1. We are committed to protecting your privacy and the personal information collected and processed about you.
You may have access to the LMS through one of two ways: (1) via an agreement between the applicable Customer and Unboxed Technology that provides the Customer’s Users with access to our “Spoke” branded LMS or (2) via a reseller or white label LMS agreement between the Customer and our authorized LMS reseller or white label provider (“Authorized Provider”) that provides the Customer and its Users with access to their respective version of the LMS.
2. European Personal Data.
The European General Data Protection Regulation No 2016/679 (including any national supplementing legislation) (“GDPR”) may be applicable to your use of the LMS through one of two ways: (1) if you access the LMS via an agreement directly between the Customer and Unboxed Technology, the Customer is the Data Controller (as defined in the GDPR) and Unboxed Technology is the Data Processor (as defined in the GDPR) except as stated otherwise below for EU personal data processed through the LMS or (2) if you access the LMS via an agreement between the Customer and an Authorized Provider, the Customer is the Data Controller, the Authorized Provider is the Data Processor, and Unboxed Technology is the Data Sub-Processor (as defined in the GDPR) except as stated otherwise below for EU personal data processed through the LMS. Except where we indicate below that we are acting as a Controller of EU personal data, we, and if applicable our Authorized Provider, will only process such EU personal data on our Customer’s behalf to provide our LMS to its Users and in accordance with their instructions as set out in the applicable agreement with the Customer. We will use such EU personal data to: provide and deliver the LMS to the User, prevent or address any service or technical issues, respond to a Customer or User’s request, instructions or support request, or for any other purpose provided for in our agreement with the Customer, or in accordance with or as may be required by law. In such cases, it is the Customer (or, as the case may be, other third parties working with the Customer) who remains responsible for its handling of the personal information and with compliance with any applicable data privacy laws. If you have questions or concerns about how such personal information is handled, you should contact the relevant Customer (your employer/institution) through which you are using the LMS and refer to their separate privacy policies.
At the beginning of each section, we use ‘plain English’ summaries to inform you about the content of those sections.
3. How we collect your information:
This section gives you the details about the information we collect about you and how we collect it, whether we collect it directly from you or other sources.
When using the LMS, we will process the following information about you:
- Information (such as your name, email address, business postal address, business telephone number and other contact details) that you voluntarily provide to your employer/institution (our Customer) who provides the information to us to set up your account. Information you provide directly by entering fields in the LMS, including information that you add to your profile or you upload or submit to the LMS.
- Information you provide to us when requesting information or material from us, along with information provided for any transactions, including details of any transactions made by you through the LMS using the LMS coins.
- Information contained in communications you voluntarily send to us, for example, to report a problem or to submit questions, concerns or comments regarding the LMS.
4. How we use your information:
We process your information for the following purposes where it is necessary to perform our contract, provide our Services to you, or where it is in the legitimate interest of the Customer and subject to applicable laws; in these situations, with respect to the EU Personal Data, we are acting as Processor or Sub-Processor:
- To allow you to use the LMS and perform actions requested by you or your employer/institution (our Customer). For example, if you complete a course in the LMS, we will use the information provided to associate course completion with your username and this information will be available to your employer/institution.
- For security purposes. We may use your data to protect the LMS and its clients against security breaches and to prevent fraud and violation of the LMS’s applicable agreements.
- For hosting purposes. We may collect and host your data to provide services to you. If your employer/institution is our Customer, we may process your data in accordance with providing services to them. However, we will not review, share, distribute, or reference any such data except as provided in a services agreement between us and our Customer, or as may be required by law.
- Protection of Unboxed Technology, Authorized Providers, Customers, and Others. We may disclose your information to: (i) comply with legal obligations; (ii) respond to claims that any content violates the rights of third parties; (iii) respond to your requests for customer service; and/or (iv) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law.
- Business Transfers. We reserve the right to disclose and transfer all of your information, to a successor (or potential successor) company in connection with a merger, acquisition, or sale of all, or components, of our business, or in connection with due diligence associated with any such transaction.
- Backups. We keep backup copies of data in order to protect the LMS and our users from a catastrophic failure as part of disaster recovery. These backups are kept secure using the same level of security (or greater) as our standard servers.
We may collect and use your information for the following purposes for our legitimate business interest; with respect to EU Personal Data, we are acting as a Controller:
- For internal marketing purposes. For example, we may use your aggregated and pseudonymized data to inform you of additional updates or features of the LMS or conduct a survey for the purpose of improving user experience; provided, however that any such use shall be subject to approval from your employer (the Customer) and its Authorized Provider (if applicable).
For operating and improving the LMS and your customer experience. We may collect and analyze aggregated and pseudonymized user data and process it for the purpose of improving our online customer experience. Pseudonymized data collected may include information about devices, browser type, browser language, operating system, and IP address. Pseudonymized data collected could also include information related to interactions with the LMS, such as referring and exit pages and URLs, platform type, the number of clicks and domain names used within the interaction with the LMS. This data allows us to better understand our customers, their interaction with our website and improve the LMS to better serve our customers. We use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information. For a list of third parties and the information collected, please contact email@example.com.If you are a User, you may also contact your employer/institution (our Customer).
5. Sharing your information:
You have the right to know with whom we share your information.
We may share your information with:
Any agents, partners or contractors who assist us in providing the Services we offer through the LMS. Transactional assistance may also be provided by our agents, partners or contractors, including: processing transactions, fulfilling requests for information, billing, sales execution, and fulfillment of orders. Other support services provided may include: data storage, transfer, analysis and processing, legal services, providing IT, and in other tasks as requested, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions and are subject to contractual restrictions prohibiting them from using your information for any other purpose.
To receive a list of the agents, partners or contractors assisting us in the processing of your information please send your request to firstname.lastname@example.org. If you are a User, you may also contact your employer/institution (our Customer). This list may change over time and will be updated.
The LMS Community section
We provide a community section that allows users to post discussions, news posts, and other interactions through the LMS. Any information you submit in these sections may be read, collected, or used by others within the LMS Community for your organization who have access to the LMS. We are not responsible for the information you choose to submit in these forums.
6. Transfer of information overseas: You have the right to know if and where your information may be transferred. This section provides information on the existence of transfers of your information by us.
The personal information about you that we collect is sent to and stored on secure servers located as noted below or in the systems of the third parties that we use, where applicable. These systems may also include backups of your information. Such storage is necessary in order to process the information.
Server locations include:
Microsoft East Region – USA
Personal information may be transferred by us to the third parties mentioned in the circumstances described above (see Sharing your information), which may be situated outside the European Economic Area (EEA) and may be processed outside the EEA. We comply with all U.S. and E.U. laws related to personal privacy and data privacy.
Standard Contractual Clauses
The security of your information is important to us. This section describes the basics of the types of measures we put in place to protect your information.
- We have appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access and maintain data security of, and to use correctly, the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store. We have implemented procedures designed to limit the dissemination of your information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
This section explains how long we will retain your personal information for following termination of our commercial relationship and the reasons for retention.
We will only keep your information as long as it remains necessary for the identified purpose(s) for which it was originally collected and for up to eight (8) years afterwards or otherwise permitted by law, or as required for our business operations or by applicable laws. Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
9. “Do Not Track” Signals.
Your browser settings may allow you to automatically transmit a “do not track” signal to websites and online services you visit. At this time, there is no consensus among industry participants as to the meaning of “do not track” in this context. Like many other websites, the LMS is not configured to respond to “do not track” signals from browsers.
10. Your Rights:
This section provides details about your rights in relation to your personal information.
With respect to your rights under the GDPR or other laws, to the extent applicable to you where we are acting as Processor or Sub-Processor), you or your employer (our Customer) is the Controller in most circumstances. You may contact email@example.com and we will direct your request to your employer (our Customer). We hope that we can resolve any issue that you may have, however you also may notify the relevant data protection authority in your jurisdiction should you have a complaint.
With respect to your rights under the GDPR or other laws, to the extent applicable to you (for example, where we are acting as a Controller and not a Processor or Sub-Processor), you or your employer (our Customer) may ask us to:
- Provide access to all the personal information about you held by us. On request, we will provide you with a copy of this information. Under certain circumstances, we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested. You can exercise your right of access to your personal information:
- By emailing us at firstname.lastname@example.org (if you are a User you may also contact your employer’s/institution’s (our Customer) designated administrator of the LMS).
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.
- Correct, erase, or delete your personal information where appropriate. Please note, you may review and update certain user profile information by logging in, as applicable, to the relevant sections of the LMS where such information may be updated
- Restrict the processing of your personal information while we investigate your concern
- Where your processing is based on your consent, you have a right to receive your information in a commonly used electronic format or ask we move the data in that format to another provider where your request relates to the data that you gave us direct and where technically possible (data portability)
- Request that we transmit your data or personal information to another company
- Withdraw your consent at any time when the processing relies upon consent
[Version 2.2 – October 25, 2018]