International Compliance Addendum
Last updated: April 2026
Seven Hills Iowa LLC is committed to complying with data protection and privacy laws in all jurisdictions where our users are located. The table below summarizes our compliance posture across applicable regulations worldwide.
This addendum supplements our Privacy Policy and should be read in conjunction with it.
| Region / Country | Applicable Law(s) | Key Requirements | Status |
|---|---|---|---|
| United States | COPPA (Children's Online Privacy Protection Act) | Verifiable parental consent for children under 13; privacy notices; data minimization for child data | ✓ Compliant |
| United States (CA) | CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act) | Right to know, delete, opt-out of sale; no discrimination; privacy notice at collection; authorized agents | ✓ Compliant |
| EU / EEA | GDPR (General Data Protection Regulation) | Lawful basis for processing; data subject rights; DPO appointment; DPIAs; 72-hour breach notification; international transfer safeguards | ✓ Compliant |
| EU / EEA | ePrivacy Directive (2002/58/EC) | Cookie consent; electronic communications privacy; prior consent for non-essential cookies/tracking | ✓ Compliant |
| United Kingdom | UK GDPR + Data Protection Act 2018 | Mirrors EU GDPR with UK-specific provisions; ICO as supervisory authority; UK IDTA for international transfers | ✓ Compliant |
| Canada | PIPEDA (Personal Information Protection and Electronic Documents Act) | Meaningful consent; purpose limitation; access rights; breach reporting to OPC | ✓ Compliant |
| Canada (Quebec) | Quebec Law 25 (Act Respecting the Protection of Personal Information in the Private Sector) | Privacy impact assessments; consent requirements; de-identification standards; transparency obligations | ✓ Compliant |
| Canada | CASL (Canada's Anti-Spam Legislation) | Express or implied consent for commercial electronic messages; unsubscribe mechanism; sender identification | ✓ Compliant |
| Australia | Privacy Act 1988 (incl. Australian Privacy Principles) | APP compliance; cross-border disclosure rules; notifiable data breaches scheme; consumer guarantees under ACL | ✓ Compliant |
| Brazil | LGPD (Lei Geral de Proteção de Dados) | Lawful basis for processing; data subject rights; DPO appointment; ANPD oversight; international transfer rules | ✓ Compliant |
| India | DPDP Act 2023 (Digital Personal Data Protection Act) | Consent-based processing; data principal rights; significant data fiduciary obligations; cross-border transfer restrictions | ✓ Compliant |
| Singapore | PDPA (Personal Data Protection Act 2012) | Consent obligation; purpose limitation; data breach notification to PDPC; data portability | ✓ Compliant |
| Japan | APPI (Act on the Protection of Personal Information) | Consent for sensitive data; cross-border transfer rules; PPC oversight; individual rights | ✓ Compliant |
| South Korea | PIPA (Personal Information Protection Act) | Consent requirements; data subject rights; PIPC oversight; mandatory breach notification; pseudonymization standards | ✓ Compliant |
| Argentina | PDPA (Personal Data Protection Act, Law 25.326) | Consent requirements; data subject rights; AAIP registration; adequacy-based cross-border transfers | ✓ Compliant |
| South Africa | POPIA (Protection of Personal Information Act) | Lawful processing conditions; data subject rights; Information Regulator oversight; cross-border transfer safeguards | ✓ Compliant |
| Philippines | DPA 2012 (Data Privacy Act of 2012) | Consent and legitimate interest; NPC registration; data subject rights; mandatory breach notification | ✓ Compliant |
| UAE | PDPL (Personal Data Protection Law, Federal Decree-Law No. 45/2021) | Consent for processing; data subject rights; cross-border transfer restrictions; data protection officer requirements | ✓ Compliant |
| Nigeria | NDPR (Nigeria Data Protection Regulation 2019) | Consent requirements; data subject rights; NITDA oversight; mandatory DPIAs for high-risk processing | ✓ Compliant |
| Kenya | DPA 2019 (Data Protection Act 2019) | Data subject rights; ODPC registration; cross-border transfer safeguards; mandatory breach notification | ✓ Compliant |
| Colombia | Law 1581 of 2012 (Statutory Law on Data Protection) | Consent requirements; data subject rights (habeas data); SIC oversight; cross-border transfer rules | ✓ Compliant |
| Chile | Law 19.628 (Protection of Private Life) | Consent for processing; data subject rights; source-of-data obligations; upcoming reform alignment | ✓ Compliant |
| Mexico | LFPDPPP (Federal Law on Protection of Personal Data Held by Private Parties) | ARCO rights (Access, Rectification, Cancellation, Opposition); privacy notice requirements; INAI oversight; consent requirements | ✓ Compliant |
This compliance addendum is reviewed and updated regularly. If you have questions about our compliance with any specific regulation, contact support@7genedu.com.
Contact
- Legal inquiries: support@7genedu.com
- Data Protection Officer: support@7genedu.com
- Company: Seven Hills Iowa LLC