for CCPA requests, with possible extensions if complex processing is required.
Data Retention and Deletion
Data Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact Form Data | 3 years from last interaction | Customer service and business relationship management |
| Analytics Data (Google) | 26 months | Website optimization and user experience improvement |
| Marketing Data | Until consent withdrawn or 2 years inactive | Email marketing and advertising personalization |
| Legal Records | As required by law (typically 5-7 years) | Regulatory compliance and legal obligations |
| Security Logs | 90 days | Security monitoring and incident investigation |
Deletion Procedures
Automatic Deletion: Data is automatically deleted after retention periods expire through automated systems and scheduled data purging processes to ensure compliance with our retention policies.
Manual Deletion Upon Request: When you request data deletion, we manually remove your information from our systems and coordinate with third-party service providers to ensure comprehensive data removal.
Anonymization Alternative: In some cases, instead of deletion, we may anonymize your data by removing all personally identifiable information while preserving aggregated analytics for business purposes.
Backup Systems Purging: Deleted data is also removed from backup systems within 30-90 days, depending on backup rotation schedules and technical requirements for data recovery systems.
Third-Party Deletion Coordination: We work with advertising platforms and service providers to ensure your data is also deleted from their systems when you request comprehensive data removal.
Exceptions to Data Deletion
Legal Obligation to Retain: Some data must be retained for tax purposes, regulatory compliance, or legal proceedings, even when deletion is requested by the user.
Legitimate Business Purposes: Data necessary for ongoing contractual relationships, warranty obligations, or business operations may be retained until these purposes no longer apply.
Security and Fraud Prevention: Information related to security incidents, fraud prevention, or safety concerns may be retained longer to protect our users and business operations.
Freedom of Expression: Publicly posted content may be retained if deletion would interfere with freedom of expression rights or public interest considerations.
Research and Statistics: Anonymized data used for research, statistics, or historical purposes may be retained indefinitely as it no longer identifies individuals.
Data Security Measures
Technical Safeguards
Encryption: All data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption methods to protect against unauthorized access.
Access Controls: Multi-factor authentication, role-based permissions, and principle of least privilege ensure only authorized personnel can access personal data.
Security Monitoring: Continuous monitoring systems detect unusual activity, potential breaches, and security threats in real-time with automated response protocols.
Regular Audits: Periodic security assessments, penetration testing, and vulnerability scans ensure our systems maintain high security standards and compliance.
Secure Infrastructure: Use of reputable cloud service providers with SOC 2 compliance, regular security certifications, and robust infrastructure security measures.
Organizational Controls
Limited Access Policy: Personal data access is restricted to employees who need it for their specific job functions, with regular access reviews and updates.
Confidentiality Agreements: All staff and contractors sign comprehensive confidentiality agreements covering data protection responsibilities and privacy obligations.
Privacy Training: Regular training programs ensure all team members understand data protection requirements, privacy laws, and best practices for handling personal information.
Incident Response: Established procedures for detecting, reporting, and responding to data breaches or security incidents with appropriate notification timelines.
Vendor Management: Thorough security assessments of all third-party service providers with contractual data protection requirements and regular compliance monitoring.