E-Learning Academy and your data

1. Presentation

The following privacy policy is established by E-LEARNING ACADEMY (hereinafter referred to as « ELEACA » or “We”, “Us” or “Ours”), owner of the website https://www.elearningfromscratch.com/ (hereinafter referred to as the « website »).

ELEACA is a company established in Belgium, having its offices at 22, box C Rue Lincoln, 1180 Brussels, Belgium registered in Belgium under number 0737.480.706.

« E-learning From Scratch» is a commercial name that ELEACA used.

We are a company made up of people working in the field of privacy, data management and IT security. We decided to create a teaching platform that allows everyone to learn, at their own pace, the subject of privacy protection. In practice, you order the course you are interested in and we give you access to it via your personal space on our platform.

In the framework of our activities we collect and process personal data concerning our clients, or any “data subject” who is in contact with us (prospects,…)

The aim of the Policy is to explain how we collect, store and use personal data. Protecting your personal data and the respect of your privacy are essential values for us and we commit ourselves to handle and preserve your personal data with loyalty and transparency in accordance with the Belgian law and the GDPR.

We hereby consider « personal data » as any information relating to an identified or identifiable natural person (data subject).

The following policy is in line with our values and wish to act in full transparency in accordance with the Belgian Data Protection Act of 30 July 2018 on the protection of natural persons in relation to the processing of personal data (as amended) (“Privacy Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) (together: “Privacy Legislation”).

If you wish to react to the practices described below or have any questions, do not hesitate to contact us.

2. What kind of personal data do we process and how do we obtain them ?

When you contact us via our website, you will send us your name and email. Based on this email address we reply in order to define how we can help you. In this context we process personal data, in particular:

• your information, if you have voluntarily communicated it to us, via an email (name, first name,...);
• Information concerning the courses purchased, the courses taken, and the exercises carried out;
• Information concerning the pages you have consulted on our website;
• any other information that you have voluntarily communicated to us (typically when sending questions or other).

2.1. Non- personal data

It is possible that we collect non- personal data. This data is qualified as such as it does not identify you directly or indirectly. These may then be used for any purpose whatsoever, for example, to improve our website, or improve the service offered

3. What is a cookie?

A cookie is a small text file that contains fragments of information.

When you visit websites, the information collected by different cookies is registered on your device (example: choosing your preferred language for a website).

The cookie contains a unique code that allows its issuer to recognise the device concerned (your computer or mobile device) each time the website is visited.

The cookie identifies the browser on your device. A website's server can only read the cookies it has placed itself and has no access to any other information on your computer or mobile device.

Cookies can either be placed by the server of the website you are visiting (« original cookies ») or by partners with whom this website collaborates (« third-party cookies »).

Cookies generally have an expiration date. Some cookies expire when you close your browser (« session cookies »), while others remain on your device longer, sometimes even until you manually delete them (« permanent cookies »).

In addition, it should be noted that most browsers use cookies.

You can also delete these cookies or refuse their installation at any time and free of charge by modifying the options of your browser software. The configuration of each browser is different. Each procedure is described in the help menu of your browser. To do this, you must go to each of them and use the following links:

Firefox : https://support.mozilla.org/fr/kb/effacer-les-cookies-pour-supprimer-les-information

Chrome :https://support.google.com/chrome/answer/95647?hl=fr

Safari :https://support.apple.com/kb/PH21411?locale=nl_NL&viewlocale=fr_FR

Internet Explorer : https://support.microsoft.com/fr-be/help/17442/windows-internet-explorer-delete-manage-cookies.

By refusing the use of cookies, you can still access the website however, some features will be limited or even impossible.

a) Data protection provisions for the use of Google Analytics on the website

This website uses Google Analytics, a web analytics service provided by Google, Inc.. Google Analytics uses cookies to help the website analyze how users use the site.

If you decide to make the IP address anonymous on this website, it will be hidden. Google will use the information collected in order to analyse the use of the website by the users, to compile reports on website activity and to provide the website operator with further services related to the use of the website and internet navigation in general.

The IP address transmitted by your browser as part of Google Analytics will not be linked to any other data held by Google. You can block the storage of cookies by setting your browser accordingly.

However, please note that if you do this you may not be able to use all of the features of this website to their full extent. You can prevent the data created by the cookie about your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading this plug-in https://tools.google.com/dlpage/gaoptout?hl=fr. You can read more about Google's privacy policy at http://www.google.com/intl/fr/policies/privacy/.

4. For what purpose do we collect your data?

We collect and process your personal data for the purposes described below. We have determined these purposes and ensure that only necessary and relevant personal data are processed in accordance with the principle of data minimisation.

In general, we base the processing of your personal data on the following legal bases:

• In order to comply with our legal obligations;
• In order to achieve our legitimate interest (in this case we always make sure to seek and respect the balance between our interest and your rights and freedoms);
• In order to take necessary preliminary measures and execute the contract that binds us (when you buy a course, we have a contract);

In the event we collect and process data that had not been mentioned in the present Policy, we shall contact you before making use of your personal data. The purpose of this contact will be to inform you about this processing operation and, if necessary, to ask you for your explicit consent.

A. Compliance with our legal obligations

In some cases, we are obliged to process your personal data in the context of our legal obligations or when we cooperate with the competent authorities. In these cases, we process your personal data to meet our obligations

B. Our legitimate interests

In some cases, it is in our legitimate interest to process your personal data.

To this end, we always ensure that we maintain a fair balance between the need to process your personal data and the respect of your rights and freedoms, including the protection of your privacy.

Your personal data are processed for:

• Follow up on requests related to our services;
• The development of our know-how;
• Customisation and improve of our services and value proposition ;
• Commercial prospecting and prospect management (updating prospecting files, organising promotional operations, contacts for commercial purposes, etc.);
• The preparation of studies, models (risk, marketing and other) and statistics, using anonymisation and/or pseudonymisation techniques wherever possible;
• Preservation of security of property and persons, the fight against fraud or attempts at intrusion, abuse or other offences;
• Maintaining a list of people who no longer wish to be contacted;
• The training of our staff through the use of real-life situations for illustrative purposes (we try, as far as possible, to anonymize your personal data)
• The improvement of our existing services and experience of the website’s users;
• Managing your requests related to the application of your rights (including identifying you);
• The recognition, exercise, defense and preservation of our rights;
• Transfer your data to our processors or joint controllers, or even third parties.

C. Contract or preliminary measures

When you order a course, we process personal data for the execution of our contract (the pre-contractual phase is included in this legal basis for processing).

Generally speaking, we therefore process them to manage and maintain our customer relationship (invoicing, access to the website, customer management,...).

5. How long do we retain your personal data?

In general, we ensure not to keep your personal data beyond the time necessary for the purpose for which they were intended.

Specifically, there are two situations that need to be distinguished when determining how long we keep your data.

• You have never ordered a course on our platform, but you have contacted us for information about the platform or one of our products, or you have agreed to be informed of our news.

• We keep your personal data for 3 years from our last contact.

• You have ordered a course or a lesson.

• Then we have a contract. We then keep your personal data for a period of 10 years from the day of payment of your order.

At the end of the retention period, we will do our utmost to ensure that your personal data has been made unavailable and inaccessible.

Your rights under the GDPR

6. Access, withdrawal, rectification, erasure, portability, limitation and opposition

Your rights under the regulations allow you to keep control of what we do with your personal data.

A. Right to access and copy

This right to access data we possess about you applies to all the purposes we have mentioned above.

This right allows you to inquire in particular whether or not we process your personal data, for what purposes, the categories of data concerned and the recipients of your data.

You may also ask us for a copy of all the personal data we process that concerns you.

B. Right to withdrawal of consent

As soon as we process your personal data on the legal basis of consent, you can always withdraw your consent.

C. Right to rectification

You also have a right of rectification allowing you to ask us, at any time, to modify information that is inaccurate, incomplete or has become obsolete.

D. Right to erasure (to be forgotten)

You can obtain the deletion of your personal data when one of the following applies:

• The data is no longer necessary in regard to the intended purpose;
• You withdraw your consent to the processing of your data and we base this processing only on the legal basis of your consent;
• You object to the processing;
• We have processed your personal data unlawfully;
• In the event that the data we have is incomplete, inaccurate or obsolete;
• We must delete your personal data in order to comply with a legal obligation (under Union law or national law of the Member State) to which we are subjected.

E. Right to data portability

In the event that we process your personal data on the basis of a contract or your consent, you may ask us to transfer all your personal data to you or to transfer them to another controller.

F. Right to restriction of processing

In some cases, you may also ask us to limit the processing of your personal data. The situations in which you may ask us to limit the processing of your personal data are listed as follows:

• If you dispute the accuracy of a personal data for as long as we can verify the accuracy of such data;
• If we unlawfully process your personal data and you prefer that we limit this processing rather than the deletion of your personal data.

Without doubt, as soon as the processing restriction no longer applies, we will inform you before it is lifted.

G. Right to object

In the event the processing of data should be used for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for this purpose.

H. Automated individual decision-making including profiling

You will never be subject to a decision based solely on automated processing.

7. How to exercise your rights?

A. Identification

In order for us to be able to help you enforce your rights, we must verify that your request concerns your personal data.

B. When will we reply?

We commit ourselves to return to you as soon as possible and, at the latest, within one month of your request.

Nevertheless, we may have to extend this period to two months if your request is complex or we face an excess of requests. Should such a situation arise, we will inform you of the reasons for the delay.

General information

8. Transfer to third parties

In general, we only transfer your personal data to third parties in the following cases:

• Where we are required to do so by law. In this case we will transfer your personal data to public bodies or public authorities.
• We may transfer your personal data to third parties, joint-controllers or subcontractors such as our accountant, our lawyers or any person with whom we have a contract through which we supervise or organise the processing of such personal data.

We do not transfer your data outside the European Union.

9. Links to other websites

Our website contains links to other websites. The content of this information documentation only applies to our own website. It is up to you to consult the information about data protection on these websites.

10. Security

We shall, by all necessary technical and organisational means, guarantee a suitable security standard for the processing of your personal data. This standard, is determined on basis of risks occurred through the processing and the nature of the data to be protected.

We have put in place appropriate security measures, thus protecting your personal data from loss, theft, the misuse or alteration of the information received and the unauthorized disclosure or use of your personal data.

In the rare and unfortunate event where your personal data should be compromised due to a security breach, we commit ourselves to promptly act to identify the cause of the breach and take appropriate action.

If necessary, in accordance with the applicable law, we will inform you of this incident.

11. Claims and complaints

If you question any information described in this Policy, we recommend that you contact us directly to see how we can help you.

You can also file a complaint with the Data Protection Authority at the following address:

Belgian Data Protection Authority

Rue de la Presse 35

1000 Bruxelles

02 274 48 00

02 274 48 35

contact@apd-gba.be

If you are not a Belgian resident, it is possible to lodge a complaint with your Data Protection Authority, you can find their contact information here.

For further information on possible complaints and means of redress, we invite you to consult the website of the Data Protection Authority: https://www.autoriteprotectiondonnees.be.

In addition, you can always file a complaint with the Court of First Instance of Brussels.

12. How can you contact us?

For any further questions and/or complaints concerning the present policy, do not hesitate to contact us.

Mail : info@elearningfromscratch.com

Web : https://www.elearningfromscratch.com/

13. Amendments

We reserve all rights to amend at any time the provisions held in the present Policy. We shall publish the amendments directly on our website.

14. Relevant legislation and competent jurisdiction

This Policy is governed by Belgian law.

Any dispute relating to the interpretation or the execution of this Policy shall be governed by Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.

This version of the Policy is effective and has been updated as of 1 January 2020.