eLanguage CenterAll policies

Data Processing Addendum

Effective 3 June 2026 · Version 2026-06-03

This Data Processing Addendum (“DPA”) applies where an organisation (the “Customer”) uses eLanguage Center to process personal data of its learners. It forms part of the agreement between the Customer and MustardLabs (ABN 91 930 042 126), a sole trader which operates eLanguage Center. The Customer is the controller; eLanguage Center is the processor. Individual self-serve users are covered by the Privacy Policy instead, where eLanguage Center is the controller.

1. Scope and roles

eLanguage Center processes Customer personal data only to provide the service and only on the Customer’s documented instructions (including this DPA and the product configuration). The subject matter is IELTS preparation; the data subjects are the Customer’s learners and administrators; the data types are listed in the Privacy Policy.

2. Our obligations as processor

  • Process personal data only on the Customer’s instructions.
  • Ensure personnel are bound by confidentiality.
  • Implement appropriate technical and organisational security measures.
  • Assist the Customer with data-subject requests, security, breach notification, and impact assessments.
  • Delete or return Customer personal data at the end of the service, subject to legal retention.
  • Make available the information needed to demonstrate compliance.

3. Sub-processors

The Customer authorises the sub-processors listed on our Sub-processors page. We impose data protection terms on each that are no less protective than this DPA, and we give notice of changes so the Customer can object on reasonable grounds.

4. International transfers

Customer personal data is hosted in Sydney, Australia. Where transfers are subject to the GDPR, UK GDPR, or similar rules, they are made under Standard Contractual Clauses, the UK Addendum, or an adequacy decision, as applicable.

5. Breach notification

We notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer data, with the information the Customer needs to meet its own notification duties (for example, the GDPR’s 72-hour rule and Australia’s Notifiable Data Breaches scheme).

6. Data-subject requests

Where a learner contacts us directly, we will refer the request to the Customer unless legally required to act, and assist the Customer in responding. Learners can also self-serve access, portability, rectification and erasure from their profile.

7. Audit

On reasonable notice and subject to confidentiality, we make available records demonstrating compliance and allow audits as required by applicable law.

8. Accepting this DPA

Organisation customers can accept this DPA as part of onboarding or request a countersigned copy by emailing privacy@elanguagecenter.com.

Questions about this policy? Email privacy@elanguagecenter.com.