Last updated and effective: July 2020
The Elucidat Group is made up of the following legal entities:
- Elucidat Inc. (CRN: 1887634) of 8601 Six Forks Road, Suite 400, Raleigh, NC 27615, USA; and
- Elucidat Ltd (CRN: 08526821) of 22-23 Kensington Street, Brighton, England BN1 4AJ.
Please do not submit anyone else’s personal information to us unless you have their express consent to do this. We will assume that you do if you submit another’s personal information to us.
If you have any questions, comments or requests regarding your personal information, please email firstname.lastname@example.org or get in touch via our Contact Us page.
Who is responsible for the processing of your personal data?
The data controller responsible for the processing of your personal data depends on which Elucidat company you are interacting with. Elucidat Inc. and Elucidat Ltd may act as joint data controllers in respect of processing your personal data. As joint controllers, both Elucidat Inc. and Elucidat Ltd will decide the purpose jointly and/or the means for which your personal data is processed. Elucidat Inc. has control over the sales and marketing activity in the U.S. and decides the purpose and means for how the personal data related to such activity in the U.S. is processed. Subject to the foregoing, Elucidat Ltd as controller (or joint controller), acts as the primary point of contact on behalf of the Elucidat Group.
If you would wish to find out more, please get in touch.
What data do we collect?
We collect the following information:
1. Personal information you provide directly to us:
- When we communicate with each other (your name, email address, telephone number and the content of our communications, which may reveal other personal information to the extent you optionally volunteer such information);
- When you sign up to Elucidat’s services (your name, email address, postal address, telephone number, work position, and transaction details);
- When you complete or personalize your Elucidat profile (your name, profile picture/likeness, gender, work position);
- When you subscribe to email notifications and/or newsletters (your name and email address);
- When you create elearning course content (any content you upload to Elucidat such as text, imagery and videos to the extent it may include personal information); and
- Other information that you choose to send to us (to the extent it may include personal information).
2. Data we derive through your use of the Elucidat learning platform or our websites:
- General user information about your computer and your visits (including your IP address, location, browser, operating system, referral source, length of visit and the pages you visit). This information can be facilitated by cookies and other website analytics (see our Cookies policy and tracking information below);
- Specific learner information about use of some public and private elearning courses hosted on Elucidat (including pages accessed, answers to questions, and overall results of courses). Usually this information is anonymised except for ‘Self sign-in’ courses requiring name and email address, or elearning files, which send a ‘learner_id’, name and on occasions and email address to us; and
- Other information that may be generated when you use Elucidat (such as performance in a course, completion of a course and other elearning details).
3. Information we receive from other sources:
How we use your personal information and legal grounds
- To manage our relationship with you and to comply with our contractual obligations;
- To administer our services, our website and our business;
- To enable use of the Elucidat learning platform and other requested services;
- To enable you to edit, publish and manage your courses if you are a user of our learning platform;
- To help learners access their courses, restore progress, and personalize their experiences;
- To respond to your requests to us and communicate with you about them, including technical support requests;
- To ensure the continuity of our services, e.g., to back up a user’s courses;
- To send invoices, reports, statements, payment reminders and collect payments;
- To deal with any inquiries, questions or complaints regarding our services; and
- To provide requested information to you;
- To send you email notifications or newsletters that you have specifically requested;
- To help keep our systems and services secure and prevent fraud;
- To send you other necessary information about our services and our relationship;
- To understand how our users are using our services, to help us improve and develop, maintain and protect our services; and
- To market our products and services, offers and events we think may be of interest to you in a business context (you can opt-out at any time by emailing email@example.com or by clicking on the unsubscribe link in individual emails). Please note that opting out from marketing communications does not preclude us from contacting you by email on transactional matters related to your account or services.
- To improve our Site and ensure that content is presented in the most effective manner for you and for your device(s);
- To perform internal operations (including data analysis, troubleshooting, testing, system maintenance, support, reporting and hosting of data);
- To measure or understand the effectiveness of our Site and/or any marketing we serve to you and others,
- To deal with any issues you have reported with our Site.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us on firstname.lastname@example.org.
We do not:
- Share your personal information with third parties for their own direct marketing purposes.
Disclosing your personal information
We may disclose your personal information to third parties as follows:
- To our employees, officers, insurers, professional advisors and agents to the extent that it is reasonably necessary to do so for the above permitted purposes;
- To any Elucidat group companies (including in respect of the Elucidat Group’s sales and marketing activity);
- To our third party suppliers and subcontractors to help us provide our services, including the Elucidat learning platform and our website. These include:
- our hosting service provider;
- our third party subcontractors and service providers involved in the development, maintenance, backup, storage, financial administration and other integrated services as required in order to provide our services;
- content delivery networks that are used to speed the delivery of your uploaded content around the world in courses that are delivered online. This (temporarily) makes copies of your uploaded content at ‘Edge’ locations around the world;
- 3rd party services to assist us in providing continuity;
- our legal advisers in connection with advising us; and
- law enforcement, regulators or others if we are required to do so by law or in any legal proceedings.
If we need to for fraud prevention, investigation, or to protect the rights, property or safety of us, our customers or others.
To third parties wishing to purchase our business or assets, or in connection with an internal reorganization of the Elucidat Group companies.
Transfers of information to third countries and safeguards
We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in other countries.
Whenever we transfer your personal information outside of the EEA, we protect it by making sure at least one of the following safeguards is in place:
- the transfer is to a country that has been deemed to provide an adequate level of protection by the European Commission;
- the recipient enters into specific contractual terms approved by the European Commission, which are intended to give your personal information the same protection it has within the EEA; or
- when we transfer personal information to the US, the transfer is to entities that are Privacy Shield-certified, which requires them to provide similar protection to personal information shared between Europe and the US as applicable in the EEA.
Please get in touch with us for the details of how we protect specific transfers of your data.
With respect to personal information received or transferred pursuant to a Privacy Shield Framework, Elucidat is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: email@example.com.
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
You may be able to select binding arbitration under the Privacy Shield Framework, more information about this can be found here.
We will ensure that all onward transfers of your Personal Information are in line with the Privacy Shield Principles. Please note, we may disclose your Personal Information where we are requested to do so by public authorities or to meet national security or law enforcement requirements. We understand that we shall remain liable under the Privacy Shield Principles if any of our agents processes such personal information in a manner which is inconsistent with the Privacy Shield Principles. Please note, we will not be liable in the event we are not responsible for any event that gives rise to the damage caused.
How your data is kept secure
We use commercially reasonable physical, technical and administrative measures to secure Elucidat and our users personal information from unauthorised access, alteration, disclosure or destruction. In particular:
- We encrypt personal information online using SSL;
- We do not store personal information on unencrypted removable media;
- We regularly review our information collection, storage and processing practices, including physical security measures, to help guard against unauthorized access to systems;
- We restrict access to personal information to Elucidat employees, contractors and agents on a need-to-know basis, subject to appropriate confidentiality obligations, and discipline or termination as appropriate.
How long your information will be held
We will endeavour to not keep your personal information for longer than necessary to facilitate your use of Elucidat’s services or as required by applicable law. Personal information is retained and deleted as follows:
- You can request that your author data is deleted at any time, including before the end of any subscription period (although, doing so will affect your ability to use Elucidat’s learning platform); and
- Unless you request otherwise, we will retain your author primary data for a period of up to three (3) years from the end of your last subscription to enable you to re-subscribe without losing data within that period.
For other personal data not subject to the retention described above, or personal data provided to us by third parties, such as market research providers and business data directories, we will retain this for a period of up to two (2) years.
You have several rights as a data subject as summarised below:
- Access: You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others.
- Rectification: We will rectify any errors in the personal information we hold on request.
- Erasure: In addition to Elucidat functionality that enables you to delete information, you may ask us to erase your personal information from our systems in the following situations:
- The information is no longer necessary in relation to the purpose for which it was collected;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The information has been unlawfully processed;
- The information has to be erased for compliance with a legal obligation to which we are subject.
- Right to restrict processing: You have the right to restrict our processing on specified grounds.
- Notification: Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
- Data portability: You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.
- Right to object: In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical research purposes.
- Automated individual decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.
How to exercise your rights
- To exercise any of your other data subject rights, please email firstname.lastname@example.org or get in touch via our Contact Us page.
- You may request a copy of information undergoing processing, subject to evidence of your identity (normally a certified copy of your passport plus an original copy of a utility bill showing your current address). The first copy shall be provided without charge, but reasonable administration fees shall be charged for additional or subsequent copies.
- We shall respond to your requests without undue delay and in any event within one month unless we need to extend such period by up to two further months in specific circumstances.
- Please note that if you delete or restrict your account or required information, this may prevent you from making full use of our services.
What happens if a data breach occurs
Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.
In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorised access to information.
If we believe that our data has been compromised, we will report the issue to the UK Information Commissioner's Office (ICO) and other relevant regulators, as required by applicable law.
We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.
Elucidat as data processor
Your California privacy rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business with whom the California resident has an established business relationship what types of personal information, if any, the business shares with third parties for direct marketing purposes by such third parties and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. We do not currently share any personal information with third parties for direct marketing purposes by such parties. A number of states are currently considering enacting laws similar to the California law above. If you are a resident of a state that enacts such a law, please use the contact information above to contact us with any questions, requests or comments.
Our website and services are not intended for use by children, and we do not knowingly collect personal information from children under 13. For purposes of the Children’s Online Privacy Protection Act (COPPA) in the US, if we learn that we have collected the personal information of any such individual, we will take steps to delete the information as soon as possible.