Fastco English School

Legal

Privacy Policy

Last updated: May 14, 2026

1. Introduction

Fastco English School (“we”, “Fastco”) respects the privacy of users of the platform fastcoenglishschool.com(the “Platform”). This policy explains the types of personal data we collect, the purposes of its use, and your rights as a data subject in accordance with the spirit of Indonesia’s Personal Data Protection Law.

2. Data We Collect

  • Account data: full name, email address, password (hashed), date of birth.
  • Optional data: phone / WhatsApp number and school / institution.
  • Exam data: your answers, score, and time spent on each section.
  • Transaction data: payment amount, status, and vouchers used (no card data — handled directly by iPaymu).
  • Technical data: IP address, user agent, and device fingerprint, used for session security.

3. Purposes of Processing

  • To provide TOEFL ITP-style exam services as ordered by you.
  • To issue and verify official certificates.
  • To process payments through our payment partners.
  • To send notifications related to your account, transactions, and certificates via email.
  • To detect and prevent fraud and to keep your account secure.

4. Data Sharing

We do not sell your personal data. Data may be shared with:
  • iPaymu — to process payments.
  • Brevo — to send transactional emails.
  • Law enforcement authorities where required by applicable laws and regulations.

5. Your Rights

  • Access & correction: you can view and update your account data at any time from the profile page.
  • Account deletion: you can delete your account from the profile page. We will perform a soft delete + anonymization: your name becomes “Deleted User”, your email is hashed, and your phone number is removed. Certificate records remain valid for public verification with the name recorded at the time of issuance.
  • Withdrawal of consent: you can withdraw your consent by contacting our team at [email protected].

6. Data Retention

  • Active account data: retained for as long as the account is active.
  • Exam history & certificates: retained permanently because certificates are valid for life and required for public verification.
  • Transaction data: retained for at least 5 (five) years to comply with tax and accounting obligations.
  • Session & technical logs: retained for at most 12 (twelve) months for security and audit purposes.
  • Deleted accounts: PII (name, email, phone) is anonymized immediately; certificates remain verifiable using the name snapshot taken at issuance.

7. Security

We apply industry-standard security practices: HTTPS connections, passwords hashed with strong algorithms (Argon2/Bcrypt), a limit on the number of active sessions (maximum of 2 devices), and audit logs for administrative activity.

8. Cookies

We use technical cookies necessary for session authentication. For analytics and marketing we may also use Google Analytics 4 and the Meta Pixel, which set third-party cookies to measure traffic and support retargeting. These run only when configured by the administrator.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email and through a notice on the Platform.

10. Data Protection Officer (DPO) Contact

For questions, requests for access/correction/deletion of your data, or to report a data breach, please contact:

  • DPO Email: [email protected]
  • WhatsApp: 0821-3895-5530
  • Mailing address: Fastco English School, Blora, Central Java, Indonesia.

We will respond to requests within a maximum of 30 working days from the time the request is received and verified.