Terms & conditions of the Calibrae Virtual Learning Environment

On this page, we define the Terms & Conditions of using the Calibrae Platform, our Platform License Plans, our Security Policy and our Privacy Policy, including a detailed look at how we use your data.

 

• Terms & Conditions

• Platform License Plans

• Security Policy

• Cookie Policy

• Service Level Agreement

• Privacy Policy - Knowing your data and what we do with it

• Data Governance - how we manage it

• Data Protection Officer

• Data Protection Impact Assessments

• Data incidents and how they will be handled

• Data retention - what happens to your data if you close your account

• GDPR training for Calibrae staff

• Calibrae data breach risk assessment

• DSARs - how to request access to your data and how we handle such requests

• Correcting errors in your data, and how to make a correction

• Data erasure - how to request it and what we do

 

Terms & Conditions

1. Acceptance of our Terms

By visiting this website, viewing, accessing or otherwise using any of the services or information created, collected, compiled or submitted to this site, you agree to be bound by the following Terms and Conditions of Service. If you do not want to be bound by our Terms your only option is not to visit, view or otherwise use the services of this site. You understand, agree and acknowledge that these Terms constitute a legally binding agreement between you and this site and that your use of this site shall indicate your conclusive acceptance of this agreement.

2. Provision of Services

You agree and acknowledge that this site is entitled to modify, improve or discontinue any of its services at its sole discretion and without notice to you even if it may result in you being prevented from accessing any information contained in it. Furthermore, you agree and acknowledge that this site is entitled to provide services to you through subsidiaries or affiliated entities.

3. Proprietary Rights

You acknowledge and agree that this site may contain proprietary and confidential information including trademarks, service marks and patents protected by intellectual property laws and international intellectual property treaties. Our content may not be sold, reproduced, or distributed without our written permission. Any third-party trademarks, service marks and logos are the property of their respective owners. Any further rights not specifically granted herein are reserved.

4. Termination of Agreement

The Terms of this agreement will continue to apply in perpetuity until terminated by either party without notice at any time for any reason. Terms that are to continue in perpetuity shall be unaffected by the termination of this agreement.

5. Disclaimer of Warranties

You understand and agree that your use of this site is entirely at your own risk and that our services are provided "As Is" and "As Available". Except where specifically provided in contract, this site does not make any express or implied warranties, endorsements or representations whatsoever as to the operation of this site website, information, content, materials, or products. This shall include, but not be limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement, and warranties that access to or use of the service will be uninterrupted or error-free or that defects in the service will be corrected.

6. Limitation of Liability

You understand and agree that this site, Calibrae Learning Ltd and any of its subsidiaries or affiliates shall in no event be liable for any direct, indirect, incidental, consequential, or exemplary damages. This shall include, but not be limited to damages for loss of profits, business interruption, business reputation or goodwill, loss of programs or information or other intangible loss arising out of the use of or the inability to use the service, or information, or any permanent or temporary cessation of such service or access to information, or the deletion or corruption of any content or information, or the failure to store any content or information. The above limitation shall apply whether or not this site has been advised of or should have been aware of the possibility of such damages. In jurisdictions where the exclusion or limitation of liability for consequential or incidental damages is not allowed the liability of this site is limited to the greatest extent permitted by law.

7. External Content

This site may include hyperlinks to third-party content, advertising or websites. You acknowledge and agree that this site is not responsible for and does not endorse any advertising, products or resource available from such resources or websites.

8. Jurisdiction

You expressly understand and agree to submit to the personal and exclusive jurisdiction of the courts of the country, state, province or territory determined solely by this site to resolve any legal matter arising from this agreement or related to your use of this site. If the court of law having jurisdiction, rules that any provision of the agreement is invalid, then that provision will be removed from the Terms and the remaining Terms will continue to be valid.

9. Changes to the Terms

This site reserves the right to modify these Terms from time to time at our sole discretion and without any notice. Changes to our Terms become effective on the date they are posted and your continued use of this site after any changes to Terms will signify your agreement to be bound by them.

10. Sharing of sign-in credentials

You understand and agree that each user in your organization and in your customer organizations who access your site must do so with their own unique sign-in credentials. Sharing sign-in credentials between multiple users is in breach of the terms & conditions of this platform and is forbidden.

11. Software Licenses

This site utilizes software permitted by the licenses under which they are released. Such licenses include but are not limited to:

• MIT License

12. Site Payment Cancellation

Payment arrangements for a Calibrae site can be canceled at any time. Payment arrangements can be canceled by the site administrator from the site admin page or by request to Calibrae support (contact@calibrae.zendesk.com). The action of canceling payment reverts the site to the free trial arrangement where full site features will still be available but limited to 3 active users per month. To re-enable more than 3 active users, a site can re-enter card details at any time. Canceling payment does not affect account, user or course data associated with the site. At the point of cancellation, a payment will be taken for the number of active users who have accessed the site during the current billing period, prorated according to the position in the billing cycle. Prepaid credit is non-refundable, but will remain in the site's prepay account and be available should the payment arrangement be reactivated.

13. Site Termination policy

Calibrae sites can be terminated at any time. A site can be terminated by the site administrator by request to Calibrae support  (contact@calibrae.zendesk.com). Once terminated, a site will no longer be available to any site user including site administrators, team members or site customers. No site termination notification will be sent to site users. At the point of termination, a final payment will be taken for the number of active users who have accessed the site during the current billing period, prorated according to the position in the billing cycle. Prepaid credit is non-refundable.

14. Learner questions, answers & comments

Learners who post questions, answers and comments accept that their questions, answers, and comments will be visible to other learners in the learner community.

15. Display of learner points and badges

Learners accept that their earned points and badges will be displayed to other learners within the learner community.

16. Session Recording

Calibrae uses third party support tools to enable customer support services on the site. We use Microsoft Clarity, Microsoft Advertising and FullStory to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization and fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. By using the site you agree to your user activity being recorded for support purposes.

17. Site-level terms and conditions

Calibrae provides tools for each of its customer sites to publish its own terms and conditions. Calibrae is in no way responsible or liable for any terms or conditions defined by its customers.

18. Entire Agreement

You understand and agree that the above Terms constitute the entire general agreement between you and this site. You may be subject to additional Terms and conditions when you use, purchase or access other services, affiliate services or third-party content or material.

 

Back to top

 

Platform License Plans

The Calibrae platform offers a number of license plans to cater for a range of customer-site needs. The following defines the terms and conditions for each plan. (See our Pricing page for actual prices.)

1. Starter Plan

The Starter Plan is a free, no-obligation plan that enables potential customers to fully explore the Calibrae platform in order to assess suitability. The Starter Plan has full access to all of the platform's tools, with the exception of the ability to sell courses. The number of permitted site users is 3.

2. All-inclusive Plan

The All-inclusive Plan is designed for organisations that want unlimited access to unlimited courses for a given number of users - Eg all employees; all customers; everyone in the sales team, etc. The All-inclusive Plan has a fixed annual fee, payable at the beginning of the annual billing period, based on the number of required users. For example, an organisation with 5000 employees has 38 courses that they wish to be available to all of its employees at any point in time, with the certainty of a fixed cost. All 5000 employees have access to unlimited courses at any point in time and as frequently as they wish during the annual billing period. 

When All-inclusive plan sites sell courses, all course-sales revenue goes directly to the site. Calibrae does not take any portion of such course-sales revenue. The number of agreed users will include anticipated users to whom courses are sold.

If the actual number of users accessing the site exceeds the agreed number, Calibrae will permit access to those additional users. If the actual number of users regularly exceeds the agreed number (ie over 2 consecutive months or more), Calibrae will make contact to discuss formally increasing the agreed number of users on a pro-rate basis.

3. Revenue Share Plan

The Revenue Share Plan is designed for organisations whose prime objective is to sell courses, and who want zero risk and zero upfront costs. At the point of sale, Calibrae takes an agreed percentage revenue share. For example, a Revenue Share site may sell a course for £100. With an agreed rate of 15%, at point of sale, the site receives an £85 share and Calibrae receives a £15 share.

Fair Usage

Calibrae recognises scope for the Revenue Share plan to be miss-used by setting course fees at £0, but subsequently charging users outside of the platform and effectively avoiding platform charges (15% of £0.00 is £0.00!). Calibrae customers who choose the Revenue Share plan agree to be fair in their use of the plan and to share 15% of the generated course revenue. They also understand that it is not intended as a means to deliver zero-cost training. Calibrae monitors the usage of Revenue Share plan license sales and reserves the right to close sites it deems to be miss-using the plan.

---

 

Security Policy

We are committed to securing your personal information, and enforce a strong privacy and security governance operational model.

• We never store plaintext passwords. In accordance with best security practices, all password and security tokens are stored as salted-hashes with strong encryption.

• All data is protected in transit using strong 256-bit encryption.

• Data is persisted to non-public facing servers and protected with policies and appropriate security measures.

• We never store any credit card numbers.

• All payment transactions are handled through stripe (https://stripe.com) - certified PCI Service Provider level 1. See https://stripe.com/docs/security/stripe for more information

• Security policies and standards are reviewed at least annually, including an assessment of relevance and adherance. Security policies are updated as required.

Back to top

 

---

Cookie Policy

This Cookie Policy explains how Calibrae Learning Ltd ("Company", "we", "us", and "our") uses cookies and similar technologies to recognize you when you visit our websites hosted at https://calibrae.com, ("Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

 

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, Calibrae Learning Ltd) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

 

Why do we use cookies?

We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to enhance the experience of users on our website by providing real-time chat and enhanced support troubleshooting. Training providers and customers using calibrae.com to host their training portals may add additional third-party cookies to their training portal. The use of such added third-party cookies is at the descretion of parties using the calibrae.com platform to host their training content, and they are solely responsible for the disclosure and appropriate legal compliance associated with the use of such cookies; Calibrae.com is not responsible and cannot be held liable for their use. See the appropriate cookie / privacy policy associated with the training portal concerned.

The specific types of first and third party cookies served through our Websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

 

Advertising?

Calibrae.com does not use any cookies for the purposes of delivering advertisements - targetted or otherwise.

 

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences via your browser's cookie manager. Some cookies are essential for the function of the Calibrae.com training platform. Disabling these essential cookies will interfere with the services provided by the platform. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com. Note - Calibrae.com does not use any cookies for the purposes of delivering any advertisements.

The specific types of first and third party cookies served through our Websites and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

 

Service Level Agreement

 

 

 

Privacy Policy

Last updated 17 July 2018, in line with GDPR requirements. 

Maintaining your privacy is very important to us. You trust us with your data. Its a responsibility we take very seriously.

In brief, at Calibrae we capture and store only the data we need to provide an excellent cloud-based training platform service that allows our site-customers to build and deliver great training, and our site's account-customers to consume great training and manage the training of their teams. As a platform, we do not sell your data or use it for non-related marketing purposes. Our customer sites may have a different policy, so, if you are a customer of a site, be sure to check the site-level policies in the adjacent tab above. Calibrae is not responsible or liable for site-level use of data and/or site-level privacy policies.

We also use your data to comply with any legal obligations to which we are subject.

 

Google Analytics

When someone visits calibrae.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

FullStory / MicroSoft Clarity

Calibrae uses third party analytics/support services provided by FullStory and / or Microsoft Clarity to record the user experience through our website. This enables our support team monitor users interaction with the site and identify problems.

FullStory and Microsoft Clarity  uses first-party cookies to maintain a user session across multiple pages only on our website. It uses standard facilities of HTML5 browsers to store data on your computer across visits to our website. It may also use local storage as a temporary holding area for user events, which are subsequently read and transmitted to complete previously recorded sessions. The gathered information may in the aggregate identify a user unless the user turns off cookies.

Access to your personal information

Practically all of your information is accessible by you directly through the website. The following section shows exactly what data we keep and how it is accessed. For any further requirements, email your request to getintouch@calibrae.com, and we will process your request within 30 days.

Your data - what we do with and why

The Calibrae platform holds data about the learner, the account/organization to which the learner belongs - both typically customers of a site hosted on the Calibrae platform - and the Site that publishes training. The following sections provide detailed descriptions of:

• the data we hold,
• why and how we use it,
• the legal basis we feel justifies our use of other's data, 
• who has access to the data, including what type of access, and
• what we will do on a 'request to be forgotten'.

User-level data (the learner)

Account-level data (the organisation to which the learner belongs)

Site-level data (the training provider)

 

User-level data (the learner)

Learner login history, including IP addresses used

What do we do with it & why? Displayed to Account managers for audit purposes to track the work effort of the user over time. Also displayed to Site administrators as a means to check for and prevent license sharing by users.

Lawful basis & justification? Legitimate interests. Account managers want to track the work effort of the team Site administrators need to check for and prevent license sharing.

Your access? Viewable by the learner. Not editable. Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Questions posed by learner regarding a concept being taught

What do we do with it & why? Displayed to other users in the community to solicit answers from community members.

Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.

Your access? Viewable & deletable by the learner. Other's access? Viewable by other learners, and viewable & deletable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will anonymize this data so that it has no link to the learner.

Your answers to other's questions

What do we do with it & why? Displayed to other learners in the community to extend learning & understanding.

Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.

Your access? Viewable & deletable by the learner. Other's access? Viewable & deletable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'?  We will anonymize this data so that it has no link to the learner.

Your comments posted regarding a concept being taught

What do we do with it & why? Displayed to other users in the community to extend learning & understanding.

Lawful basis & justification? Legitimate interests. It is in the interest of all learners in order to extend learning and understanding.

Your access? Viewable & deletable by the learner. Other's access? Viewable & deletable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'?  We will anonymize this data so that it has no link to the learner.

Study data. time spent in course, points & badges awarded

What do we do with it & why? Gamification. Displayed to the learner and account admin to motivate the learner to more fully engage.

Lawful basis & justification? Legitimate interests. Enables the learner and management to judge engagement.

Your access? Viewable by the learner. Not editable.   Other's access? Viewable by other learners in the community, and account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Exercise response data. correct/incorrect, number of attempts, average time, score

What do we do with it & why? Enables the learner and management to judge learner progress.

Lawful basis & justification? Legitimate interests. Enables the learner and management to judge learner progress.

Your access? Viewable by learner. Not editable.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Learner's assignment responses & instructor assessment

What do we do with it & why? Enables course author to make a subjective assessment of the learner's understanding of a concept.

Lawful basis & justification? Legitimate interests. Enables the learner and management to judge learner progress.

Your access? Viewable by the learner. Not editable.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Email addresses

What do we do with it & why? Used to email the learner regarding:

• new course enrollments
• course change updates
• notifications of marked assignment submissions
• notifications of test/exam results
• course completion
• password resets
• etc.

Calibrae does not use stored email addresses for general marketing purposes.

Lawful basis & justification? Legitimate interests. Enables the system to keep the learner updated with important information.

Your access? Viewable and auditable by the learner. Other's access? Viewable and editable by account, site & platform administrators. Sent to Stripe when credit card payment is made by user. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Copies of emails sent

What do we do with it & why? We keep copies of sent emails for audit, troubleshooting and dispute purposes. Having access to sent emails enables support to determine exactly what has been communicated to the learner.

Lawful basis & justification? Legitimate interests. Enables support to troubleshoot communication issues.

Your access? Viewable by the learner. Emails sent to learners are not editable.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Location: country & city (optional)

What do we do with it & why? Displayed to site administrators to provide awareness of where learners are located around the world.

Lawful basis & justification? Legitimate interests. Enables site administrators to tailor course content based on geographical needs.

Your access? Optional. Viewable & editable by the learner.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data.

League table preference. Be included in league table (default: opted out)

What do we do with it & why? Determine whether or not to list the learner in a public facing performance league table.

Lawful basis & justification? Legitimate interests. It is in the interest of learners to have the option of being included in a public facing league table to publicly demonstrate their ability.

Your access? Viewable & editable by account/site/platform admin and user.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Certification data in public registry (default: opted out)

What do we do with it & why? Enables interested 3rd parties to view/validate certification details of an opted-in learner.

Lawful basis & justification? Legitimate interests. It is in the interest of the user to have the option to opt-in in order that interested 3rd parties can validate their credentials online.

Your access? Viewable by the learner. The learner can change the opted setting. Certification data is not editable.   Other's access? If opted in, certification data is viewable by any interested party from the internet.

On 'request to be forgotten'? We will permanently delete this data.

Position & Group in company (optional)

What do we do with it & why? Displayed to others in the community to indicate role/level of experience

Lawful basis & justification? Legitimate interests. It is in the interest of learners to let others know of their role/level of experience.

Your access? Viewable and editable by the learner. The learner also has control over whether or not this data is displayed to others in the community. Other's access? If opted in, position and group data is viewable by other learners in the community. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Course licensing & invoice data relating to course enrollments

What do we do with it & why? Allow/deny access to courses by individual learners.

Lawful basis & justification? Legitimate interests. Learners accept the system needs to keep licensing data in order to allow/deny access to courses.

Your access? Viewable by the learner. Not editable.   Other's access? Viewable by account, site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.

History of reported platform issues

What do we do with it & why? Enables platform support to track & respond to platform level issues

Lawful basis & justification? Legitimate interests. It is in the interest of learners to report bugs so that they can be addressed.

Your access? Viewable by the learner. Not editable.   Other's access? Viewable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete then anonymize this data.

Live class enrollment schedule/history

What do we do with it & why? Displayed to the learner and live class instructor so that both parties have ready access to their scheduled classes.

Lawful basis & justification? Legitimate interests. It is in the interest of learners to know which live classes they are scheduled to attend.

Your access? Viewable & editable by the learner.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete then anonymize this data.

 

Back to top

 

 

Account-level data

Company name

What do we do with it & why? Displayed on invoices, for audit

Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company name.

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.

Tax details on purchases (VAT, etc). Includes self-declared tax liability, registered tax number & country of registration. Entered at time of course purchase.

What do we do with it & why? Determines if any tax should be charged in addition to the course fee

Lawful basis & justification? Legitimate interests. Useful when arbitrating possible disputes over tax liabilities

Your access? Viewable through the site, but not editable.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.

Phone number (A phone number for an account is optional)

What do we do with it & why? Used by platform and site administrators to call account administrators regarding course/user issues

Lawful basis & justification? Legitimate interests. In the interest of both parties to quickly solve issues.

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Address (An address for an account is optional)

What do we do with it & why? Displayed on invoices, for audit

Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company address.

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Community preferences (scope of community, hide/show user-ID in posts, hide/show awards, etc)

What do we do with it & why? Allows accounts to choose how its users interact with the broader community.

Lawful basis & justification? Legitimate interests. Gives power/choice to the account regarding how it wishes its learners to interact with the broader community.

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

List of users in the account

What do we do with it & why? Allows accounts to manage their learners.

Lawful basis & justification? Legitimate interests. Gives power/self-sufficiency to the account to manage their own learners at the individual level.

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.

List of groups in the account, each with users that belong to the group

What do we do with it & why? Allows accounts to manage learners by group.

Lawful basis & justification? Legitimate interests. Gives power/self-sufficiency to the account to manage their own learners at the group level

Your access? Viewable & editable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'?  We will permanently delete this data.

Course licensing & invoice data for course enrollments

What do we do with it & why? Allow/deny access to courses by individual users from a customer account

Lawful basis & justification? Legitimate interests. Accounts accept the system needs to keep licensing data in order to allow/deny access to courses

Your access? Viewable by the account administrator.   Other's access? Viewable and editable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'? We will soft delete this data, keeping it in archive solely for audit purposes.

Campaign Metrics Users within an account are invited to take a quiz to determine how much they know on the subject.

What do we do with it & why? Used by account management to survey existing knowledge of the team.

Lawful basis & justification? Legitimate interests. It is in the interest of accounts to have an understanding of the existing knowledge of the team.

Your access? Viewable by the account administrator. Quiz results also viewable by the user via email notification   Other's access? Viewable by site & platform administrators. Not shared with anyone else.

On 'request to be forgotten'?  We will permanently delete this data.

 

Back to top

 

Site-level data

Stripe key

What do we do with it & why? Sent to Stripe by the platform when the site receives payment for a course license.

Lawful basis & justification? Legitimate interests. It is in the interest of the site for the platform to facilitate payment by site's customers for courses.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Company details, inc address, phone, Company num, VAT num

What do we do with it & why? Displayed on invoices, for audit.

Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the company details.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Bank details: bank name, sort code, account number. Also includes site's payment terms offered to the site's customers

What do we do with it & why? Displayed on invoices, and used for audit

Lawful basis & justification? Legitimate interests. For audit purposes, it is in the interest of accounts, sites and the platform to record invoice details, including the bank payment details.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Managed domain - site URL

What do we do with it & why? The managed domain is the web address through which site users access the site and its content.

Lawful basis & justification? Legitimate interests. It is in the interest of both site and learner to have a published web address through which the site can be accessed.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Course content: lessons, exercises, exams, classes, downloads, exams, etc

What do we do with it & why? Course content is displayed to licensed users for purposes of teaching, learning and assessing learning.

Lawful basis & justification? Legitimate interests. It is in the interest of both site and learner to have published course content through which teaching, learning, and assessment can take place.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Course admin: price plans, discounts, stats

What do we do with it & why? Displayed to accounts and users so they know how much course licenses will cost. Displayed in invoices.

Lawful basis & justification? Legitimate interests. It is in the interest of both site, account and learner to know the cost of course licenses

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Chargeable tax data (VAT, Sales Tax, etc)

What do we do with it & why? Displayed to accounts and users so they know how much tax will be charged. Displayed in invoices.

Lawful basis & justification? Legitimate interests. It is in the interest of both site, account and learner to know how much tax is charged.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Branding: company logo, messaging for home-page, etc

What do we do with it & why? Displayed to users as they use the site to give branding to the user experience.

Lawful basis & justification? Legitimate interests. It is in the interest of both site and user to have a branded training experience.

Your access? Viewable & editable by the site administrator.   Other's access? Viewable & editable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'? We will permanently delete this data.

Invoices from platform, including active-user history

What do we do with it & why? Displayed to site admins for audit purposes.

Lawful basis & justification? Legitimate interests. It is in the interest of both site and platform to have an audit trail of platform-level invoices, including active-user history.

Your access? Viewable by the site administrator.   Other's access? Viewable by the platform administrator. Not shared with anyone else.

On 'request to be forgotten'?  We will soft delete this data, keeping it in archive solely for audit purposes.

Sales & invoice data of site sales to their customer accounts

 

 

Data Governance - how we manage it

At Calibrae, we are serious about protecting data and privacy. We have a nominated director who is responsible to the CEO and Calibrae Board for the management and protection of personal data.

 

Data Protection Officer

Our CTO is designated as the Data Protection Officer. To contact the DPO email dpo@calibrae.com.

 

Data Protection Impact Assessments

Part of our process to secure data is to hold periodic Data Protection Impact Assessments - something we do at least on a 3 year cycle. Conducting DPIAs is the responsibility of our DPO. Calibrae directors then have shared responsibility to ensure that any issues identified in the DPIA are prioritised, addressed and rectified.

 

Data incidents and how they will be handled

Any data breach, whether suspected or actual, is reported to DPO upon discovery of the breach. The DPO will work with all/any relevant parties to investigate the report, and if confirmed: 

• do all necessary to contain the breach
• determine the full particulars of it
• work out what needs to be done to resolve and remedy the situation properly
• establishing who needs to be notified, including, potentially the police if equipment or records have been stolen
• notify the identified parties within 72 hours

The DPO will then conduct a more thorough investigation and assessment of the breach to determine the scale of the breach, including:

• the scale of severity - the type of data released, the size of the compromised data set and the number of people affected, and whether or not the data has been released outside of the company
• who will be affected by the breach and to what degree
• how much data is involved
• how many data subjects will be affected
• the consequences of the breach
• etc.

The DPO will also determine if the Information Commissioner’s Office needs to be informed, as well as informing the individual data subjects whose data is involved in the breach. All decisions made are documented, along with the reasoning.

Once the breach itself is resolved and all necessary parties notified, the DPO will document which steps should be taken to prevent similar breaches from occurring in the future. Existing practices, procedures, and measures will be critically evaluated, and changes and improvements implemented.

 

Data retention - what happens to your data if you close your account

In the Privacy Policy section of this document, we outline which of 4 possible actions we will take regarding different types of data when a request is made for the data to be forgotten: 

• permanently delete the data,
• soft delete the data,
• soft delete the data, keeping it in archive solely for audit purposes, or
• soft delete then anonymize the data.

Upon formal closure of your account, we will apply the defined actions to your data as described in each data type above. 

 

GDPR training for Calibrae staff

All Calibrae staff are required to compete training to help them better understand how to keep data secure and identify attempts to breach our security measures. It also helps them better understand their responsibilities and the consequence of any breach.

Staff are required to refresh their training every two years.

 

Calibrae data breach risk assessment

Our DPO conducts periodic risk assessments relating to the protection of personal data. The assessment process includes:
- creating an action plan to control/mitigate any discovered risks
- prioritisation of tasks on the plan, depending on severity
- a review process to follow up on actions/controls/mitigations
- reporting any issues to senior management

 

DSARs - how to request access to your data and how we handle such requests

As stated above, practically all of your information is accessible by you directly through the Calibrae user interface, enabling you to view your own data.  For any further data access requirements, email your requirements to getintouch@calibrae.com, and we will process your request within 30 days.

 

Correcting errors in your data, and how to make a correction

As stated above, practically all of your information is accessible and editable by you directly through the user interface, enabling you to update your own data.  For any further change requirements, email your requirements to getintouch@calibrae.com, and we will process your request within 30 days.

 

Data erasure - how to request it and what we do

Our process for erasing your data, and what that means, is defined above in section Data Retention - what happens to data if you close your account. To request erasure of your data, send an email with your requirements to getintouch@calibrae.com, and we will process your request within 30 days.