SIPsense / Legal
Terms & conditions of the Calibrae Virtual Learning Environment
On this page, we define the Terms & Conditions of using the Calibrae Platform, our Platform License Plans, our Security Policy and our Privacy Policy, including a detailed look at how we use your data.
-
Terms & Conditions
-
Platform License Plans
-
Security Policy
-
Cookie Policy
-
Service Level Agreement
-
Privacy Policy - Knowing your data and what we do with it
-
Data Governance - how we manage it
-
Data Protection Officer
-
Data Protection Impact Assessments
-
Data incidents and how they will be handled
-
Data retention - what happens to your data if you close your account
-
GDPR training for Calibrae staff
-
Calibrae data breach risk assessment
-
DSARs - how to request access to your data and how we handle such requests
-
Correcting errors in your data, and how to make a correction
-
Data erasure - how to request it and what we do
Terms & Conditions
1. Acceptance of our Terms
By visiting this website, viewing, accessing or otherwise using any of the services or information created, collected, compiled or submitted to this site, you agree to be bound by the following Terms and Conditions of Service. If you do not want to be bound by our Terms your only option is not to visit, view or otherwise use the services of this site. You understand, agree and acknowledge that these Terms constitute a legally binding agreement between you and this site and that your use of this site shall indicate your conclusive acceptance of this agreement.
2. Provision of Services
You agree and acknowledge that this site is entitled to modify, improve or discontinue any of its services at its sole discretion and without notice to you even if it may result in you being prevented from accessing any information contained in it. Furthermore, you agree and acknowledge that this site is entitled to provide services to you through subsidiaries or affiliated entities.
3. Proprietary Rights
You acknowledge and agree that this site may contain proprietary and confidential information including trademarks, service marks and patents protected by intellectual property laws and international intellectual property treaties. Our content may not be sold, reproduced, or distributed without our written permission. Any third-party trademarks, service marks and logos are the property of their respective owners. Any further rights not specifically granted herein are reserved.
4. Termination of Agreement
The Terms of this agreement will continue to apply in perpetuity until terminated by either party without notice at any time for any reason. Terms that are to continue in perpetuity shall be unaffected by the termination of this agreement.
5. Disclaimer of Warranties
You understand and agree that your use of this site is entirely at your own risk and that our services are provided "As Is" and "As Available". Except where specifically provided in contract, this site does not make any express or implied warranties, endorsements or representations whatsoever as to the operation of this site website, information, content, materials, or products. This shall include, but not be limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement, and warranties that access to or use of the service will be uninterrupted or error-free or that defects in the service will be corrected.
6. Limitation of Liability
You understand and agree that this site, Calibrae Learning Ltd and any of its subsidiaries or affiliates shall in no event be liable for any direct, indirect, incidental, consequential, or exemplary damages. This shall include, but not be limited to damages for loss of profits, business interruption, business reputation or goodwill, loss of programs or information or other intangible loss arising out of the use of or the inability to use the service, or information, or any permanent or temporary cessation of such service or access to information, or the deletion or corruption of any content or information, or the failure to store any content or information. The above limitation shall apply whether or not this site has been advised of or should have been aware of the possibility of such damages. In jurisdictions where the exclusion or limitation of liability for consequential or incidental damages is not allowed the liability of this site is limited to the greatest extent permitted by law.
7. External Content
This site may include hyperlinks to third-party content, advertising or websites. You acknowledge and agree that this site is not responsible for and does not endorse any advertising, products or resource available from such resources or websites.
8. Jurisdiction
You expressly understand and agree to submit to the personal and exclusive jurisdiction of the courts of the country, state, province or territory determined solely by this site to resolve any legal matter arising from this agreement or related to your use of this site. If the court of law having jurisdiction, rules that any provision of the agreement is invalid, then that provision will be removed from the Terms and the remaining Terms will continue to be valid.
9. Changes to the Terms
This site reserves the right to modify these Terms from time to time at our sole discretion and without any notice. Changes to our Terms become effective on the date they are posted and your continued use of this site after any changes to Terms will signify your agreement to be bound by them.
10. Sharing of sign-in credentials
You understand and agree that each user in your organization and in your customer organizations who access your site must do so with their own unique sign-in credentials. Sharing sign-in credentials between multiple users is in breach of the terms & conditions of this platform and is forbidden.
11. Software Licenses
This site utilizes software permitted by the licenses under which they are released. Such licenses include but are not limited to:
12. Site Payment Cancellation
Payment arrangements for a Calibrae site can be canceled at any time. Payment arrangements can be canceled by the site administrator from the site admin page or by request to Calibrae support (contact@calibrae.zendesk.com). The action of canceling payment reverts the site to the free trial arrangement where full site features will still be available but limited to 3 active users per month. To re-enable more than 3 active users, a site can re-enter card details at any time. Canceling payment does not affect account, user or course data associated with the site. At the point of cancellation, a payment will be taken for the number of active users who have accessed the site during the current billing period, prorated according to the position in the billing cycle. Prepaid credit is non-refundable, but will remain in the site's prepay account and be available should the payment arrangement be reactivated.
13. Site Termination policy
Calibrae sites can be terminated at any time. A site can be terminated by the site administrator by request to Calibrae support (contact@calibrae.zendesk.com). Once terminated, a site will no longer be available to any site user including site administrators, team members or site customers. No site termination notification will be sent to site users. At the point of termination, a final payment will be taken for the number of active users who have accessed the site during the current billing period, prorated according to the position in the billing cycle. Prepaid credit is non-refundable.
14. Learner questions, answers & comments
Learners who post questions, answers and comments accept that their questions, answers, and comments will be visible to other learners in the learner community.
15. Display of learner points and badges
Learners accept that their earned points and badges will be displayed to other learners within the learner community.
16. FullStory Session Recording
Calibrae uses a third party support tool provided by FullStory to record the user experience through our website, enabling our support team to 'replay' a user journey and identify problems. Only user journies through the Calibrae site are recorded. By using the site you agree to your user journey being recorded for support purposes.
17. Site-level terms and conditions
Calibrae provides tools for each of its customer sites to publish its own terms and conditions. Calibrae is in no way responsible or liable for any terms or conditions defined by its customers.
18. Entire Agreement
You understand and agree that the above Terms constitute the entire general agreement between you and this site. You may be subject to additional Terms and conditions when you use, purchase or access other services, affiliate services or third-party content or material.
Platform License Plans
The Calibrae platform offers a number of license plans to cater for a range of customer-site needs. The following defines the terms and conditions for each plan. (See our Pricing page for actual prices.)
1. Starter Plan
The Starter Plan is a free, no-obligation plan that enables potential customers to fully explore the Calibrae platform in order to assess suitability. The Starter Plan has full access to all of the platform's tools, with the exception of the ability to sell courses. The number of permitted site users is 3.
2. All-inclusive Plan
The All-inclusive Plan is designed for organisations that want unlimited access to unlimited courses for a given number of users - Eg all employees; all customers; everyone in the sales team, etc. The All-inclusive Plan has a fixed annual fee, payable at the beginning of the annual billing period, based on the number of required users. For example, an organisation with 5000 employees has 38 courses that they wish to be available to all of its employees at any point in time, with the certainty of a fixed cost. All 5000 employees have access to unlimited courses at any point in time and as frequently as they wish during the annual billing period.
When All-inclusive plan sites sell courses, all course-sales revenue goes directly to the site. Calibrae does not take any portion of such course-sales revenue. The number of agreed users will include anticipated users to whom courses are sold.
If the actual number of users accessing the site exceeds the agreed number, Calibrae will permit access to those additional users. If the actual number of users regularly exceeds the agreed number (ie over 2 consecutive months or more), Calibrae will make contact to discuss formally increasing the agreed number of users on a pro-rate basis.
3. Revenue Share Plan
The Revenue Share Plan is designed for organisations whose prime objective is to sell courses, and who want zero risk and zero upfront costs. At the point of sale, Calibrae takes an agreed percentage revenue share. For example, a Revenue Share site may sell a course for £100. With an agreed rate of 15%, at point of sale, the site receives an £85 share and Calibrae receives a £15 share.
Fair Usage
Calibrae recognises scope for the Revenue Share plan to be miss-used by setting course fees at £0, but subsequently charging users outside of the platform and effectively avoiding platform charges (15% of £0.00 is £0.00!). Calibrae customers who choose the Revenue Share plan agree to be fair in their use of the plan and to share 15% of the generated course revenue. They also understand that it is not intended as a means to deliver zero-cost training. Calibrae monitors the usage of Revenue Share plan license sales and reserves the right to close sites it deems to be miss-using the plan.
Security Policy
We are committed to securing your personal information, and enforce a strong privacy and security governance operational model.
-
We never store plaintext passwords. In accordance with best security practices, all password and security tokens are stored as salted-hashes with strong encryption.
-
All data is protected in transit using strong 256-bit encryption.
-
Data is persisted to non-public facing servers and protected with policies and appropriate security measures.
-
We never store any credit card numbers.
-
All payment transactions are handled through stripe (https://stripe.com) - certified PCI Service Provider level 1. See https://stripe.com/docs/security/stripe for more information
-
Security policies and standards are reviewed at least annually, including an assessment of relevance and adherance. Security policies are updated as required.
Cookie Policy
This Cookie Policy explains how Calibrae Learning Ltd ("Company", "we", "us", and "our") uses cookies and similar technologies to recognize you when you visit our websites hosted at https://calibrae.com, ("Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.
In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner (in this case, Calibrae Learning Ltd) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
Why do we use cookies?
We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to enhance the experience of users on our website by providing real-time chat and enhanced support troubleshooting. Training providers and customers using calibrae.com to host their training portals may add additional third-party cookies to their training portal. The use of such added third-party cookies is at the descretion of parties using the calibrae.com platform to host their training content, and they are solely responsible for the disclosure and appropriate legal compliance associated with the use of such cookies; Calibrae.com is not responsible and cannot be held liable for their use. See the appropriate cookie / privacy policy associated with the training portal concerned.
The specific types of first and third party cookies served through our Websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):
Advertising?
Calibrae.com does not use any cookies for the purposes of delivering advertisements - targetted or otherwise.
How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences via your browser's cookie manager. Some cookies are essential for the function of the Calibrae.com training platform. Disabling these essential cookies will interfere with the services provided by the platform. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com. Note - Calibrae.com does not use any cookies for the purposes of delivering any advertisements.
The specific types of first and third party cookies served through our Websites and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):
Cookie details |
Essential * These may not be disabled without impacting service
calibrae_session Maintains user login data and HTTP Session.
remember_[id] Maintains logged in state
|
Support * Disabling these will not affect service
TawkConnectionTime TawkCookie Tawk_[id] __tawkuuid ss tawkUUID This collection of cookies is used by the TawkTo service which provides real-time chat support for site administrators. See: https://www.tawk.to/privacy-policy.
fs_uid Enables enhanced support and analytics. See: https://www.fullstory.com/legal/privacy.
__hstc hubspotuk Enables customer support CRM integration with Hubspot. See: https://legal.hubspot.com/cookie-policy.
|
Analytics * Disabling these will not affect service _ga 1P_JAR NID __Secure-3PAPISID __Secure-3PSID __Secure-APISID __Secure-HSID __Secure-SSID Used by Google Recaptcha service to provide protection against bot site interference. See: https://policies.google.com/privacy.
|
Where can I get further information?
If you have any questions about our use of cookies or other technologies, please email us at contact@calibrae.zendesk.com or by post to:
Calibrae Learning Ltd
New Station House, Gwaun Cae Gurwen
Ammanford, Wales
SA18 1DY
United Kingdom
Service Level Agreement
Support level |
Function |
Support provision |
Expected response times |
---|---|---|---|
Tier 1 |
Basic help desk resolution and service desk delivery |
Support for basic customer usage problems, including:
If no solution is available, tier 1 personnel escalate incidents to a higher tier. |
Tier 1 support requests will typically receive an initial response within 24 hours and should be resolved or escalated within 48 hours, Monday to Friday. |
Tier 2 |
In-depth technical support |
Experienced and knowledgeable technicians assess issues and provide solutions for problems that cannot be handled by tier 1, including support to:
Mode of Tier 2 support will be through:
If no solution is available, tier 2 support escalates the incident to Calibrae tier 3. Escalations will be formally raised through Calibrae's support portal (support@calibrae.zendesk.com) and will contain full documentation of the issue, including documented steps through which the issue can be replicated. |
Support requests escalated to tier 2 will be resolved or escalated within 24 hours of escalation from tier 1, Monday to Friday. |
Tier 3 |
Expert product and service support |
Tier 3 support will resolve all non-tier 1 & 2 issues. Complex technical enquiries can be escalated to tier 3 for resolution. Service affecting incidents such as outages, technical problems, security incidents or other critical issues are automatically classified as tier 3 incidents. The rapid resolution of these problems is a top priority. |
Calibrae aims to respond within 24 hours of escalation, Monday to Friday |
Privacy Policy
Last updated 17 July 2018, in line with GDPR requirements.
Maintaining your privacy is very important to us. You trust us with your data. Its a responsibility we take very seriously.
In brief, at Calibrae we capture and store only the data we need to provide an excellent cloud-based training platform service that allows our site-customers to build and deliver great training, and our site's account-customers to consume great training and manage the training of their teams. As a platform, we do not sell your data or use it for non-related marketing purposes. Our customer sites may have a different policy, so, if you are a customer of a site, be sure to check the site-level policies in the adjacent tab above. Calibrae is not responsible or liable for site-level use of data and/or site-level privacy policies.
We also use your data to comply with any legal obligations to which we are subject.
Google Analytics
When someone visits calibrae.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.
FullStory
Calibrae uses a third party analytics/support service provided by FullStory to record the user experience through our website. This enables our support team to 'replay' a broken user journey through our site and identify problems.
FullStory uses first-party cookies to maintain a user session across multiple pages only on our website. It uses standard facilities of HTML5 browsers to store data on your computer across visits to our website. It may also use local storage as a temporary holding area for user events, which are subsequently read and transmitted to complete previously recorded sessions. The gathered information may in the aggregate identify a user unless the user turns off cookies.
Access to your personal information
Practically all of your information is accessible by you directly through the website. The following section shows exactly what data we keep and how it is accessed. For any further requirements, email your request to getintouch@calibrae.com, and we will process your request within 30 days.
Your data - what we do with and why
The Calibrae platform holds data about the learner, the account/organization to which the learner belongs - both typically customers of a site hosted on the Calibrae platform - and the Site that publishes training. The following sections provide detailed descriptions of:
- the data we hold,
- why and how we use it,
- the legal basis we feel justifies our use of other's data,
- who has access to the data, including what type of access, and
- what we will do on a 'request to be forgotten'.
User-level data (the learner)
Account-level data (the organisation to which the learner belongs)
Site-level data (the training provider)
User-level data (the learner)
Learner login history, including IP addresses used
What do we do with it & why? Displayed to Account managers for audit purposes to track the work effort of the user over time. Also displayed to Site administrators as a means to check for and prevent license sharing by users.
Lawful basis & justification? Legitimate interests. Account managers want to track the work effort of the team Site administrators need to check for and prevent license sharing.
Your access? Viewable by the learner. Not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Questions posed by learner regarding a concept being taught
What do we do with it & why? Displayed to other users in the community to solicit answers from community members.
Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.
Your access? Viewable & deletable by the learner. Other's access? Viewable by other learners, and viewable & deletable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will anonymize this data so that it has no link to the learner.
Your answers to other's questions
What do we do with it & why? Displayed to other learners in the community to extend learning & understanding.
Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.
Your access? Viewable & deletable by the learner. Other's access? Viewable & deletable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will anonymize this data so that it has no link to the learner.
Your comments posted regarding a concept being taught
What do we do with it & why? Displayed to other users in the community to extend learning & understanding.
Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.
Your access? Viewable & deletable by the learner. Other's access? Viewable & deletable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will anonymize this data so that it has no link to the learner.
Study data. time spent in course, points & badges awarded
What do we do with it & why? Gamification. Displayed to the learner and account admin to motivate the learner to more fully engage.
Lawful basis & justification? Legitimate interests. Enables the learner and management to judge engagement.
Your access? Viewable by the learner. Not editable. Other's access? Viewable by other learners in the community, and account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Exercise response data. correct/incorrect, number of attempts, average time, score
What do we do with it & why? Enables the learner and management to judge learner progress.
Lawful basis & justification? Legitimate interests. Enables the learner and management to judge learner progress.
Your access? Viewable by learner. Not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Learner's assignment responses & instructor assessment
What do we do with it & why? Enables course author to make a subjective assessment of the learner's understanding of a concept.
Lawful basis & justification? Legitimate interests. Enables the learner and management to judge learner progress.
Your access? Viewable by the learner. Not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Email addresses
What do we do with it & why? Used to email the learner regarding:
- new course enrollments
- course change updates
- notifications of marked assignment submissions
- notifications of test/exam results
- course completion
- password resets
- etc.
Calibrae does not use stored email addresses for general marketing purposes.
Lawful basis & justification? Legitimate interests. Enables the system to keep the learner updated with important information.
Your access? Viewable and auditable by the learner. Other's access? Viewable and editable by account, site & platform administrators. Sent to Stripe when credit card payment is made by user. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Copies of emails sent
What do we do with it & why? We keep copies of sent emails for audit, troubleshooting and dispute purposes. Having access to sent emails enables support to determine exactly what has been communicated to the learner.
Lawful basis & justification? Legitimate interests. Enables support to troubleshoot communication issues.
Your access? Viewable by the learner. Emails sent to learners are not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Location: country & city (optional)
What do we do with it & why? Displayed to site administrators to provide awareness of where learners are located around the world.
Lawful basis & justification? Legitimate interests. Enables site administrators to tailor course content based on geographical needs.
Your access? Optional. Viewable & editable by the learner. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data.
League table preference. Be included in league table (default: opted out)
What do we do with it & why? Determine whether or not to list the learner in a public facing performance league table.
Lawful basis & justification? Legitimate interests. It is in the interest of learners to have the option of being included in a public facing league table to publicly demonstrate their ability.
Your access? Viewable & editable by account/site/platform admin and user. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Certification data in public registry (default: opted out)
What do we do with it & why? Enables interested 3rd parties to view/validate certification details of an opted-in learner.
Lawful basis & justification? Legitimate interests. It is in the interest of the user to have the option to opt-in in order that interested 3rd parties can validate their credentials online.
Your access? Viewable by the learner. The learner can change the opted setting. Certification data is not editable. Other's access? If opted in, certification data is viewable by any interested party from the internet.
On 'request to be forgotten'? We will permanently delete this data.
Position & Group in company (optional)
What do we do with it & why? Displayed to others in the community to indicate role/level of experience
Lawful basis & justification? Legitimate interests. It is in the interest of learners to let others know of their role/level of experience.
Your access? Viewable and editable by the learner. The learner also has control over whether or not this data is displayed to others in the community. Other's access? If opted in, position and group data is viewable by other learners in the community. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Course licensing & invoice data relating to course enrollments
What do we do with it & why? Allow/deny access to courses by individual learners.
Lawful basis & justification? Legitimate interests. Learners accept the system needs to keep licensing data in order to allow/deny access to courses.
Your access? Viewable by the learner. Not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
History of reported platform issues
What do we do with it & why? Enables platform support to track & respond to platform level issues
Lawful basis & justification? Legitimate interests. It is in the interest of learners to report bugs so that they can be addressed.
Your access? Viewable by the learner. Not editable. Other's access? Viewable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete then anonymize this data.
Live class enrollment schedule/history
What do we do with it & why? Displayed to the learner and live class instructor so that both parties have ready access to their scheduled classes.
Lawful basis & justification? Legitimate interests. It is in the interest of learners to know which live classes they are scheduled to attend.
Your access? Viewable & editable by the learner. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete then anonymize this data.
Account-level data
Company name
What do we do with it & why? Displayed on invoices, for audit
Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company name.
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Tax details on purchases (VAT, etc). Includes self-declared tax liability, registered tax number & country of registration. Entered at time of course purchase.
What do we do with it & why? Determines if any tax should be charged in addition to the course fee
Lawful basis & justification? Legitimate interests. Useful when arbitrating possible disputes over tax liabilities
Your access? Viewable through the site, but not editable. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Phone number (A phone number for an account is optional)
What do we do with it & why? Used by platform and site administrators to call account administrators regarding course/user issues
Lawful basis & justification? Legitimate interests. In the interest of both parties to quickly solve issues.
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Address (An address for an account is optional)
What do we do with it & why? Displayed on invoices, for audit
Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company address.
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Community preferences (scope of community, hide/show user-ID in posts, hide/show awards, etc)
What do we do with it & why? Allows accounts to choose how its users interact with the broader community.
Lawful basis & justification? Legitimate interests. Gives power/choice to the account regarding how it wishes its learners to interact with the broader community.
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
List of users in the account
What do we do with it & why? Allows accounts to manage their learners.
Lawful basis & justification? Legitimate interests. Gives power/self-sufficiency to the account to manage their own learners at the individual level.
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
List of groups in the account, each with users that belong to the group
What do we do with it & why? Allows accounts to manage learners by group.
Lawful basis & justification? Legitimate interests. Gives power/self-sufficiency to the account to manage their own learners at the group level
Your access? Viewable & editable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Course licensing & invoice data for course enrollments
What do we do with it & why? Allow/deny access to courses by individual users from a customer account
Lawful basis & justification? Legitimate interests. Accounts accept the system needs to keep licensing data in order to allow/deny access to courses
Your access? Viewable by the account administrator. Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Campaign Metrics Users within an account are invited to take a quiz to determine how much they know on the subject.
What do we do with it & why? Used by account management to survey existing knowledge of the team.
Lawful basis & justification? Legitimate interests. It is in the interest of accounts to have an understanding of the existing knowledge of the team.
Your access? Viewable by the account administrator. Quiz results also viewable by the user via email notification Other's access? Viewable by site & platform administrators. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Site-level data
Stripe key
What do we do with it & why? Sent to Stripe by the platform when the site receives payment for a course license.
Lawful basis & justification? Legitimate interests. It is in the interest of the site for the platform to facilitate payment by site's customers for courses.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Company details, inc address, phone, Company num, VAT num
What do we do with it & why? Displayed on invoices, for audit.
Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company details.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Bank details: bank name, sort code, account number. Also includes site's payment terms offered to the site's customers
What do we do with it & why? Displayed on invoices, and used for audit
Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the bank payment details.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Managed domain - site URL
What do we do with it & why? The managed domain is the web address through which site users access the site and its content.
Lawful basis & justification? Legitimate interests. It is in the interest of both site and learner to have a published web address through which the site can be accessed.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Course content: lessons, exercises, exams, classes, downloads, exams, etc
What do we do with it & why? Course content is displayed to licensed users for purposes of teaching, learning and assessing learning.
Lawful basis & justification? Legitimate interests. It is in the interest of both site and learner to have published course content through which teaching, learning, and assessment can take place.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Course admin: price plans, discounts, stats
What do we do with it & why? Displayed to accounts and users so they know how much course licenses will cost. Displayed in invoices.
Lawful basis & justification? Legitimate interests. It is in the interest of both site, account and learner to know the cost of course licenses
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Chargeable tax data (VAT, Sales Tax, etc)
What do we do with it & why? Displayed to accounts and users so they know how much tax will be charged. Displayed in invoices.
Lawful basis & justification? Legitimate interests. It is in the interest of both site, account and learner to know how much tax is charged.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Branding: company logo, messaging for home-page, etc
What do we do with it & why? Displayed to users as they use the site to give branding to the user experience.
Lawful basis & justification? Legitimate interests. It is in the interest of both site and user to have a branded training experience.
Your access? Viewable & editable by the site administrator. Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will permanently delete this data.
Invoices from platform, including active-user history
What do we do with it & why? Displayed to site admins for audit purposes.
Lawful basis & justification? Legitimate interests. It is in the interest of both site and platform to have an audit trail of platform-level invoices, including active-user history.
Your access? Viewable by the site administrator. Other's access? Viewable by the platform administrator. Not shared with anyone else.
On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.
Sales & invoice data of site sales to their customer accounts
Data Governance - how we manage it
At Calibrae, we are serious about protecting data and privacy. We have a nominated director who is responsible to the CEO and Calibrae Board for the management and protection of personal data.
Data Protection Officer
Our CTO is designated as the Data Protection Officer. To contact the DPO email dpo@calibrae.com.
Data Protection Impact Assessments
Part of our process to secure data is to hold periodic Data Protection Impact Assessments - something we do at least on a 3 year cycle. Conducting DPIAs is the responsibility of our DPO. Calibrae directors then have shared responsibility to ensure that any issues identified in the DPIA are prioritised, addressed and rectified.
Data incidents and how they will be handled
Any data breach, whether suspected or actual, is reported to DPO upon discovery of the breach. The DPO will work with all/any relevant parties to investigate the report, and if confirmed:
- do all necessary to contain the breach
- determine the full particulars of it
- work out what needs to be done to resolve and remedy the situation properly
- establishing who needs to be notified, including, potentially the police if equipment or records have been stolen
- notify the identified parties within 72 hours
The DPO will then conduct a more thorough investigation and assessment of the breach to determine the scale of the breach, including:
- the scale of severity - the type of data released, the size of the compromised data set and the number of people affected, and whether or not the data has been released outside of the company
- who will be affected by the breach and to what degree
- how much data is involved
- how many data subjects will be affected
- the consequences of the breach
- etc.
The DPO will also determine if the Information Commissioner’s Office needs to be informed, as well as informing the individual data subjects whose data is involved in the breach. All decisions made are documented, along with the reasoning.
Once the breach itself is resolved and all necessary parties notified, the DPO will document which steps should be taken to prevent similar breaches from occurring in the future. Existing practices, procedures, and measures will be critically evaluated, and changes and improvements implemented.
Data retention - what happens to your data if you close your account
In the Privacy Policy section of this document, we outline which of 4 possible actions we will take regarding different types of data when a request is made for the data to be forgotten:
- permanently delete the data,
- soft delete the data,
- soft delete the data, keeping it in archive solely for audit purposes, or
- soft delete then anonymize the data.
Upon formal closure of your account, we will apply the defined actions to your data as described in each data type above.
GDPR training for Calibrae staff
All Calibrae staff are required to compete training to help them better understand how to keep data secure and identify attempts to breach our security measures. It also helps them better understand their responsibilities and the consequence of any breach.
Staff are required to refresh their training every two years.
Calibrae data breach risk assessment
Our DPO conducts periodic risk assessments relating to the protection of personal data. The assessment process includes:
- creating an action plan to control/mitigate any discovered risks
- prioritisation of tasks on the plan, depending on severity
- a review process to follow up on actions/controls/mitigations
- reporting any issues to senior management
DSARs - how to request access to your data and how we handle such requests
As stated above, practically all of your information is accessible by you directly through the Calibrae user interface, enabling you to view your own data. For any further data access requirements, email your requirements to getintouch@calibrae.com, and we will process your request within 30 days.
Correcting errors in your data, and how to make a correction
As stated above, practically all of your information is accessible and editable by you directly through the user interface, enabling you to update your own data. For any further change requirements, email your requirements to getintouch@calibrae.com, and we will process your request within 30 days.
Data erasure - how to request it and what we do
Our process for erasing your data, and what that means, is defined above in section Data Retention - what happens to data if you close your account. To request erasure of your data, send an email with your requirements to getintouch@calibrae.com, and we will process your request within 30 days.