Privacy Policy

In this Privacy Policy we London School Of Social Enterprise Ltd of 128B – 128C Brixton Hill, Greater, Brixton, London SW2 1RS with Company number 12523857 and the operator (s) of www.lsseedu.co.uk (hereinafter “LSSE” or “we” or “us”) inform you about how we collect, process and use about you when you visit our website  within the meaning of the General Data Protection Regulation (GDPR) and the UK`s Data Protection Act 2018 (DPA).

Informational use of the website

You can visit our website and use some of our Internet services without providing any personal information. Each time you access a web site, the web server only automatically stores access data in so-called server log files, which are automatically communicated by your browser, such as the name of the requested file, the last web site visited, the date and time of access, the browser used, the amount of data transferred, the IP address, the requesting provider, etc. The server logs this data in the context of processing on our behalf. As part of processing on our behalf, a third-party service provider provides the services for hosting and displaying the web site on our behalf. This service provider is located within a country of the European Union or the European Economic Area.

For the purpose of a shorter loading time of our online presence, we also use a so-called Content Delivery Network (“CDN”), whereby the web site is delivered via web servers of a CDN provider, which acts for us within the scope of a commissioned processing. Accordingly, access data is also collected on the provider’s web servers.

All access data is stored for a period of 7 days. This data is evaluated exclusively to ensure trouble-free operation of the website, error analysis and to improve our offer. The use of a CDN provider, as well as the procedure described here, serves to protect our legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f of the GDPR in the correct presentation of our offer, which are overriding in the context of a balancing of interests. 

Collection and use of data for the processing of contracts

We collect personal data when you provide it to us when contacting us (e.g. via contact form or e-mail), when registering for a user account (“LSSE account”) or in the context of your booking, for example in the context of a course or exam booking. Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms.

In these cases, we collect and process the data you provide for the execution of the respective contract, for example, for the execution of an exam with regard to your course(s) including a subsequent examination, as well as for the processing of your inquiries pursuant to Art. 6 (1) sentence 1 lit. b GDPR. Insofar as you have expressly consented to the processing of special categories of data in this context pursuant to Art. 9 (2) lit. a GDPR, we collect your health data (e.g. allergies) exclusively for the purpose communicated to you upon consent.

After complete processing of the respective contract or deletion of your user account, your data will be blocked for further use and deleted after expiry of the retention periods under tax and commercial law. If tax or commercial law retention obligations do not apply to individual data, this will be deleted immediately after the respective contract has been processed. Something else only applies if you have expressly consented to further use of your data or if we reserve the right to use data beyond this, which is permitted by law and about which we inform you below.

Data transfer for contract processing

In the context of course and exam bookings, your personal data is processed in our central course management system, to which certain members of LSSE staff have access unless access is not permitted under local law. This is done for the purpose of contract processing pursuant to Art. 6 para. 1 p. 1 lit. b GDPR and to protect our legitimate interests in valid information and correct data records when booking courses pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, which prevail in the context of a balancing of interests. Insofar as processing of personal data takes place in countries outside the UK or the European Economic Area in this regard, we have implemented standard data protection clauses as a suitable guarantee within the meaning of Art. 46 (2) c GDPR for the protection of data.

For the purpose of fulfilling the contract, we pass on your data to the company commissioned with the delivery, insofar as this is necessary for the delivery of ordered services. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service for the processing of payments. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies. When you pay for a course or module, the payment data you enter is sent directly to the payment service provider you have commissioned. We do not have access to this data at any time.

Insofar as the payment service provider processes your personal data for the purpose of payment processing, e.g. when processing credit card payments, as the responsible party within the meaning of Art. 4 (7) of the GDPR, we will provide you with information that the payment service provider must provide in accordance with Art 13, 14 of the GDPR.

As part of the performance of our contracts with you, for example for the provision of courses, we sometimes pass on your data to service providers who process it on our behalf and under a contract for commissioned processing existing between LSSE and the respective service provider. Such a service provider may, for example, be the provider of software that LSSE uses to process contracts.

Registration and LSSE account

If you wish to leave comments or contributions, exchange information with other users, participate in online courses, as well as book courses or exams or use our online services, registration and creation of a “LSSE account” is required. For registration purposes, we process your login data (e-mail address and password), with which you have access to personalised LSSE services, the consents you have given, as well as your country and preferred language.   

a) Personal data and content created by you

The only mandatory data we collect during the creation of your LSSE account is that which is absolutely necessary for the implementation of our offers or any contractual relationship that may exist with you.

We collect and process the data provided by you in the context of the contractual execution of this user agreement in accordance with Art. 6 para. 1 p. 1 lit. b GDPR

  • to check your application to create a LSSE account
  • to provide the free services in which you participate (blogs, forums, comment function, self-presentation, communities, chats, etc.)
  • to fulfil our obligations arising from contracts that exist with you.

You can voluntarily provide additional information about yourself as well as post content (so-called user generated content), such as a photo of yourself, texts in the form of blog or forum posts, discussion posts, etc.  Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms. We process the voluntarily provided data in order to safeguard the overriding common interests in a diverse exchange within the framework of our platform in accordance with Art. 6 (1) p. 1 lit. f GDPR.

b) Personalised marketing

For marketing purposes, we also use the data you provide in the user account for a personalised design of our web site and internet offers, e.g. a personal start page and a profile area in which we present suitable offers to you. This serves to protect our overriding legitimate interests in the optimal marketing of our offers in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.   

c) Data publication

Some of the data you leave behind using the LSSE account is visible to other users. These include, for example, your name or user name, your posts including creation date and time, your memberships in groups, your friends, your learning lists, your online status, your gender and your profile entries. The publication of the data is necessary according to Art. 6 para. 1 p. 1 lit. b GDPR in order to provide you with the contractually specified functions of our services.

d) Data exchange between our course management system and your LSSE account

In order for our course and exam management system to view the information and results contained in your LSSE account, a data exchange (so-called pairing) takes place between our course and exam management software and your LSSE account. Pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, this serves to protect our legitimate interests, as part of a balancing of interests, in linking the data records in order to provide you with uniform master data management and an overview of the courses and exams you have booked on our web site as well.   

e) Deletion

If you do not confirm your registration within 7 days, your LSSE account will be deleted along with the data you provided during registration. If you confirm your registration, a user account will be created in accordance with these explanations. This does not apply to LSSE accounts that were created as part of a booking in the web store. These will remain permanently unless you request deletion. Deletion of your LSSE account and the data you have left there is possible at any time and can be done either by sending a message to the contact option described below or by using a function provided for this purpose in the user account. 

Google Maps

On our web site, we use the integration of Google Maps to visually display geographical information.The storage of Google Maps cookies and the use of this analysis tool takes place after a corresponding consent and the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In accordance with the Google Terms of Use (as of March 31, 2020), the Google Maps service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you have your habitual residence in the European Economic Area or Switserland. If you have your habitual residence in another country, the Google Maps service will be provided to you by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) instead.

When using Google Maps, your personal data may be transferred to Google companies in countries outside the European Economic Area where an adequate level of data protection is not guaranteed and your rights under European data protection law may not be enforceable.

In order to ensure an adequate level of data protection when transferring users’ data from the United Kingdom to the United States, we have agreed with Google LLC on standard data protection clauses issued by the European Commission for this purpose. You can obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.

When calling up a web site on which Google Maps is integrated, Google’s web server also automatically collects access data in so-called server log files, which are automatically communicated by your browser, such as the name of the requested file, last website visited, date and time of the call, browser used, amount of data transferred, the IP address, the requesting provider, etc. When using Google Maps, Google also processes data on the use of the Maps functions by visitors to the web sites.

Further information on Google’s data protection policy and setting options can be found at https://policies.google.com/privacy .   

E-mail newsletter

If you subscribe to one of our newsletters, we use the data required for this purpose or separately provided by you to regularly send you the subscribed e-mail newsletter. The sending of e-mail newsletters takes place on the basis of your separate express consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. For security reasons, we use the so-called double opt-in procedure: We will only send you a newsletter by e-mail if you have previously confirmed your newsletter registration. For this purpose, we send you an email to confirm the subscription via the link contained therein. In this way, we want to ensure that only you, as the owner of the specified e-mail address, can subscribe to the newsletter.

If necessary, the newsletter can be sent via an external service provider to whom we pass on your e-mail address for this purpose. In such cases, the processing is carried out on our behalf. You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

The newsletters contain a so-called “web beacon”, i.e. a pixel-sised file that is retrieved from our server when the newsletter is opened, or if we use a dispatch service provider, from their server. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected.

This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked.

For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users in general, i.e. anonymously, and to adapt our content to them or to send different content according to the interests of our users. Unfortunately, a separate revocation of the performance measurement is not possible, in which case the entire newsletter subscription must be cancelled.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. GDPR . In the case of business relationships in which the newsletter is part of the contractual performance, the legal basis is Art. 6 para. 1 lit. b GDPR.

The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent.   

Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. Cookies serve to make our offer more user-friendly, effective and secure. These are small text files that are stored on your terminal device.

Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and allow us to recognise your browser the next time you visit us and, if necessary, to enable you to log in automatically (persistent cookies). For example, if you activate the “Stay logged in” option by placing a check mark when you log in to LSSE, a cookie will be set that will allow us to recognise you when you visit the LSSE site within a certain period of time.

You can learn more about Cookies in general on the www.allaboutcookies.org website and about the specific cookies we use in our Privacy Policy.

Social Networks

a) Use of social plugins and widgets from Facebook, Twitter, Instagram and Vimeo. In order to increase the protection of your data when visiting our website, these buttons and widgets are not integrated into the page without restrictions, but only using an HTML link. This integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of the provider of the respective social network.

If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, on which you can (if necessary after entering your login data) e.g. press the Like or Share button.

For the purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the privacy policies of the providers:

https://www.facebook.com/policy.php

https://twitter.com/privacy

https://help.instagram.com/155833707900388

https://vimeo.com/privacy

b)Vimeo Video

On this web site, content from third party providers is integrated via Vimeo for the purpose of an interactive design of our content. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

To increase the protection of your data when visiting our website, the plugins are integrated into the page in such a way that they can only be activated by an additional click. This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the servers of the respective social network. Only when you activate the plugins does your browser establish a direct connection to the servers of the respective social network.

The content of the respective plugin is then transmitted directly to your browser by the associated provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the corresponding provider or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider (possibly in the USA) and stored there.

c) Our online presence in social media

Our presence in social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our products there.

When visiting our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal device for this purpose. Visitor behaviour and interests are stored in these cookies. The use takes place after a corresponding consent and exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: Data processing takes place on the basis of the standard contractual clauses. For detailed information on the processing and use of data by the providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular opt-out options, please refer to the privacy policies of the providers linked below. If you still require assistance in this regard, you can contact us.

Data transfer to third parties

a) Data transfer to LSSE

After setting up your LSSE account, administrators of the responsible LSSE abroad will be given access to the data stored in your account. The data processing that takes place in this context serves, on the one hand, the administrative processing of user data, e.g. the correction/blocking/deletion or assignment of roles and authorisations within the system. The legal basis is the fulfilment of the contract according to Art. 6 para. 1 p. 1 lit. b GDPR. Furthermore, pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, this serves to protect our legitimate interests in valid information and correct data records in our system, which are overriding in the context of a balancing of interests. On the other hand, user data (in anonymised form) may be used to improve our website. In accordance with Art. 6 para. 1 p. 1 lit. f GDPR, this serves to protect our legitimate interests in optimising our offering, which are outweighed by our interests.

Insofar as personal data is transferred to a LSSE in a third country and an adequacy decision pursuant to Article 45 (1) of the GDPR is not available, the transfer of data will take place on the basis of standard data protection clauses as appropriate safeguards pursuant to Article 46 (2) (c) of the GDPR.

b) Data transfer to the central audit archive

For the purpose of checking authenticity and issuing replacement certificates, data concerning the examinations you have taken will be stored and used in the central examination archive. This is done on the basis of contract performance according to Art. 6 para. 1 lit. b GDPR.

Data security

We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons, such as SSL encryption during the creation of the LSSE account or a subsequent login. 

Your rights

Of course, you have rights with regard to the collection of your data, which we are pleased to inform you of herewith. If you would like to make use of one of the following free rights, a simple message to us will suffice. For your own protection, we reserve the right, in the case of an existing enquiry, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the enquiry.

a) Right to information

You have the right to request information and/or copies of the personal data stored about you.

b) Right to rectification

You have the right to request that personal data relating to you be corrected and/or completed without delay.

c) Right to object to processing

You have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing.

d) Right to deletion

You have the right to request the erasure of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

e) Right to information

Where you have exercised the right to rectification, erasure or restriction of processing, we will notify all recipients to whom personal data relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

f) Right to data portability

You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

g) Right of objection

Insofar as your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to the processing at any time pursuant to Article 21 (1) of the GDPR.

If we process your for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing.

h) Right to withdraw consent

You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime.

i) Right to complain to a supervisory authority

If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.

You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there.

j) Automated decision making including profiling

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

International transfers

We do not directly and for the purpose of processing transfer your personal data outside the European Economic Area (EEA) and the United Kingdom.

Changes to our privacy policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Questions

If you have any questions about data protection, please write us an e-mail or contact us using the details provided on the website.