1.1 Thank you for visiting our website https://info.learningkey.app (“website” includes any mobile or other applications giving you access to websites).
1.5. Please note that we may disclose individuals’ information to trusted third parties for the purposes set out and explained in this document. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with EU laws on data protection.
1.6. We are not responsible for the content or the privacy policies for any websites that we provide external links to.
2. Data Controller.
2.1. Data protection provides rights to individuals with regard to the use of their personal data by organisations, including LearningKey. EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of personal data.
2.2. Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.
2.3. The data protection rules that apply to us are the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”) and any national laws implementing the GDPR.
2.4. “Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.
3. Types of Information Collected.
3.1. We collect two types of information:
3.1.1. “Personal data” means any information relating to an identified or identifiable natural person.
220.127.116.11. Information that you provide to us via our website when expressing an interest in obtaining additional information about our service, registering to use our service or registering for an event, such as name, company name, email address, phone number, and other contact details.
18.104.22.168. Information that you provide to us when applying for a job with our company such as a resume or cover letter containing other details about your employment history.
22.214.171.124. Information that we may receive from a third party (such as LinkedIn or a recruiter) if you apply for a job with us. This will include your name, contact details and any information contained in a resume such as employment history.
126.96.36.199. Information about your location when you access the website.
3.2. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3.2.1. “Non-personal data”. Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you.
4. Technical Information we collect when you visit our Website.
4.2. Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. A cookie contains your contact information and information to allow us to identify your computer when you travel around our site for the purpose of helping you accomplish your purpose. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies and how to have the browser notify you when you receive a new cookie.
4.4. A number of cookies and similar technologies we use last only for the duration of your web session and expire when you close your browser or exit the website. Others are used to remember you when you return to the website and will last for longer.
4.5. We use these cookies and other technologies on the basis that they are necessary for the performance of a service to you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.
4.6. We use the following types of cookies:
4.6.1. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, session cookies needed to manage the user session on the website.
4.6.2. Analytical/performance cookies. These cookies allow us to count the number of visitors and the traffic sources so we can see how visitors move around our website when they are using it. This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.
4.6.3. Functionality cookies. These are used to recognise you when you return to our website. This enables us, subject to your choices and preferences, to personalise the currency on the Pricing page to your location and to remember your preferences such as choice of language and region.
4.6.4. Targeting/Advertising cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. They gather information about your browsing habits and remember that you have visited a website. We or our service providers may use this information to make advertisements more relevant to you.
4.6.5. We may also work with advertising networks that gather information about the content on our website you visit and on information on other websites and services you visit. This may result in you seeing our advertisements when you visit other websites and services of third parties.
4.7. The effect of disabling cookies depends on which cookies you disable but, in general, the website may not operate properly if all cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our website. If you want to disable cookies on our site, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are found on the following links:
For Microsoft Internet Explorer:
For Mozilla Firefox:
For Opera 6.0 and further:
You can find more information about the individual cookies we use and the purposes for which we use them here:
4.8. Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting our site:
a) The logical address of the server you are using.
b) The date and time you access our site.
c) The pages you have accessed and the documents downloaded.
d) The previous Internet address from which you linked directly to our site.
e) Some of the search criteria you are using.
5. How we may use this Technical Information.
5.1. Aggregate cookie and tracking information may be shared with third parties.
5.2. The technical information is used to allow us to improve the information we are supplying to our users, to find out how many people
are visiting our sites and for statistical purposes.
5.3. Some of the above information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.
5.4. We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “personal data” within the meaning of the GDPR.
6. Use of Information Collected.
6.1. We collect and use your information for the following purposes:
6.1.1. To perform the services requested, for example, if you fill out the “How can we help you?” Web form, we will use the information provided to contact you about your request. This data processing is necessary to provide or fulfil a service requested by or for you, which is in our legitimate business interest.
6.1.2. To perform marketing purposes, for example, we may use information you provide to contact you to further discuss your interest in the service and to send you information regarding the company such as our products, services, or events. This data processing for marketing purposes is a legitimate business interest.
6.1.3. To operate and improve our Website, for example, we may analyse and process information for the purpose of improving the customer experience, which is in our legitimate business interest.
6.1.4. Information collected may include your browser type and
language, or the city or region or country from which you accessed the Website, as well as the ways you interact with the Website, such as pages visited, time spent on pages, the number of clicks and the domain names. We may use third-party analytic providers and technologies, including cookies and similar tools, to assist. We process this information given our legitimate business interest to improve the LearningKey Website and our customer’s experience with it.
6.1.5. To assess your suitability for a role at LearningKey and invite you to interview, which is in our legitimate interests in relation to the business management of LearningKey.
7. Data Retention.
7.1. The length of time for which we retain your personal data depends on the type of personal data and the purposes for which we are processing it. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like more information about our retention periods, please contact us at firstname.lastname@example.org
8.1. Where we are relying upon your consent for the processing of your personal data, you may withdraw consent without detriment at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of personal data relating to you. If you have any queries relating to withdrawing your consent please contact LearningKey’s data protection manager using the contact details set out below.
8.2. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
9. What are the Data Protection Rules?
9.1. The eight data protection rules (also known as the data protection principles) that apply to our organisation are that:-
9.1.1. We must process personal data fairly, lawfully and transparently. This obligation includes that we must have a valid legal basis for our processing of personal data (whether the consent of the person, or that the processing is necessary for our legitimate interests (as long as these interests do not outweigh the rights of data subjects) or some other legal basis set out under the DPAs or (when applicable) the GDPR). It also means that we must be transparent with individuals about our processing of their personal data.
9.1.2. We can only collect personal data for specified, identified and legitimate purposes.
9.1.3. We can only then process the personal data that we have collected for the purposes which we have identified or for purposes that are compatible with the purposes that we have identified.
9.1.4. The personal data that we collect and process must be adequate, relevant and limited to what is necessary for the purposes.
9.1.5. The personal data that we collect and process must be accurate and (where necessary) kept up to-date.
9.1.6. We must not keep personal data any longer than is necessary, bearing the purpose for which we collected it. This includes that we should keep personal data in a form which permits identification of the data subject for no longer than is necessary.
9.1.7. We must keep personal data safe and secure from unauthorised access, deletion, disclosure or other unauthorised uses. This includes not just keeping data safe and secure from persons outside our organisation, but also from people within our organisation who have no need to access or use the personal data. We must also be careful when transferring personal data outside the European Economic Area (“EEA”, being the EU plus Norway, Liechtenstein and Iceland), and make sure that we have a valid legal basis on which to transfer that data. Transfer can include using a cloud server that is located outside the EU or allowing people who are located outside the EEA access to personal data that is stored within the EEA.
9.1.8. We must comply with data subjects’ rights of information about, and (separately) access to, their personal data and with their other data protection rights, including rights to correct or erase their personal data, rights “to be forgotten”, rights to object to processing (including profiling), rights against automated decision-making and (under the GDPR) rights to data portability.
10. Security of your Personal Data.
10.1. We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
10.2. We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself. In addition, we have appropriate written agreements in place with all of our data processors.
10.3. We maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
10.3.1. Confidentiality means that only people who are authorised to use the data can access it.
10.3.2. Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
10.3.3. Availability means that authorised users should be able to access the data if they need it for authorised purposes.
10.4. We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. LearningKey uses third party vendors and hosting partners to provide the necessary hardware, software networking, storage, and related technology required to run. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques.
11. International Transfers.
11.1 When we transfer your personal data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
11.2 We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
11.3 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
11.4 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
11.5 Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
12. Will we share your Information with anyone else?
12.1. We may disclose your information to trusted third parties for the purposes set out in Section 4. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with EU laws on data protection. Any such company or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.
12.2. Specifically, we need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection.
12.3. We use the following categories of data processors in the course of our business:
12.5. We may pass on your details if we are under a duty to disclose or share a data subject’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or personal data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.
12.7. We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the data protection rules, and that we have in fact complied with the rules. We do this, among other ways, by our written policies and procedures, by building data protection compliance into our systems and business rules, by internally monitoring our data protection compliance and keeping it under review, and by taking action if our employees or contractors fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.
13.1. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. At the point at which you provide us with your personal data you will be asked whether you wish to receive any marketing communications from us.
13.2. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
13.3. We will not share your personal data with any third party for marketing purposes.
13.4. You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by sending us an email to email@example.com
14. Sale of Business.
15. Your Data Protection Rights.
15.1. Under certain circumstances, by law you have the right to:
15.1.1. Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
15.1.2. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
15.1.3. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
15.1.4. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
15.1.5. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
15.1.6. Not be subjected to automated decision-making including profiling, which is not to be subject of any automated decision-making by us using your personal information or profiling of you.
15.1.7. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
15.1.8. Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
16. Requests by Data Subjects to exercise their rights.
16.1. We have appointed a data protection manager to monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the data protection manager.
16.2. Data subjects can make a request for personal data we hold about them or otherwise to exercise their data protections rights by contacting our data protection manager who will respond to the request within 30 days.