Learnerbly's Privacy Notice
Learnerbly's Privacy Notice

Learnerbly's Privacy Notice

📅
Last updated on 06/06/23

Learnerbly is the workplace learning platform that inspires people to learn and grow at over 100 of the world’s most progressive businesses. We curate content from 250+ of the best providers connecting employees to what they want to learn based on how they like to learn (books, coaching, courses, conferences, e-learning and more). Through the use of personal learning budgets, we democratise access to learning, unleash potential and transform learners into the people they want to be.

📮 Our contact details

Address: 30 Old Bailey, London, EC4M 7AU, United Kingdom

❓ What is this all about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you use our services.

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋", as well as the various stops it makes along the way.

👇 The different ways we process personal data

When your company starts working with us
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

To create the initial customer account and proceed to payment, we'll need some information, such as the name of our contact at the company, company name, email address, job title and country and we rely on Article 6(1)(b) of the GDPR - Contractual obligation when doing so.

In order to process payments from your company, we will need the details of our contact at your company, their name and company address and we rely on Article 6(1)(b) of the GDPR - Contractual obligation for processing this data.

Your company will be providing us with some data in order to sign you up on our platform. This will include your name, company email address, department, managerial relationship, country of residence and rely on Article 6(1)(f) of the GDPR - Legitimate Interests when doing so.

🗺️ Where do we store it?

Company contracts are stored on PandaDoc, which store data in the US. You can visit their privacy notice here. We also use Chargebee as our billing software. They store data in the EU and you can find out more about them here.

To create your account we use a customer data platform called Segment, which stores data in the US and you can find our more about them here.

When creating your account on our platform, sometimes our customers ask that these are created automatically, and thus Learnerbly will export data from software such as:

  • Okta - you can find their privacy policy here.
  • Workday - you can visit their privacy notice here.
  • Hibob - you can visit their privacy notice here.
  • CharlieHR - you can visit their privacy notice here.

⏲️ How long do we keep it for?

We will keep your user account details for the duration of your account with us and for 12 months after, in line with our business needs. We will keep details of your company’s account with us for 7 years after they stopped working with us, in line with the statutory maximum period within which contractual disputes might occur.

When we communicate with our clients
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

To communicate with our customers, we'll need information from contacts at our customers’ companies such as their name, company, role, account details, country of residence and we rely on Article 6(1)(f) of the GDPR - Legitimate Interests when doing so.

🗺️ Where do we store it?

To communicate with our customers we use Hubspot, which is our customer relationship management (CRM) platform. Hubspot will store data in the US and you can find out more about them here.

Customer details will also be stored in Google Drive in servers based in the EU. You can find out more about the way in which Google processes personal data, here.

To ensure we manage our customer relationships successfully, we use some business intelligence tools, one of which is QuickSight. This is part of the AWS platform, and you can visit their privacy notice here.

We also use a user analytics platform called Mixpanel which is hosted in the UK and you can read their privacy policy here.

⏲️ How long do we keep it for?

We keep the personal data mentioned for the duration of your account with us and for 12 months after you left us, in line with our business needs.

While you use our platform
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

While you use our platform, we'll collect information about you, such as your learning preferences and goals, learning resources and your reviews of them, your playlists and any other information you may wish to add to your profile and we rely on Article 6(1)(f) of the GDPR - Legitimate Interests when doing so.

We need to share aggregated reports with our clients, which will include your name, group, request information, resources purchased and the dates when these were purchased and do so under Article 6(1)(f) of the GDPR - Legitimate Interests.

🗺️ Where do we store it?

Our platform app is hosted on AWS servers based in Ireland. To find out more about AWS, you can visit their privacy notice here.

We also may use Iterable, which is also a customer relations management tool hosted in the US. You can read their privacy policy here.

To provide customer support, we use a customer communication platform called Intercom, which is hosted in the US. You can read their privacy policy here.

Reports will be provided to our clients using Google Sheets. Google stores data in servers located in the EU and you can find out more about them, here.

⏲️ How long do we keep it for?

We will keep the personal data mentioned for the duration of your account with us and for 12 months after you left us, in line with our business needs. Reports shared with our clients are deleted after they have been sent to the client.

When you order learning resources
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you use our app to order learning resources, we'll need some information about you, such as your name, email address, delivery address, telephone number and resource purchased. We will also have access to the amount paid for learning resources. For some resources we may collect additional information such as dietary requirements, depending on the request. We rely on Article 6(1)(f) of the GDPR - Legitimate Interests when doing so.

🗺️ Where do we store it?

We will need to share information about your orders with different suppliers in order to deliver the order to you; this will depend on the supplier you have chosen to purchase the resource from.

We also store information about orders on Google Drive on servers located in the EU. You can find out more about how Google processes data, here.

To ensure we manage our order process successfully, we might use some other platforms such as QuickSight and Notion. QuickSight is part of the AWS platform, and you can visit their privacy notice here. You can read Notion’s privacy policy here.

We use Stripe and Revolut to process user orders. You can read more about Stripe here and you can read the Revolut privacy policy here.

⏲️ How long do we keep it for?

We keep a record of your orders for 7 years after you have left us, in line with the statutory maximum period within which contractual disputes might occur.

When we raise awareness of our business
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

We take steps to raise awareness of and grow our business and we achieve this through various growth strategies. Sometimes we need to process names, email addresses and company size for lead generation purposes. We rely on Article 6(1)(f) of the GDPR - Legitimate Interests for this processing.

🗺️ Where do we store it?

To grow and expand our business we have partnered with various lead generation platforms, such as:

  • Happierleads - which will be storing data on servers located in London and you can find out more about them here.
  • Optinmonster - will be storing data on servers located in the US and you can find out more about them here.
  • Expandi - will be storing data on servers located in Europe and you can find out more about them here.

⏲️ How long do we keep it for?

We will retain this information for the duration of each growth campaign and remove it 6 months afterwards, in line with out business needs.

When you visit our website

Our website uses cookies and other similar technologies of which you should be aware.

🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?
💡
Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.

Below is a list of the cookies we use and the purposes for which they are used:

Essential cookies
💡
These are essential to the operation of our website and are integral to the functioning of our Website, therefore they cannot be removed.
Non-essential cookies
💡
These cookies are additional to the the performance of our Website and help us improve the service we provide to you.
Analytical cookies

These are third party cookies that enable us to monitor and analyse how visitors use our website and generate statistics based on them.

These cookies can be set by Google Analytics. Google Analytics is a web analysis service provided by Google Inc. (“Google”) which uses the Data collected to track and examine the use of our Website, prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.

Personal Data processed: Cookies and Usage Data.

Place of processing: United States – Privacy Policy.

You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses:

A full list of our current processors we use can be found here
  • Google (https://cloud.google.com/terms/data-processing-addendum/), a provider for web analytics, cloud and communications services (ie. contacting the Client's employee about a variant in the resource vie email, sending across monthly invoices and available balance), based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • AWS, Amazon (https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/) a provider of web analytics, cloud-based hosting and communications services based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Hubspot (https://legal.hubspot.com/privacy-policy/), a provider of software products for internal communications, sales and marketing based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Intercom (https://www.intercom.com/legal/privacy) a provider of communications and customer success purposes, allowing the Client's employees to directly reach out to our support team (the communications are redirected to their work email address and they receive documentation about Learnerbly such as a welcome newsletter, notifications about new partners, resources, playlists, events and updates through this platform) based in Ireland.
  • Zapier (https://zapier.com/help/account/data-management/zapiers-data-processing-addendum), a provider of integrations services based in the US as set forth by the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Slack (https://slack.com/intl/en-gb/trust/privacy/privacy-policy), a provider of internal communications platform based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Typeform (https://admin.typeform.com/to/dwk6gt) a provider of online software as a service specialised in online form building and online surveys whose servers are based in the US and who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Iterable (https://iterable.com/trust/gdpr-commitment/) a provider of growth marketing service based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commissionpursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Notion (https://www.notion.so/GDPR-c8eac6ea83a64fb1a3ea3bcd5c3d4951) a provider of a note-taking and collaboration application with markdown support that also integrates tasks, wikis, and databases services based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Segment (https://segment.com/legal/data-protection-addendum/) an application program interface which collects, standardises and distributes data to Learnerbly's other sub-processors who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Mixpanel (https://mixpanel.com/legal/dpa/) a data analysis tool who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Airtable (https://airtable.com/privacy) a data storage/analysis tool based in the US who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Merge (https://merge.dev/privacy-policy/) a data transfer application tool, based in the US, which facilitates the transfer of data between Learnerbly and its Clients, who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Snowflake (https://www.snowflake.com/privacy-policy/) a data storage tool, based in the US, which facilitates the transfer and storage of data who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • FiveTran (https://www.fivetran.com/legal/privacy) a data analytics tool, based in the US, which facilitates the display of data who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.
  • Algolia (https://www.algolia.com/policies/privacy/) a search tool, based in the US, which facilitates the display of data who have declared compliance with the Standard Contractual Clauses, as approved by the European Commission pursuant to Regulation (EU) 2016/679, covering the collection, use and retention of personal data transferred from the UK/EU.

📜 What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

📮 The right to be informed

You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.

🗝️ The right of access

You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).

The right to object

You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

📝 The right to rectification

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

🧽 The right to erasure

You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).

🚫 The right to restrict processing

You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

✈️ The right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to dataprotection@learnerbly.com if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

💔 How you can complain

If you have any concerns about our use of your personal information, please let us know by:

💡
💡
Writing to us at 30 Old Bailey, London, EC4M 7AU, United Kingdom

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

💡
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.
💡

icon
Powered By Trust Keith
Learnerbly Employee Privacy Notice
Learnerbly Employee Privacy Notice