There is several level to this.

Due to the fact that the company is based outside of eu. There will always be a third country transfer involved. For every eu company using the service will need to do their own risk assessment what information their customers send in the service.

What Ezycourse need to do in their privacy document is to state all suppliers and what type of data processing they do and where.

It’s good if Ezycourse also state what type of data they store and what they need it for and what suppliers have access to what data. also to be remembered is “free text” data and video by who is that data handled. So they don’t have a supplier that uses ezycourse customer data and train an AI on that data or something else.

Also try to have EU hosting for EU customers, and If you are of a certain size or revenue you need to assign a data protection officer that is a resident of an eu country.

I there is probably more but this is a start.

That´s highly needed. For european usage the cookie banner is not compliant.

Need a better cookie banner as well to accept or decline