Privacy Policy for ClickLearn Services
Version 4 - December 2021
Previous Versions |
---|
Version 1 - January 2009 |
Version 2 - September 2021 |
Version 3 - December 2021 |
Background
The privacy notice covers all processing activity performed by ClickLearn in connection with our services and our marketing.
We use third party software, including YouTube and Google services, on our website. Please see the relevant terms for more information:
https://policies.google.com/privacy
https://www.youtube.com/t/terms
We process personal data with cookie technologies on our website. Please see our cookie policy for more information:
https://www.clicklearn.com/docs/privacy/cookie-policy/
The purposes of the processing
The overall ClickLearn purpose is to make communicating business processes in IT systems easier by recording the work tasks and explanations digitally so other employees can perform the same tasks by learning from the created material.
For this purpose, we provide different online services to users who are interested in the ClickLearn tool. Some services are free, and some are payable.
As part of provisioning the services, we provide guidance, send e-mails and notifications to users regarding the services, their account, new functions, and other interactions in the service.
More specifically, the purpose of the data collection is
1) to provide the services, including administrating accounts, providing access to exclusive learning content, provide discussion forums, allow for feature requests, maintain course enrollment reports, track progress, achievements, and certifications,
2) to learn from the use of the services, including via questionnaires, and to develop our services further by improving design, functionality, and learning content quality,
3) to offer the possibility of receiving direct marketing regarding the services, to get in touch with us, and
4) if consent is provided, to market our services directly to possible new users and to perform trials.
The lawful basis for the processing
As ClickLearn is located in the EU, the General Data Protection Regulation (GDPR) applies to the collection of personal data irrespective of where the user is located.
The basis for our collection and processing are:
1) Services: Article 6(1f) of the General Data Protection Regulation (the legitimate interests of ClickLearn override the legitimate interests and fundamental rights and freedoms of the user)
2) Marketing: Section 10 of the Danish Marketing Practices Act (permission is required for direct marketing)
Legitimate interests
ClickLearn has a business-critical interest in learning from the use of the services. As an online IT system provider, we are dependent on developing, fixing and adapting our services continually and quickly. If we have little or no access to the data from our users, it is almost impossible to develop and change the system in accordance with the changing needs and wishes of our users. In the end, if we do not collect the data, the users would not have the IT tools they are used to, and which help make their daily operations easier.
As any IT tool, ClickLearn is to some extent co-created with the users by analyzing the data to see what works and what does not, and what function should be added or changed. In our assessment, our users expect us to develop the system and to make sure the functions are aligned with their changing demands. Our data analyzing practices does not differ from the general practice in the online services industry.
Given the nature of ClickLearn as an IT system to make business processes easier, the collected data are business related. This means that no private or confidential data are collected from the persons using the system. Also, even though employees as a rule use the system, the data is not related to work performance or work absence or other data that could impact the employees in any way.
To safeguard further the users and for practical reasons, we deploy techniques to aggregate data to be able to get better insights. We only have an interest in the overall patterns of use. We have no interest in the user data regarding a single individual. For this reason, we as a rule delete personal data by request.
This basis only covers collection not related to our marketing.
The categories of personal data collected
The personal data we collect fall under Article 6 of the GDPR.
1) Account information
We collect personal data in relation to the profile such as first name, surname, city, description, profile picture, username, company, log in information, and e-mail.
We also collect personal data the user continually produces when using ClickLearn services such as data related to specific courses chosen, course progress and completion, assignment submissions, awarded certifications, points, ranks, and badges.
Moreover, we collect personal data regarding user products, including capturing work processes in IT systems, producing verbal explanations, creating multi-format learning materials in any language and publishing the material on a 24/7 accessible learning portal to other users.
2) Developing and testing
We collect technical data from the devices being used such as browser, IP address, network location and time zone. We also collect data on the use of the content as well as information on how the service is being used such as site experiences, when users enter and leave the site and what site features are being used.
3) Security
We use the IP-addresses to detect threats, both proactively and retroactively.
4) Chat and contact forms
We collect the personal data you continually provide when you chat or fill out the contact form, including contact data such as e-mail.
5) Marketing
We collect data related to your interaction with our marketing such as whether you read our newsletter.
6) User requests
Finally, we also process relevant personal data in connection with possible user requests in accordance with Chapter III in the GDPR. This might entail processing personal data to identify and/or authenticate the user making the request.
The recipients or categories of recipients of the personal data
Recipients of personal data might include but is not in all cases limited to IT service providers (data processors), public authorities (to the extent required by law) and support staff in subsidiaries.
The details of transfers of the personal data to any third countries or international organizations
We transfer personal data to third countries outside EU/EEA that the EU Commission has determined has an adequate level of data protection. In cases of transfer to third countries that do not have an adequate level of data protection we use the EU approved standard contractual clauses to ensure an adequate level of data protection. By request we will provide you with a copy.
The retention periods for the personal data
As a rule, when a user deletes his account, unsubscribes or requests deletion by contacting us at DataProtection@clicklearn.com, a deletion and anonymization process is activated.
The process includes assessing if we are obligated to store some or all the personal data for a longer period according to the GDPR and the applicable local, state or federal laws. If we are not obligated to store the personal data and we have no other lawful grounds for further processing, we delete or anonymize the personal data.
Regarding marketing, if a user does not open his e-mail or is otherwise inactive 24 months, the deletion and anonymization process is activated.
Regarding contact forms, we delete the personal data from the contact form when we have provided a trial to the user.
Regarding chat, we delete the personal data from the chat when we have answered your inquiries.
The source of the personal data
Personal data have been obtained directly from the user during the onboarding process in the system, from questionnaires and from the continued use of ClickLearn services.
If relevant, the personal data have, moreover, been obtained during chat on our website or via our contact form and from tracking of our direct marketing to measure e.g., what parts of the content the user clicks on.
The details of whether individuals are under a statutory or contractual obligation to provide the personal data
If you do not wish to provide us with the personal data, we need to fulfil the purposes, we are not able to provide you with the full services or functions of the system.
The details of the existence of automated decision-making, including profiling
The collected data is used to save information that changes the way the website appears or acts in accordance with the users’ past interests on the site. For instance, if a user has showed particular interest in some areas or subjects on the website, he will likely see content matching the prior interests to stimulate more interaction. Also, the user might see adds on other website that are affected by clicks and interactions in our services.
The rights available to individuals in respect of the processing
As we are bound by the GDPR due to our location you have the following rights:
- Your right of withdrawal of consent – You can always delete your account.
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
The rights are limited in scope and application. Moreover, the rights are applied on a case-by-case basis to each user request.
You are not required to pay any charge for exercising your rights.
If you make a request, we must provide information on actions taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. In that case, we will inform of any such extension within one month of receipt of the request, together with the reasons for the delay.
Please contact us if you wish to make a request. When you make the request, please specify your request as best you can. This will help us process your request more quickly.
The right to lodge a complaint with a supervisory authority
You can lodge a complaint with your local Supervisory Authority in the EU by going to the website of the European Data Protection Board and find the contact information. If you live outside the EU, please contact the Danish Data Protection Agency:
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
DK
Tel. +45 33 1932 00
email: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk/
The name and contact details of the organization (data controller)
CLICKLEARN ApS | Sjæleboderne 2, 1. th. | 1122 Copenhagen K | Business registration number: 33075731| Tel. +45 88 77 47 35| DataProtection@clicklearn.com
Changes
We may change the privacy notice from time to time including if we change the purpose of the processing. If we do, we will inform you in the service or via e-mail. The applicable privacy notice will always be available in the service.
Change Log
October 2021 |
Issued
|
April 2022 |
1) Added “including via questionnaires” to the section “The purposes of the processing”. 2) Added “from questionnaires” to the section “The source of the personal data”. 3) Added references to third party privacy policies to the section “Background”.
|
Documents superseded |
ClickLearn Studio, ClickLearn Webinars, ClickLearn Community and ClickLearn Universe privacy policies are each superseded by this document. |