LEPAYA – PRIVACY POLICY
LTD NL B.V.

 

Last updated: April 2018

 

Lepaya takes your privacy very serious and will process and store your data in a safe way. We have drawn up privacy rules in this policy (hereafter called: “Privacy Policy”) We recommend you read this carefully.

 

  1. Who are we?

Lepaya is a registered trademark and a protected trade name. The mark, the trade name and other assets of Lepaya, including the databases, are licensed conditionally to LTD NL B.V. or its affiliate companies by the owner, established at Graaf Florisstraat 2N, Amsterdam, and is registered at the Chamber of Commerce under no.  #69556318.  All parties that work with and for Lepaya involved act in compliance with this Privacy Policy.

 

  1. Privacy legislation

Lepaya processes personal data as supplied by you or your employer (hereinafter called: “Personal Data”), so we can design engaging Learning Journeys, measure progress in Learning and propose interesting other content. We comply with the privacy legislation: the Dutch Data Protection Act (Wet bescherming persoonsgegevens) and the Data Protection Directive 95/46/EC. We also anticipate to the new General Data Protection Regulation, which will be the replacement of this legislation from May 25, 2018. All legislation together is hereafter referred to as: “Relevant Legislation”.

 

  1. Are minors allowed to make use of Lepaya?

Principally Lepaya is intended for persons at the age of 18 (eighteen) or older. If you are under the age of 18 (eighteen) you are not allowed to make use of the Application. By agreeing with this Privacy Policy, we may suppose that you are really 18 (eighteen) years old or older.

 

  1. Who is the Data Controller?

Our clients, the employers who use our software and services for the learning journeys of their employees, determine the purpose and means of the processing of the Personal Data. Therefore, our clients act as the “Data Controller” within the meaning of the Relevant Legislation.

 

  1. Lepaya is Data Processor

Lepaya is responsible for the storage, aggregation and processing of the Personal Data on behalf of our clients. Therefore, we act as the “Data Processor” within the meaning of the Relevant Legislation. This means that Lepaya is obliged not to use the data for other purposes than to assist our clients. On the contracts between Lepaya and its clients a standard Verwerkersovereenkomst applies, unless a specific one has been drawn up and is referenced in the contract between Lepaya and the client. Lepaya’s standard Verwerkersovereenkomst can be found on http://lepaya.com/verwerkersovereenkomst/.

 

  1. On which legal basis will your Personal Data be processed?

The processing of your Personal Data is based on the existence of a “Legitimate Interest” within the meaning of the Relevant Legislation. Our clients, the employers, have a Legitimate Interest in processing the Personal Data regarding learning journeys of their employees and the measurement of their progress. Employees also benefit from the learning journeys, so there is a fair balance between the interests involved.

 

  1. Which (personal) data is collected and processed?

In order to make use of the software and services Lepaya offers you, you will need a personal profile. Your HR manager will provide certain Personal Data of you to create your personal profile, such as: your name, e-mail address phone number and function. Lepaya requires that the data marked with an asterisk (*) is provided. It is not required to have the data completed not marked with an asterisk (*). After these data have been supplied, a profile is drawn up automatically. This profile contains the information your HR manager has provided during the composition of the personal profile. Lepaya also collects information on your behaviour in the app by tracking events, which information is generated automatically during the use of our software and services. As far as this information is used by Lepaya, it will always be anonymously.

 

  1. For which purposes will your data be used?

Your Personal Data will be used:

  • To grant the Application and all its functions to you;
  • To set up a personal profile, from which you can use the Application;
  • To send you information on the Applications of Lepaya itself;
  • To draw up anonymous statistical data and to make the Application safer;
  • To provide your information to third parties based on legal obligations;
  • In order to adapt and improve the Application.

In addition, the Customer can use the Personal Data to improve and optimize the learning journeys. We use automatically generated data for statistical purposes as well as for security and improvement of the Application. This information can be supplied to third parties so far as they are completely anonymized and cannot be linked to you personally. No Personal Data are supplied.

 

  1. How do we protect your personal data?

Lepaya will process your Personal Data in a proper and careful manner, in accordance with the Relevant Legislation. Lepaya will take appropriate technical and organisational measures in order to protect your Personal Data against loss or against any form of unlawful processing.

 

  1. How long will we keep your personal data?

Lepaya will keep your Personal Data for as long your employer requires from us. Lepaya will not keep the Personal Data longer than necessary for the purposes mentioned above, at which Lepaya strives for a constructive, long-term relationship. In no event will the personal data be kept longer than five years after the date on which the data have been updated for the last time. However, you can deactivate your data at any time or having them removed by us.

 

  1. Who do we share your personal data with?

In order to render our services, we need to share the personal data with companies that support us in processing the data (“Sub Data Processors”). For example, we use Amazon Web Services for the storage of the data and Auth0 to authenticate and secure all logins on the Application. These Data Processors will solely act as “Sub Data Processor” within the meaning of the DDPA and the EU Data Protection Directive. This means the Sub Data Processors are contractually obliged not to use the data for purposes other than those described in this Privacy Policy and we do not share data with them beyond what is necessary to assist us. Besides the above, we will not share your data with third parties – unless we are legally obliged to do so.

 

  1. Forwarding outside the EU

As far as the personal data are forwarded to third parties in accordance with this Privacy Policy, and these third parties are established outside the European Union, forwarding of data only takes place if that country ensures an appropriate security level. We will only transfer your data to these parties if forwarding is necessary for the implementation of the agreement or agreements between you and Lepaya, or for taking pre-contractual measures in response to a request from you and which are necessary for the conclusion of an agreement. By using the Application you give your consent to forward the data, within this framework, outside the European Union.

 

  1. Company transfer

It may happen that one or more parts or assets of the owner of Lepaya are transferred to a third party or that Lepaya merges with a third party. In this case your Personal data can be transferred. In the event of transfers uniform conditions apply. If the conditions however unexpectedly change in your disadvantage, your consent will be asked first. If desired, you can have your data deactivated or having them removed by us.

 

  1. Your rights

You have the right to :

–              require your employer to provide you a copy of the personal information your employer has processed about you;

–              require your employer to correct, update, shield or delete your personal information in our records;

–              report any misuse of your personal information.

 

If you have any questions, comments or concerns about how we handle personal data, you can contact us at info@lepaya.com. We strive to respond to such a request within 14 days of receipt by us.

 

  1. How far does Lepaya’s responsibility reach?

This Privacy Policy solely applies to Personal Data that have been obtained via Lepaya’s software and services. The Application may contain links to other websites of third parties.  We do not control the content or the links that appear on these websites and we are not responsible for the practices employed by websites linked to or from our Application. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites that are linked to our Application, are subject to the terms and policies of that website.

 

  1. Can this privacy statement be altered?

This Privacy Policy can be altered. The changes are publicly made available on Lepaya’s software and services. When we make significant changes, we will also send our users a notification. If material changes are made to article 6, you will be asked to accept our new privacy policy before you can continue using the Application, to make sure we have your consent to process your data.

 

  1. Any questions?

If you still have questions about this Privacy Policy you can always contact us via the following contact details:

 

LTD NL B.V. (trading under the name “Lepaya”)

Graaf Florisstraat 2N

1091 TG Amsterdam

 

Chamber of Commerce (Kamer van Koophandel) number: 69556318

VAT number: NL 857917171B01

 

E: info@lepaya.com