Information about privacy
E-Learning Academy and your data
ELEACA is a company established in Belgium, having its offices at 22, box C Rue Lincoln, 1180 Brussels, Belgium registered in Belgium under number 0737.480.706.
« E-learning From Scratch» is a commercial name that ELEACA used.
We are a company made up of people working in the field of privacy, data management and IT security. We decided to create a teaching platform that allows everyone to learn, at their own pace, the subject of privacy protection. In practice, you order the course you are interested in and we give you access to it via your personal space on our platform.
In the framework of our activities we collect and process personal data concerning our clients, or any “data subject” who is in contact with us (prospects,…)
The aim of the Policy is to explain how we collect, store and use personal data.
Protecting your personal data and the respect of your privacy are essential values for us and we commit ourselves to handle and preserve your personal data with loyalty and transparency in accordance with the Belgian law and the GDPR.
We hereby consider « personal data » as any information relating to an identified or identifiable natural person (data subject).
The following policy is in line with our values and wish to act in full transparency in accordance with the Belgian Data Protection Act of 30 July 2018 on the protection of natural persons in relation to the processing of personal data (as amended) (“Privacy Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) (together: “Privacy Legislation”).
If you wish to react to the practices described below or have any questions, do not hesitate to contact us.
II. What kind of personal data do we process and how do we obtain them ?
When you contact us via our website, you will send us your name and email. Based on this email address we reply in order to define how we can help you.
In this context we process personal data, in particular:
- your information, if you have voluntarily communicated it to us, via an email (name, first name,…);
- Information concerning the courses purchased, the courses taken, and the exercises carried out;
- Information concerning the pages you have consulted on our website;
- any other information that you have voluntarily communicated to us (typically when sending questions or other).
A. Non- personal data
It is possible that we collect non- personal data. This data is qualified as such as it does not identify you directly or indirectly. These may then be used for any purpose whatsoever, for example, to improve our website, or improve the service offered.
B. What is a cookie?
A cookie is a small text file that contains fragments of information. When you visit websites, the information collected by different cookies is registered on your device (example: choosing your preferred language for a website). The cookie contains a unique code that allows its issuer to recognise the device concerned (your computer or mobile device) each time the website is visited.
The cookie identifies the browser on your device. A website’s server can only read the cookies it has placed itself and has no access to any other information on your computer or mobile device. Cookies can either be placed by the server of the website you are visiting (« original cookies ») or by partners with whom this website collaborates (« third-party cookies »).
Cookies generally have an expiration date. Some cookies expire when you close your browser (« session cookies »), while others remain on your device longer, sometimes even until you manually delete them (« permanent cookies »).
The configuration of each browser is different. Each procedure is described in the help menu of your browser. To do this, you must go to each of them and use the following links:
- Firefox : https://support.mozilla.org/fr/kb/effacer-les-cookies-pour-supprimer-les-information
- Chrome : https://support.google.com/chrome/answer/95647?hl=fr
- Safari : https://support.apple.com/kb/PH21411?locale=nl_NL&viewlocale=fr_FR
- Internet Explorer : https://support.microsoft.com/fr-be/help/17442/windows-internet-explorer-delete-manage-cookies.
a) Data protection provisions for the use of Google Analytics on the website
If you decide to make the IP address anonymous on this website, it will be hidden. Google will use the information collected in order to analyse the use of the website by the users, to compile reports on website activity and to provide the website operator with further services related to the use of the website and internet navigation in general.
The IP address transmitted by your browser as part of Google Analytics will not be linked to any other data held by Google. You can block the storage of cookies by setting your browser accordingly.
III. For what purpose do we collect your data?
We collect and process your personal data for the purposes described below. We have determined these purposes and ensure that only necessary and relevant personal data are processed in accordance with the principle of data minimisation.
In general, we base the processing of your personal data on the following legal bases:
- In order to comply with our legal obligations;
- In order to achieve our legitimate interest (in this case we always make sure to seek and respect the balance between our interest and your rights and freedoms);
- In order to take necessary preliminary measures and execute the contract that binds us (when you buy a course, we have a contract);
In the event we collect and process data that had not been mentioned in the present Policy, we shall contact you before making use of your personal data. The purpose of this contact will be to inform you about this processing operation and, if necessary, to ask you for your explicit consent.
A. Compliance with our legal obligations
In some cases, we are obliged to process your personal data in the context of our legal obligations or when we cooperate with the competent authorities. In these cases, we process your personal data to meet our obligations.
B. Our legitimate interests
In some cases, it is in our legitimate interest to process your personal data.
To this end, we always ensure that we maintain a fair balance between the need to process your personal data and the respect of your rights and freedoms, including the protection of your privacy.
Your personal data are processed for:
- Follow up on requests related to our services ;
- The development of our know-how ;
- Customisation and improve of our services and value proposition ;
- Commercial prospecting and prospect management (updating prospecting files, organising promotional operations, contacts for commercial purposes, etc.) ;
- The preparation of studies, models (risk, marketing and other) and statistics, using anonymisation and/or pseudonymisation techniques wherever possible ;
- Preservation of security of property and persons, the fight against fraud or attempts at intrusion, abuse or other offences ;
- Maintaining a list of people who no longer wish to be contacted ;
- The training of our staff through the use of real-life situations for illustrative purposes (we try, as far as possible, to anonymize your personal data) ;
- The improvement of our existing services and experience of the website’s users ;
- Managing your requests related to the application of your rights (including identifying you);
The recognition, exercise, defense and preservation of our rights ;
- Transfer your data to our processors or joint controllers, or even third parties.
C. Contract or preliminary measures
When you order a course, we process personal data for the execution of our contract (the pre-contractual phase is included in this legal basis for processing). Generally speaking, we therefore process them to manage and maintain our customer relationship (invoicing, access to the website, customer management,…).
IV. How long do we retain your personal data?
In general, we ensure not to keep your personal data beyond the time necessary for the purpose for which they were intended.
Specifically, there are two situations that need to be distinguished when determining how long we keep your data.
- You have never ordered a course on our platform, but you have contacted us for information about the platform or one of our products, or you have agreed to be informed of our news. We keep your personal data for 3 years from our last contact.
- You have ordered a course or a lesson. Then we have a contract. We then keep your personal data for a period of 10 years from the day of payment of your order.
At the end of the retention period, we will do our utmost to ensure that your personal data has been made unavailable and inaccessible.
Your rights under the GDPR
V. Access, withdrawal, rectification, erasure, portability, limitation and opposition.
Your rights under the regulations allow you to keep control of what we do with your personal data.
A. Right to access and copy
- This right to access data we possess about you applies to all the purposes we have mentioned above.
- This right allows you to inquire in particular whether or not we process your personal data, for what purposes, the categories of data concerned and the recipients of your data.
- You may also ask us for a copy of all the personal data we process that concerns you.
B. Right to withdrawal of consent
- As soon as we process your personal data on the legal basis of consent, you can always withdraw your consent.
C. Right to rectification
- You also have a right of rectification allowing you to ask us, at any time, to modify information that is inaccurate, incomplete or has become obsolete.
D. Right to erasure (to be forgotten)
You can obtain the deletion of your personal data when one of the following applies:
- The data is no longer necessary in regard to the intended purpose;
- You withdraw your consent to the processing of your data and we base this processing only on the legal basis of your consent;
- You object to the processing;
- We have processed your personal data unlawfully;
- In the event that the data we have is incomplete, inaccurate or obsolete;
- We must delete your personal data in order to comply with a legal obligation (under Union law or national law of the Member State) to which we are subjected.
E. Right to data portability
- In the event that we process your personal data on the basis of a contract or your consent, you may ask us to transfer all your personal data to you or to transfer them to another controller.
F. Right to restriction of processing
In some cases, you may also ask us to limit the processing of your personal data. The situations in which you may ask us to limit the processing of your personal data are listed as follows :
- If you dispute the accuracy of a personal data for as long as we can verify the accuracy of such data ;
- If we unlawfully process your personal data and you prefer that we limit this processing rather than the deletion of your personal data.
- Without doubt, as soon as the processing restriction no longer applies, we will inform you before it is lifted.
G. Right to object
- In the event the processing of data should be used for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for this purpose.
H. Automated individual decision-making including profiling
- You will never be subject to a decision based solely on automated processing.
VI. How to exercise your rights?
In order for us to be able to help you enforce your rights, we must verify that your request concerns your personal data.
B. When will we reply?
We commit ourselves to return to you as soon as possible and, at the latest, within one month of your request. Nevertheless, we may have to extend this period to two months if your request is complex or we face an excess of requests. Should such a situation arise, we will inform you of the reasons for the delay.
VII. Transfer to third parties
In general, we only transfer your personal data to third parties in the following cases:
– Where we are required to do so by law. In this case we will transfer your personal data to public bodies or public authorities.
– We may transfer your personal data to third parties, joint-controllers or subcontractors such as our accountant, our lawyers or any person with whom we have a contract through which we supervise or organise the processing of such personal data.
We do not transfer your data outside the European Union.
VIII. Links to other websites
Our website contains links to other websites. The content of this information documentation only applies to our own website. It is up to you to consult the information about data protection on these websites.
We shall, by all necessary technical and organisational means, guarantee a suitable security standard for the processing of your personal data. This standard, is determined on basis of risks occurred through the processing and the nature of the data to be protected.
We have put in place appropriate security measures, thus protecting your personal data from loss, theft, the misuse or alteration of the information received and the unauthorized disclosure or use of your personal data.
In the rare and unfortunate event where your personal data should be compromised due to a security breach, we commit ourselves to promptly act to identify the cause of the breach and take appropriate action.
If necessary, in accordance with the applicable law, we will inform you of this incident.
X. Claims and complaints
If you question any information described in this Policy, we recommend that you contact us directly to see how we can help you.
You can also file a complaint with the Data Protection Authority at the following address:
Belgian Data Protection Authority
Rue de la Presse 35
02 274 48 00
02 274 48 35
If you are not a Belgian resident, it is possible to lodge a complaint with your Data Protection Authority, you can find their contact information here. For further information on possible complaints and means of redress, we invite you to consult the website of the Data Protection Authority: https://www.autoriteprotectiondonnees.be.
In addition, you can always file a complaint with the Court of First Instance of Brussels.
XI. How can you contact us ?
For any further questions and/or complaints concerning the present policy, do not hesitate to contact us.
We reserve all rights to amend at any time the provisions held in the present Policy. We shall publish the amendments directly on our website.
XIII. Relevant legislation and competent jurisdiction
This Policy is governed by Belgian law.
Any dispute relating to the interpretation or the execution of this Policy shall be governed by Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.
This version of the Policy is effective and has been updated as of 1 January 2020.