Last updated; Mar 2020
Please do not submit anyone else’s personal information to us unless you have their express consent to do this.
If you have any questions, comments or requests regarding your personal information, please email email@example.com or get in touch via our contact us page.
What data do we collect?
We collect the following personal information:
1. Information you provide directly to us:
- When we communicate with each other (including your name, email address, telephone number and the content of our communications);
- When you sign up to Elucidat (including your name, email address, postal address, telephone number, work position, transaction details, card details);
- When you complete or personalize your Elucidat profile (including your name, profile picture/likeness, gender, work position);
- When you subscribe to email notifications and/or newsletters (including your name and email address);
- Course Content (including any content you upload to Elucidat such as text, imagery and videos when you create your elearning courses); and
- Other information that you choose to send to us.
2. Data we derive through your use of Elucidat
- General user information about your computer and your visits (including your IP address, location, browser, operating system, referral source, length of visit and the pages you visit). This information can be facilitated by cookies (see our Cookies policy below);
- Specific learner information about use of some public and private elearning courses hosted on Elucidat (including pages accessed, answers to questions, and overall results of courses). Usually this information is anonymised except for ‘Self sign-in’ courses requiring name and email address, or all of SCORM releases which send a ‘learner_id’, name and on occasions and email address to us; and
- Other information that may be generated when you use Elucidat.
3. Information we receive from other sources:
- We may receive personal data provided to us by third parties, such as market research providers and business data directories (including your name, email address, telephone number, employer, job role, location).
How we use your data and legal grounds
- To manage our relationship with you and to comply with our contractual obligations.
- To administer Elucidat, our website and our business;
- To enable your use of Elucidat and other requested services;
- To enable you to edit, publish and manage your courses;
- To help learners access their courses, restore progress, and personalize their experiences
- To respond to technical support requests;
- To ensure the continuity of our services e.g. to back up your courses;
- To send invoices, reports, statements, payment reminders and collect payments from you;
- To deal with any enquiries or complaints by you or about your use of Elucidat;
- To understand how you (and others) are using Elucidat, to help us improve and develop our services;
- To monitor compliance with our Terms and Conditions;
- To provide requested information to you;
- To send you email notifications or newsletters that you have specifically requested;
- To keep our systems secure and prevent fraud;
- To send you other necessary information about our services and our relationship;
- To market our products and services, offers and events we think may be of interest to you in a business context (you can opt-out at any time by emailing firstname.lastname@example.org). Where required by law, we will ask for your consent for such marketing activities.
- If you have expressly agreed to contact you about our services, offers, events or news if you have subscribed to relevant mailing lists (you can unsubscribe or email email@example.com).
We do not:
- Share your data with third parties for their own purposes;
- Use any of your course content for our own purposes; or
- Send you unsolicited communications unless you have specifically agreed.
Disclosing your personal information
We may disclose your personal information to third parties (provided that they are bound by appropriate obligations to safeguard your information) as follows:
- To users of your Elucidat elearning content, when you have granted permission for others to see, share, edit, copy or download your elearning content, which may contain personal information;
- To our employees, officers, insurers, professional advisors and agents to the extent that it is reasonably necessary to do so for the above permitted purposes;
- To any Elucidat group companies;
- To our third party suppliers and subcontractors to help us provide Elucidat to you and for other legitimate business reasons. These include:
- our hosting service provider;
- our third party subcontractors and service providers involved in the development, maintenance, backup, storage, financial administration and other integrated services as required in order to provide Elucidat to you;
- content delivery networks that are used to speed the delivery of your uploaded content around the world in courses that are delivered online. This (temporarily) makes copies of your uploaded content at ‘Edge’ locations around the world; and
- anonymous usage data to 3rd party services to assist us in providing continuity. If we are required to do so by law or in any legal proceedings;
- If we need to for fraud prevention or to protect the rights, property or safety of us, our customers or others.
- To third parties wishing to purchase our business or assets.
Where your information is stored
Our main data centre is currently in London (UK). Our backup hosting data centres are located in the EU, currently Dublin and Frankfurt. Elucidat may in the future offer clients the choice of where they wish to store their data between the UK, US and EU.
Transfers to third countries and safeguards
We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in other countries. We do not transfer any data to third countries or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognised legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).
How your data is kept secure
We work hard to protect Elucidat and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. In particular:
- We encrypt all of our services using SSL;
- We do not store copies of your data on any form of removable media or in any of our office locations;
- We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems;
- We restrict access to personal information to Elucidat employees, contractors and agents on a need-to-know basis and ensure they are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How long your information will be held
We will endeavour not to keep your personal information for longer than necessary to facilitate your use of Elucidat. Your information is retained and deleted as follows:
- You can manually delete or export all or some of your courses from Elucidat at any time or we can delete your courses on request;
- You can also request that your learner and author data is deleted at any time, including before the end of any subscription period (although, doing so will affect your ability to use Elucidat);
- Unless you request otherwise, we will retain your learner and author primary data for a period of up to three (3) years from the end of your last subscription to enable you to re-subscribe without losing data within that period.
- For personal data provided to us by third parties, such as market research providers and business data directories, we will retain this for a period of up to two (2) years.
When you or we delete your courses or accounts as above, they will no longer be accessible to you online. However, subject to your right to erasure (below) some content may be retained as follows:
- Some prior content may remain in backup or cached copies for a reasonable time (but we will not make it available again to third parties);
- We may need to retain certain information for reasonable business purposes (e.g. accounts information, unsubscribe records, information needed to prevent identity theft, legal disputes and misconduct) even if deletion has been requested;
- If we are required to retain information by law or in relation to pending or prospective legal proceedings.
Some parts of our website can be accessed even if your cookies are turned off, but you may find there are parts of the website which you cannot access if your cookies are turned off.
However, the Elucidat software application will not function correctly if your cookies are turned off.
You have several rights as a data subject as summarised below:
- Access: You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others.
- Rectification: We will rectify any errors in the personal information we hold on request.
- Erasure: In addition to Elucidat functionality that enables you to delete information, you may ask us to erase your personal information from our systems in the following situations:
- The information is no longer necessary in relation to the purpose for which it was collected;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The information has been unlawfully processed;
- The information has to be erased for compliance with a legal obligation to which we are subject.
- Right to restrict processing: You have the right to restrict our processing on specified grounds.
- Notification: Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
- Data portability: You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.
- Right to object: In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical research purposes.
- Automated individual decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.
How to exercise your rights
- To exercise any of your other data subject rights, please email firstname.lastname@example.org or get in touch via our contact us page.
- You may request a copy of information undergoing processing, subject to evidence of your identity (normally a certified copy of your passport plus an original copy of a utility bill showing your current address). The first copy shall be provided without charge, but reasonable administration fees shall be charged for additional or subsequent copies.
- We shall respond to your requests without undue delay and in any event within one month unless we need to extend such period by up to two further months in specific circumstances.
- Please note that if you delete or restrict your account or required information, this may prevent you from making full use of our services.
What happens if a data breach occurs
Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.
In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorised access to information.
If we believe that our data has been compromised, we will report the issue to the Information Commissioner's Office (ICO).
We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.
Elucidat as data processor
information i.e. where we exercise control over the data processing, decide what personal information to collect, how to process it and for what purposes. In some
situations we may be deemed under applicable law to be your ‘data processor’ e.g.
under an Elucidat Licence Agreement i.e. where we process personal information
controlled by you, on your behalf. In those situations, our Data Processor Terms
shall apply to our processing activities.