Last updated: July 2022
2. Who are we?
Lepaya provides power skill trainings by combining more than 50 Soft and Hard Skill training modules into effective Power Skills development programs (the “Services”) that enable professionals to be more effective in their work and enjoy more happiness in life. Lepaya uses the ”unique blended method”, which combines (virtual) short classroom sessions with online learning, via one of our apps: one of the Lepaya apps, e.g. Lepaya mobile app and/or Lepaya Learning app for MS Teams and/or Lepaya app for Slack, together the “Lepaya Apps”). A comprehensive overview of all our specific trainings can be found on our website www.lepaya.com.
3. How and why do we use Personal Data?
Lepaya processes personal data as supplied by you or your employer (hereinafter called: “Personal Data”), so we can design engaging Learning Journeys, measure progress in Learning and propose interesting other content. We will always process your personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). We do not process any sensitive personal data, such as ethnic origin, political opinions, religious or philosophical beliefs.
4. Are minors allowed to make use of Lepaya?
5. Lepaya is Controller
Lepaya solely determines what personal data is needed to enable Lepaya to provide its Services. Hence, the collection of Personal Data is merely ancillary to and not the main subject of the agreement between Lepaya and its clients. Further, Lepaya will solely determine how the Personal Data is processed. Therefore, we act as the “Data Controller ” within the meaning of the GDPR.
6. On which legal basis will your Personal Data be processed?
The processing of your Personal Data is based on the existence of a “Legitimate Interest” within the meaning of the Relevant Legislation. Our clients, the employers, have a Legitimate Interest in processing the Personal Data regarding learning journeys of their employees and the measurement of their progress. Employees also benefit from the learning journeys, so there is a fair balance between the interests involved.
7. Which (personal) data is collected and processed?
7.1 Personal information you (or your HR manager) disclose to us
We collect personal information that you voluntarily provide to us when registering for the Services or Lepaya Apps, expressing an interest in obtaining information about us or our products and Services, when participating in activities on the Services and/or Lepaya Apps or otherwise contacting or engaging us.
The personal information that we collect depends on the context of your interactions with us and the Services or Lepaya Apps, the choices you make and the products and features you use. The personal
information we collect can include the following:
- Publicly Available Personal Information. We collect email addresses; social media; and other similar data found in the public domain
- Personal Information Provided by You. We collect app usage; data collected from surveys; and other similar data as well as one or more of the following Personal Data: e-mail address, name, title, home or work address, identification number (e.g. customer number), employer, online identifiers IP Address / cookie identifiers), record of performance assessment, recruitment information (such as CV’s, reference letters). In exceptional cases, we also process video material provided by you that will only be used internally for the functioning of the relevant module. Permission for this will always be requested first.
- Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
7.2 Information automatically collected
We automatically collect certain information when you visit, use or navigate the Services or Lepaya Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services or Lepaya Apps and other technical information. This information is primarily needed to maintain the security and operation of our Services or Lepaya Apps, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
7.3 Information collected through our Lepaya Apps
If you use our Lepaya Apps, we may also collect the following information:
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s camera, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data. We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or the mobile Lepaya App. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
7.4 Third party providers
We may share your personal data within the Lepaya Group and with third parties, including in accordance with the GDPR. Where we share your data with a third party data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing, in accordance with Articles 26, 28 and 29 GDPR. Furthermore, where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers, in accordance with Articles 44 ff. GDPR.
We use Google Analytics, Firebase, Hotjar, Mailchimp and HubSpot as our third party service providers in order to collect and analyze data, create email distribution lists and manage marketing campaigns.
And we use Amazon Web Services for the storage of the data and Auth0 to authenticate and secure all logins on the Lepaya App. Under this contract, AWS certifies it will not store any data outside the EEA.
7.5 Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
8. For which purposes will your data be used?
We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests within the meaning of the GDPR (“Legitimate Interest”) and provide you with adequate Services and products. Our clients, the employers, have a Legitimate Interest in processing the Personal Data regarding learning journeys of their employees and the measurement of their progress. Employees also benefit from the learning journeys, so there is a fair balance between the interests involved. The specific purposes can be one or more of the following:
- To grant access to all functions of the Lepaya App and the Lepaya App;
- To set up and manage a personal profile, from which you can use the Lepaya App;
- To send you information about the Lepaya App, Lepaya and our Services;
- To draw up anonymous statistical data and to make the Lepaya App safer;
- To provide your information to third parties based on legal obligations;
- In order to adapt and improve the Lepaya App.
In addition, the Customer can use the Personal Data to improve and optimize the learning journeys. We use automatically generated data for statistical purposes as well as for security and improvement of the Lepaya App. This information can be supplied to third parties so far as they are completely anonymized and cannot be linked to you personally.
9. How do we protect your personal data?
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
10. How long will we keep your personal data?
11. Forwarding outside the EU
12. Company transfer
It may happen that one or more parts or assets of the owner of Lepaya are transferred to a third party or that Lepaya merges with a third party. In this case your Personal data can be transferred. In the event of transfers uniform conditions apply. If the conditions however unexpectedly change in your disadvantage, your consent will be asked first. If desired, you can have your data deactivated or have them removed by us.
13. Our Records of Data Processes
We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31 GDPR).
14. Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
15. Your rights
You have the right to :
- Require your employer to provide you a copy of the personal information your employer has processed about you;
- Require your employer to correct, update, shield or delete your personal information in our records;
- Report any misuse of your personal information.
If you have any questions, comments or concerns about how we handle personal data, you can contact us at firstname.lastname@example.org. We strive to respond to such a request within 14 days of receipt by us.
16. How far does Lepaya’s responsibility reach?
17. Can this privacy statement be altered?
18. Any questions?
LTD NL B.V. (trading under the name “Lepaya”)
1097 BA Amsterdam
The Netherlands \
Chamber of Commerce (Kamer van Koophandel) number: 69556318
VAT number: NL 857917171B01
Lepaya is the trade name of the LTD Group B.V. and its subsidiaries LTD NL B.V.; Lepaya UK Limited, Lepaya Sweden AB and Lepaya Germany GmbH