Last updated: February 2021
- Who are we?
- Privacy legislation
Lepaya processes personal data as supplied by you or your employer
(hereinafter called: “Personal Data”), so we can design engaging
Learning Journeys, measure progress in Learning and propose interesting other content. We comply with the EU General Data Protection Regulation,
better known as GDPR, one of the most comprehensive privacy and
security laws in the world, effective as of May 25, 2018. All
legislation together is hereafter referred to as: “Relevant Legislation”.
- Are minors allowed to make use of Lepaya?
- Who is the Data Controller?
Our clients, the employers who use our software and services for the learning journeys of their employees, determine the purpose and means of the processing of the Personal Data. Therefore, our clients act as the “Data Controller” within the meaning of the Relevant Legislation.
- Lepaya is Data Processor
Lepaya is responsible for the storage, aggregation and processing of the Personal Data on behalf of our clients. Therefore, we act as the “Data Processor” within the meaning of the Relevant Legislation. This means that Lepaya is obliged not to use the data for other purposes than to assist our clients. On the contracts between Lepaya and its clients a standard Verwerkersovereenkomst applies, unless a specific one has been drawn up and is referenced in the contract between Lepaya and the client. Lepaya’s standard Verwerkersovereenkomst can be found on https://lepaya.com/en/verwerkersovereenkomst/.
- On which legal basis will your Personal Data be processed?
The processing of your Personal Data is based on the existence of a “Legitimate Interest” within the meaning of the Relevant Legislation. Our clients, the employers, have a Legitimate Interest in processing the Personal Data regarding learning journeys of their employees and the measurement of their progress. Employees also benefit from the learning journeys, so there is a fair balance between the interests involved.
- Which (personal) data is collected and processed?
7.1 Personal information you (or your HR manager) disclose to us
We collect personal information that you voluntarily provide to us when registering at the Services or Apps, expressing an interest in obtaining information about us or our products and services, when participating in activities on the Services or Apps or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Services or Apps, the choices you make and the products and features you use. The personal information we collect can include the following:
- Publicly Available Personal Information. We collect email addresses; social media; and other similar data.
- Personal Information Provided by You. We collect app usage; data collected from surveys; and other similar data.
- Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
7.2 Information automatically collected
We automatically collect certain information when you visit, use or navigate the Services or Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services or Apps and other technical information. This information is primarily needed to maintain the security and operation of our Services or Apps, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
7.3 Online Identifiers.
We collect devices; tools and protocols, such as IP (Internet Protocol) addresses; cookie identifiers, or others such as the ones used for analytics and marketing; and other similar data.
7.4 Information collected through our Apps
If you use our Apps, we may also collect the following information:
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s camera, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data. We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
7.5 Third party providers
We use Google Analytics, Firebase, Hotjar, Mailchimp and HubSpot as our third party service providers in order to collect and analyze data, create email distribution lists and manage marketing campaigns. Such processing is covered with a data processing agreement protecting your personal data.
- For which purposes will your data be used?
Your Personal Data will be used:
- To grant the Application and all its functions to you;
- To set up a personal profile, from which you can use the Application;
- To send you information on the Applications of Lepaya itself;
- To draw up anonymous statistical data and to make the Application safer;
- To provide your information to third parties based on legal obligations;
- In order to adapt and improve the Application.
In addition, the Customer can use the Personal Data to improve and optimize the learning journeys. We use automatically generated data for statistical purposes as well as for security and improvement of the Application. This information can be supplied to third parties so far as they are completely anonymized and cannot be linked to you personally. No Personal Data are supplied.
- How do we protect your personal data?
Lepaya will process your Personal Data in a proper and careful manner, in accordance with the Relevant Legislation. Lepaya will take appropriate technical and organisational measures in order to protect your Personal Data against loss or against any form of unlawful processing.
- How long will we keep your personal data?
Lepaya will keep your Personal Data for as long your employer requires from us. Lepaya will not keep the Personal Data longer than necessary for the purposes mentioned above, at which Lepaya strives for a constructive, long-term relationship. In no event will the personal data be kept longer than five years after the date on which the data have been updated for the last time. However, you can deactivate your data at any time or having them removed by us.
- Who do we share your personal data with?
- Forwarding outside the EU
- Company transfer
It may happen that one or more parts or assets of the owner of Lepaya are transferred to a third party or that Lepaya merges with a third party. In this case your Personal data can be transferred. In the event of transfers uniform conditions apply. If the conditions however unexpectedly change in your disadvantage, your consent will be asked first. If desired, you can have your data deactivated or having them removed by us.
- Your rights
You have the right to :
- Require your employer to provide you a copy of the personal information your employer has processed about you;
- Require your employer to correct, update, shield or delete your personal information in our records;
- Report any misuse of your personal information.
If you have any questions, comments or concerns about how we handle personal data, you can contact us at email@example.com. We strive to respond to such a request within 14 days of receipt by us.
- How far does Lepaya’s responsibility reach?
- Can this privacy statement be altered?
- Any questions?
LTD NL B.V. (trading under the name “Lepaya”)
1016 CG Amsterdam
Chamber of Commerce (Kamer van Koophandel) number: 69556318
VAT number: NL 857917171B01