SMC

    GDPR Compliance

    Harzel, Inc. t/a Stock Market College

    Last updated: January 2026

    Harzel, Inc., trading as Stock Market College ("Company", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

    This page provides information about your rights as a data subject and how you can exercise them. This information should be read together with our Privacy Policy, Cookie Policy, and other legal documents.

    1. Our Commitment to GDPR

    We are committed to ensuring that your personal data is processed lawfully, fairly, and transparently. We have implemented appropriate technical and organisational measures to protect your data and uphold your rights.

    Our data protection practices are designed to comply with the GDPR, the Protection of Personal Information Act (POPIA) of South Africa, and other applicable international data protection laws.

    2. Your Data Subject Rights

    Under the GDPR, you have the following rights regarding your personal data:

    2.1 Right of Access

    You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is processed.

    2.2 Right to Rectification

    You have the right to request correction of inaccurate personal data or completion of incomplete data we hold about you.

    2.3 Right to Erasure ("Right to be Forgotten")

    You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

    2.4 Right to Restriction of Processing

    You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

    2.5 Right to Data Portability

    You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

    2.6 Right to Object

    You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

    2.7 Right to Withdraw Consent

    Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

    2.8 Rights Related to Automated Decision-Making

    You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

    3. How to Exercise Your Rights

    To exercise any of your data subject rights, please submit a request to us using the contact details below. Your request should include:

    • Your full name and email address associated with your account
    • A clear description of the right you wish to exercise
    • Any relevant details to help us locate your data
    • Proof of identity (we may request this to verify your identity)

    We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will inform you of any such extension.

    There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

    4. Legal Basis for Processing

    We process personal data under the following legal bases:

    • Contractual Necessity: To fulfil purchases, deliver products, and provide services you have requested
    • Consent: For email marketing, cookies, and optional communications (which you can withdraw at any time)
    • Legitimate Interests: To operate, secure, and improve our business, provided this does not override your rights
    • Legal Obligation: To comply with tax, accounting, regulatory, and legal requirements

    5. Data Retention

    We retain personal data only for as long as necessary to:

    • Fulfil the purposes for which it was collected
    • Provide ongoing access to products and services
    • Comply with legal, accounting, and regulatory obligations
    • Resolve disputes and enforce our agreements

    When data is no longer required, it is securely deleted or anonymised.

    6. International Data Transfers

    Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your country of residence, including the United States.

    Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognised mechanisms to protect your data.

    7. Data Security

    We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

    • Encryption of data in transit and at rest
    • Secure access controls and authentication
    • Regular security assessments and updates
    • Staff training on data protection

    8. Third-Party Processors

    We engage trusted third-party service providers to help operate our business. These processors are contractually obligated to:

    • Process data only on our instructions
    • Maintain appropriate security measures
    • Assist us in responding to data subject requests
    • Delete or return data upon termination of services

    Our processors include payment providers (Stripe), learning management systems (Kajabi), email platforms, analytics tools, and customer support systems.

    9. Data Breach Notification

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

    • Notify the relevant supervisory authority within 72 hours where required
    • Communicate the breach to affected individuals without undue delay if there is a high risk
    • Document the breach and remedial actions taken

    10. Complaints

    If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with a supervisory authority.

    For EU residents, you may contact your local Data Protection Authority. A list of EEA supervisory authorities is available at:

    https://edpb.europa.eu/about-edpb/about-edpb/members_en

    11. Changes to This Page

    We may update this GDPR Compliance page from time to time. Updates will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.

    12. Contact Information

    For any questions about this page, your data subject rights, or to submit a data subject request, please contact:

    Harzel, Inc. t/a Stock Market College

    651 N Broad St, Suite 201

    Middletown, DE 19709

    United States of America

    📧 support@stockmarketcollege.com

    📞 +27 82 908 3332

    Data Protection Enquiries: support@stockmarketcollege.com

    🔥 LIMITED TIME OFFERJoin a global community of traders — Click here to claim your FREE Trading Platform Course (Match-Trader Edition).

    We value your privacy

    We use cookies to enhance your browsing experience, analyse site traffic, and personalise content. By clicking "Accept All", you consent to our use of cookies. Read our Cookie Policy for more information.