Learning Technologies Group Plc. its subsidiaries, and its associated businesses (“LTG”, “we” or “us”) are committed to protecting and respecting your privacy. The Learning Technology Group companies includes the following entities: LEO Learning, LEO GRC, Preloaded, Affirmity, Gomo Learning, Rustici Software [including SCORM Cloud, and Rustici Managed Hosted products (Rustici Engine, Content Controller)], PeopleFluent, Watershed, VectorVMS, Breezy, Instilled, Open LMS, and GetBridge. We provide this privacy notice (“Privacy Notice”) to explain how we collect, use and disclose certain personal information online via our group websites, and our SaaS or Subscription Services (as listed below, collectively referred to as “Sites”).
This policy sets out the basis on which personal data is collected from you either through our Sites or our Subscription Services (collectively “our Sites”). Please read the policy carefully to understand our practices regarding our collection and use of your personal information and how it will be treated.
If you have any questions regarding our privacy practices or this Privacy Notice, please contact us using the contact details given below.
Who are “You”?
This Privacy Notice describes how we use “your” information. To understand which of our uses of information are actually applicable to you and your information see the following useful definitions.
You may be a(n):
Customer – an entity, or person representing an entity that has an agreement in place with LTG or one of its subsidiaries under which we provide you with SaaS or Subscription Services, or is visiting our Site to purchase SaaS or Subscription Services via an online payment system.
End-User – a person with a user account to one of our Customer’s instances of our SaaS or Subscription Services. For example, you may be a user of your workplace or educational institution’s Learning Management System, of which we are the provider. Or you may be an applicant to your employer or prospective employers recruitment system, of which we are the provider.
Visitor – a person who is visiting our website, or has expressed an interest in our products or services by filling in a contact form or sign-up sheet in relation to an event or webinar, or has had conversations about our products with our sales team and provided them with your details.
Please select the correct option based on the above definitions to access the information applicable to you and your information.
Our Agreement with you is the best source of information on which personal data we process for you and how we use and protect that personal data. We encourage you to familiarize yourself with the terms of our agreement and reach out to your account manager if you have any questions.
If you make a purchase via one of our Sites, or by clicking the “Pay by Debit or Credit Card” link in one of our emails or invoices (“Online Payments”), this section shall apply.
We have been provided with your information, and handle your information subject to an agreement with one of our clients. Our client may be your employer (or an affiliate of your employer), a prospective employer to whom you have submitted a job application or resume, your educational institution, or another company which has either given you or asked you to sign up for an account with one of our Sites. Our client acts as ‘data controller’ for your information, and we act as ‘data processor’. This means that we do not determine how we collect or use your data. Our client determines how we collect or use your data, and provides us with instructions on what to do with it in our agreement with them. We only collect and use your data in accordance with the agreement between us and our client. Further to this,
Our client is responsible for the management of your account on our Site. If you have any questions or concerns regarding our use or collection of your data, or if you wish to make a request to exercise your rights as a data subject or a consumer (as explained below), please reach out to our client as they are best placed to assist you.
How do we collect your Information?
Your information will either have been provided to us by our client if they have set your account up for you, or provided to us by you where our client has invited you to set up an account or submit information such as a resume.
Which Types of Information do We Collect?
This depends upon which of our Sites you are using, and how our client is using our Site to collect your information. Broadly, the types of data we collect may include:
- Account details (username, password, log-in data, profile data)
- Contact details (name, work/institution phone or email, personal phone or email (for recruitment Sites only))
- Education or Training related data (for LMS Sites only) (course enrollment, course completion, course information, quiz scores, results, class/training schedules, and other training related information determined by our client)
- Employment and performance related data (for workforce management, and D&I Sites) (job roles or descriptions, performance reviews, length of service, feedback, job title, division, development goals or plans, performance plans, salary data).
- Recruitment related data (for Recruitment sites only) (home address, qualifications, work history, resume/CV data, job application data)
If you require more information about which of your information we use, please contact our client as they can advise you on which of your information they have used our Site to collect.
How Do We Use Your Information?
We only use your information to provide our services to our client in accordance with the agreement between us and our client. Our services to our client include the routine activities of providing cloud based services such as hosting, support, and maintenance. The majority of the time we have no need to access any individual’s information to provide these Services. There are only certain scenarios in which we would ever need to access your information. These scenarios largely are based around providing technical support to your or our client, in which case we may need to access your information to identify or resolve a technical issue. We will only ever access your information to the extent required, and with the permission of our client.
For more information about how we or our client use your information, please contact our client as they are best placed to provide you with this information.
Where We Store Your Information and for How Long
All of your information is stored on secure servers, with layers of security to keep your information protected. The location of the server on which your information is stored depends on which of our Sites you are using, and also on what we have agreed with our client. The length of time for which we store your information is also determined by our agreement with our client. Our client as the ‘data controller’ is responsible for determining both of these things.
For more information about where and for how long we store your information, please contact our client as they are best placed to provide you with this information.
How Do We Collect Your Information?
You directly provide us with the data that we collect. We collect data and process data when you:
- Complete a form on our website or via online advertising;
- Provide us with your personal data at an event;
- Sign up to a newsletter, contest, webinar, event, or other service;
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our Sites or via email.
- Use or view our website via your browser’s cookies.
Data collected via online forms will advise which fields are mandatory and which are optional.
Which Types of Information do We Collect?
The types of information we may collect through our Sites includes:
- Contact Details (e.g. name, address, email address, phone and fax numbers, institution, title or job position),
- Your interest in LTG’s (or its subsidiaries’) products or services;
- Information about your interest in newsletters, webinars, events, or other services that we provide (solely or jointly with others); and
- Any other data you provide.
How Do We Use Your Information?
We use information in the following ways:
- To provide you with information via post, email or phone about products or services you requested or we feel may interest you;
- To manage any query you have raised;
- To allow you to participate in interactive features of our services, when you choose to do so;
- To administrate our newsletters, surveys, and contests;
- To arrange and manage events and webinars;
- To administer our Site, and for internal operations (including troubleshooting, data analysis, testing, research, statistical purposes, and as part of our efforts to maintain the safety and security of our Sites)
Once we receive your information, it is subject to strict security measures in accordance with applicable law. We may transfer personal information to companies that help us to provide our Services and that we believe offer a secure solution that improves our Service delivery. We may also transfer personal data to our affiliates and partners.
If you are a system user of one of our customers and have questions regarding the processing of your personal information, please contact our respective customer directly as they control the handling of your data.
Cookies and Other Tracking Technologies
Types of Cookies
Purposes of Cookie use
We use preference cookies to collect information about your choices and preferences, and to allow us to remember language or other local settings and customize our site accordingly.
We also use analytics cookies to collect information about your use of our site, and to enable us to improve the way our site works. For example, analytics cookies show us which are the most frequently visited pages on our site, help us record any difficulties you have with our site, and show us whether our advertising is effective or not. This allows us to see the overall patterns of usage on our site, rather than the usage of a single person. We use the information to analyse the site traffic, but we do not examine this information for individually identifying information.
We use Remarketing with Google Analytics to advertise online. Third party vendors, including Google, may show our ads on sites across the internet.
We, and third party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website. Remarketing cookies used by us expire after 30 days. To opt out of Remarketing or to control your ad preferences, please click here.
Most web browsers have a “help” menu where you can review how to prevent your browser from accepting new cookies, how to have your browser alert you when you receive a new cookie or how to fully disable cookies on your browser. You can learn more about cookies at sites like www.aboutcookies.org. If you use your browser settings to block all cookies, you may not be able to access all or parts of our site.
Third Party Cookie providers
In addition to the cookies that we own, we may also use third-parties cookies on our Sites for the purposes detailed above.
As the owners of these cookies, you are entitled to information from these third parties regarding their privacy and security policies, and on how to opt-out from their cookies. You can find more information on our third party cookie providers below:
What are your choices regarding cookies?
Necessary cookies, which are required for the core functionality of the website, are enabled by default automatically when you access the Site.
For all other categories of cookies used, which are not necessary for the site to operate, you can expressly consent on their use by clicking “accept” on the cookie banner which is set on the Site. If you do not wish to consent to the use of these cookies, you can opt out by returning to the Site and changing your cookie settings.
Additionally you can also decide whether or not to accept cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can also delete all cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.
We understand that the security of any data we collect is of great importance. We therefore make sure it is well protected. We have appropriate physical, electronic, and managerial procedures to safeguard and secure the personal information we process. We follow generally accepted industry standards to protect personal information submitted to us both during transmission and once received. While we strive to protect your personal information, we cannot guarantee its absolute security and any transmission of personal information is therefore at your own risk.
If you are a Customer, and you require more information regarding our security measures, please refer to our agreement. If you are an End-User, please reach out to our client who controls your account. If you are a Visitor, please contact us using the methods detailed below for more information.
Disclosure of Your Information
Personal information may be disclosed to our ultimate holding company and its direct and indirect subsidiaries. Our employees are responsible for the internal security of confidential or proprietary information, and are only given access in accordance with the principal of least privilege, meaning they are only given access to your information when necessary and to the extent necessary for our operations to continue. Employees receive regular data protection and cyber security training, and are subject to LTG’s data protection and security policies. Employees who violate the data protection and security policies are subject to disciplinary action including, but not limited to termination.
Our general policy is not to disclose your personal information to any third-party without your prior consent. However, we may disclose your personal information to third parties in the following scenarios:
- We may use third-party vendors and hosting partners to provide the necessary hardware, software, networking, and other technology and services required to operate and maintain our Sites. As part of this, we may be required to transfer some of your personal information to these vendors and partners. Where we use third-party service providers, we choose vendors that enhance our services or practices and follow any legal requirements that apply to securing your data.
- If we sell or buy any business or assets in which case your personal information may be disclosed to the prospective seller or buyer.
- If we, or substantially all of our assets, are acquired by a third party, personal information held by us will be transferred as assets.
- We also reserve the right to disclose your personal data as required by law or in the good faith that disclosure is necessary to protect our rights. This may include exchanging information with other organizations for the purposes of fraud protection and credit risk reduction.
We do not share, sell, rent, or trade personal information with third parties for their promotional or other purposes. If this practice should change, we will update this policy to identify how individuals can opt-out.
Please see the sections below for further information about your rights in accordance with applicable law.
GDPR and the Data Protection Act 2018 for EU/UK Residents
The General Data Protection Regulation (GDPR) is a regulation in the European Union (EU) and EEA on data protection and privacy and is applicable to all EEA residents. The Data Protection Act 2018 is the UK’s enactment of the GDPR, and applicable to all UK residents. You have the right to contact your local data protection authority and can request details of how to do this by contacting us at email@example.com.
Legal basis for processing your personal data
We process your personal data on the following legal bases:
Data Subject Rights – EU and UK residents
As a EU or UK data subject, being a person resident in the EEA or UK, you are entitled to the following rights in regard to your personal data:
The right to access – You have the right to request that we provide you with copies of your personal data which we hold on record. In some scenarios, as permitted by law, we may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information we have on record that you believe is inaccurate. You also have the right to request that we complete any information we have on record that you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
You can verify whether we hold any of your personal data, or make a data subject request by submitting a request via the Data Subject Request Form. We may need to verify your identity before we are able to respond to the inquiry.
Authorized Representative EEA
All LTG subsidiaries based outside of the EEA have, to the extent that the GDPR is applicable with regard to any data processing performed, appointed Learning Technologies Group GmbH to act as their designated representative within the EEA.
Name: Learning Technologies Group GmbH
Address: Dieningholt 9, 59387 Ascheberg
Authorized Representative UK
All LTG subsidiaries based outside of the UK have, to the extent that the Data Protection Act 2018 is applicable with regard to any data processing performed, appointed Learning Technologies Group (UK) Limited to act as their designated representative within the UK.
Name: Learning Technologies Group (UK) Limited
Address: Projects The Lanes, Nile House, Nile Street, Brighton, East Sussex BN1 1HW.
Privacy Shield – For EU, UK and Swiss Individuals Whose Data is Transferred Into The US
As applicable, we comply with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal information from Switzerland and European Union member countries (including Iceland, Liechtenstein, and Norway). We have certified to adhere to the Privacy Shield Principles with respect to such data. If any conflict shall arise, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification page, please visit https://www.privacyshield.gov/.
Pursuant to the Privacy Shield Principles, we are obligated to inform EU, UK, and Swiss individuals whose data is transferred to the United States that we may be required to release that information in response to lawful requests by public authorities including to meet national security and law enforcement requirements. We remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage with process the personal data in a manner inconsistent with the Privacy Shield Principles, unless we can prove we are not responsible for the event giving rise to the damage.
We are committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred to the EU and Switzerland in the context of the employment relationship. EU individuals with HR complaints should refer to https://edpb.europa.eu/about-edpb/board/members_en for the list of Data Protection Authorities.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive a timely acknowledgement of your complaint or if it is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers to file a complaint. Under limited circumstances, if your complaint is not resolved through these channels, a binding arbitration option may be available before a Privacy Shield Panel. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
You may correct or amend incorrect data or request deletion of personal information that has been processed in violation of the Privacy Shield Principles. To seek access to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, please complete this Data Subject Request Form. We will respond to the inquiry within 30 days.
Individuals with general Privacy Shield inquiries or complaints should contact us via the methods detailed below under the heading “Exercising Your Rights”.
The California Consumer Privacy Act (CCPA) is a law in the State of California on data protection and privacy and is applicable to all California residents.
Notice of collection and processing activities
Under the CCPA, you are entitled to certain information so that you are informed about how we collect your data, and how and why we use that data after collection. We encourage you to read this policy in full to get the clearest understanding, but we have summarized this information here:
Consumer Rights – California residents
As a Consumer, being a person resident in California, you are entitled to the following rights regarding your personal data:
Right to Opt-out – You have the right to opt out of an organization selling your information to third parties. We do not sell information to third parties at this time, but should this change we would update this policy to provide further information on our practices and the exercising of this right.
Right of notice – You have the right to be notified of which personal data we are collecting from you, the reasons why, and how it would be used. This policy provides you with this information.
Right of Disclosure – You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
Right of Deletion – You have the right to request that we delete any personal information we have collected from you in the last 12 months, in certain circumstances.
Right to Equal Services and Prices – You have the right to exercise your rights under the CCPA free of discrimination, and we will never deny you goods or services, charge you a different price, provide you with a different level or quality of goods or services based on your exercising your rights to your data.
You may only make a request to exercise your rights of disclosure within a twelve (12) month period.
In accordance with the Children’s Online Privacy Protection Act (“COPPA”) and the GDPR, our Sites are not intended for use by children. We do not knowingly request, solicit, access, or receive personally identifiable information from anyone under the age of 13 and 16 respectively.
Where we are aware of any personal information submitted through our Sites belonging to a child, we will delete this data from our records.
Exercising your Rights
To exercise your rights under the GDPR, the Data Protection Act 2018, or the CCPA, you may make a request via the Data Subject Request Form, or by calling +44(0) 20 7832 3440.
To enable us to process your request, we may require you to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Please note that we would be unable to respond to your request, or provide you with any personal data if we are unable to verify your identity or authority to make the request and confirm the personal information relates to you.
We endeavor to respond to a request within thirty (30) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive or onerous, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Third Party Websites
Our Sites may contain links to and from websites of our partner networks, clients, and/or affiliates. Please note that these websites are subject to their own privacy policies and we do not accept any liability for these sites and policies. Please check these policies before you submit any personal data to these websites.
Corporate and Contact Details
Our global privacy team act as our main point of contact for all privacy matters. You can contact them by submitting a request via Data Subject Access Form, or by calling +44(0) 20 7832 3440.
firstname.lastname@example.org, or at:
Learning Technologies Group Plc
15 Fetter Lane
Attention: Privacy Team
London, UK EC4A 1BW
Phone: +44(0) 20 7832 3440
Changes to this Privacy Notice
We reserve the right to modify this Privacy Notice at any time, so review it frequently. If material changes are made, it will be reposted and made available from our homepage so you are aware of what personal information we collect, how we use it, and under what circumstances (if any) we disclose it.