itslearning is committed to keeping our users’ personal data safe.
Here are a few things you need to know about how itslearning operates our products.
- We do not own, control or process our users’ data independently. All personal data is controlled by the institution the user is enrolled in. We do not decide the purpose or lawfulness of how user data is processed.
- We never hand out personal data to anyone including 3rd parties without written instruction from our customers. Users are advised to contact their institution if they have questions about their personal data.
- We do not sell or try to make money out of our users’ personal data. We do not build profiles using our users’ data for our own purposes.
- We delete personal data promptly when instructed by our customers.
- We and our customers are both responsible for keeping our users’ personal data safe. We employ physical, technical, and organizational measures as part of our security procedures. You can read about the security measures we take to keep our users’ data safe on the itslearning Security Measures Page.
- We never let our vendors process personal data unless it is approved by the customer. You can see a list of our sub-processors here. These sub-processors are legally bound to protect our users’ privacy in the same manner as we are.
- For our EU/EEA customers, we take strict measures to ensure that we are compliant with GDPR. We never process our users’ personal data outside the EU/EEA. We take proactive measures to ensure our customers are GDPR compliant. For more information, visit our customer GDPR information page.
- In case of a data breach that could affect our customers, we will always inform our customers about this as soon as we become aware of it.
- Our users might have a right to be informed in detail about what their personal data is used for and what their legal rights are. Users are advised to contact the institution that they are enrolled in or working for to find out more about this.
The relationship between itslearning and our customers is always based on a legal contract. To see an example of how we make legal arrangements for processing our users’ personal data, you can take a look at our data processor agreement.