Privacy Policy

From all users

• Email address (used as your sign-in identity)
• IP address and basic device data, for security and abuse prevention
• Cookies and similar technologies — see our Cookie Policy
• Communications you send us (support emails, contact form submissions)

From Faculty applicants and Faculty

• Name, phone, country, time zone
• Primary subject (instrument, voice, dance, drama, etc.), other subjects you teach, styles, languages
• Bio, headshot, portfolio link, sample video URL, social-media URLs
• Teaching style, levels you teach, age ranges, qualifications, years of experience
• Zoom Personal Meeting Room URL (used to deliver lessons)
• Banking and tax info via your chosen payout provider (Airwallex or PayPal account ID; we do not store full bank details — those live with the payout provider)
• Independent Contractor Agreement consent timestamp
• Application disclosures (background checks consent, prior disciplinary history if disclosed)

From Students (and parents booking for students)

• Name and email (collected by Shopify at checkout)
• Order history (lessons, masterclasses, studio classes purchased)
• Lesson date and time preferences (when you book)
• Messages you exchange with faculty through the in-portal messaging system

From bookings and lessons

• Lesson notes, homework, and next-focus content created by Faculty
• Recording links (when both parties consent)
• Cancellation, no-show, and reschedule events
• Faculty earnings ledger

• To deliver the Platform and process bookings, lessons, and masterclasses
• To match Students with Faculty
• To send transactional emails (sign-in codes, booking confirmations, lesson reminders, post-purchase guidance)
• To process payments (via Shopify) and Faculty payouts (via Airwallex or PayPal)
• To improve the Platform — performance monitoring, error logging, aggregate usage analytics
• To detect and prevent abuse, fraud, and security threats
• To enforce our Terms, Acceptable Use Policy, and IC Agreement
• To comply with legal obligations (tax reporting, audit, sanctions screening, lawful requests from authorities)
• To respond to support requests and resolve disputes

Legal bases (for users in the EU/UK under GDPR): contract (to deliver the Platform); legitimate interest (to operate, improve, and secure); consent (for any optional marketing emails, which we do not currently send); legal obligation (for tax/audit/regulatory compliance).

• Shopify Inc. (Canada) — payment processing, order management, customer accounts. The storefront at theglobalconservatory.com runs on Shopify.
• Vercel Inc. (United States) — hosting of portal.theglobalconservatory.com (this site).
• Airwallex Hong Kong Limited (Hong Kong) — recommended payout rail for faculty. Faculty have a direct relationship with Airwallex; we share payout instructions only.
• PayPal Pte. Ltd. (Singapore) — alternative payout rail for faculty. Same model as Airwallex.
• Resend Inc. (United States) — transactional email delivery (sign-in codes, booking confirmations, reminders).
• Zoom Communications — video platform for lessons. Zoom processes audio/video; we do not access lesson recordings unless both parties explicitly grant access.
• Appointo (Shopify app) — calendar / booking widget.
• Faculty ↔ Student visibility — Faculty can see basic info (name, email, instrument, lesson notes) about Students who book with them. Students can see Faculty bios and the Faculty's contact information after a booking.
• Legal compliance — when required by valid legal process or to protect rights, safety, and property.

We never sell personal information. We do not share for cross-context behavioural advertising. We do not run third-party advertising pixels (no Google Ads, no Meta Pixel, no TikTok Pixel) on the portal.

TGC is operated from Hong Kong. Our infrastructure providers may host or process data in the United States, the European Union, Hong Kong, Singapore, and other regions. By using the Platform you consent to such transfers.

For transfers from the EU/UK we rely on the European Commission's Standard Contractual Clauses (or the UK equivalent) and on our sub-processors' own GDPR-compliant safeguards. We perform vendor due-diligence on every sub-processor we engage.

• Account data: kept while your account is active, plus 90 days after deletion to handle late refunds, chargebacks, and audit trails.
• Order data: kept for 7 years to satisfy tax and audit obligations.
• Lesson notes: kept while either the Faculty or the Student has an active account.
• Email logs (delivery status): kept for 90 days for deliverability diagnostics.
• Application materials (for Faculty applicants who weren't accepted): kept for 12 months in case you reapply, then deleted.
• Server access logs: kept for 30 days for security investigations.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten" under GDPR)
• Restrict or object to certain processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent (where processing is consent-based)
• Lodge a complaint with your local data-protection authority (e.g. UK ICO, Irish DPC, Hong Kong PCPD, California Attorney General)

To exercise any of these rights, email info@theglobalconservatory.com. We respond within 30 days (or sooner where required by your local law).

Hong Kong PDPO (our home jurisdiction): Hong Kong residents can exercise data-access and correction requests under the Personal Data (Privacy) Ordinance through the same email channel.

For California residents (CCPA/CPRA): you may make CCPA requests via the same email. We do not sell or "share" (as defined by CCPA) personal information.

We currently send only transactional emails (sign-in codes, booking confirmations, lesson reminders, application status updates) — not marketing emails. If we begin sending marketing communications in the future, we will:

• Make them optional (opt-in for new users; opt-out for existing users with at least 30 days' notice)
• Include an unsubscribe link in every message
• Respect opt-out preferences within 7 days

See our Cookie Policy for the full list. Summary:

• Portal (portal.theglobalconservatory.com): a single session cookie (tgc_portal_session) for sign-in. Strictly necessary; no consent required.
• Storefront (theglobalconservatory.com): Shopify sets its own cookies for cart, checkout, and Shopify-native analytics (anonymised). See Shopify's Cookie Policy.
• No third-party advertising tracking on either domain. No Google Ads pixel, no Meta Pixel, no TikTok pixel, no LinkedIn Insight tag.

Industry-standard security in place across the Platform:

• TLS 1.2+ everywhere (HTTPS only); HSTS enforced
• Encrypted data at rest in our hosting providers
• Scoped access tokens for all third-party APIs (Shopify, Resend, Zoom)
• HMAC webhook signature verification (rotating secrets)
• Per-IP and per-account rate limits to prevent enumeration and credential stuffing
• Least-privilege admin access (role-based access control inside the portal)
• Idempotency keys on payment webhooks to prevent duplicate charges
• Magic-link OTP authentication (no passwords stored)
• Session cookies are HttpOnly, Secure, SameSite=Lax, and rotate on sign-in

No system is perfectly secure. If we discover a breach affecting you, we will notify you per Section 11.

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware (GDPR-aligned standard)
• Notify affected users without undue delay, by email to your account address
• Describe the nature of the breach, what data was affected, what we are doing about it, and what you should do

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the most recent version. We will give at least 30 days' advance notice of material changes by email and/or by prominent notice on the Platform. Continued use after the effective date constitutes acceptance.

Kalinklo Limited
Hong Kong SAR
info@theglobalconservatory.com