Privacy Policy

Version 2 - September 2021

Previous Versions
Version 1 - August 2021

The purposes of the processing
We provide an online service, ClickLearn Community, to users who are interested in ClickLearn services such as ClickLearn Studio. The service is used e.g., to ask questions, contribute to discussions, and submit a feature request. The service is moderated by ClickLearn staff.

If relevant, the service provides guidance, sends e-mails and notifications to users regarding the use of the service, their account, new functions, and other interactions in the service.

Finally, we use the personal data for administering your account, developing the service and for security purposes.

The lawful basis for the processing
As we are located in the EU, the General Data Protection Regulation (GDPR) applies to the collection of personal data irrespective of where the data subject is located.
The basis for our collection and processing is:

• Article 6(1a) of the General Data Protection Regulation (consent)

The categories of personal data collected
The personal data we collect fall under Article 6 of the GDPR.

a) Account information
We collect personal account information such as username, device, browser, log in information and e-mail.

We also collect the personal data you continually produce when you take part in the community by asking questions, contributing to discussions, submitting a feature request and the like.

b) Developing the community
We collect aggregated data about the usage for statistical analysis and to develop the community by combining the data with other data sets from our different services. We use this information for decision making in respect to continually providing a more useful service. For example, we can direct users to a specific section/content piece on the platform where they can find help.

c) Security
We use the IP-addresses to detect threats, both proactively and retroactively.

d) Data subject requests
Finally, we also process relevant personal data in connection with possible data subject requests in accordance with Chapter III in the GDPR. This might entail processing personal data to identify and/or authenticate the data subject making the request.

The recipients or categories of recipients of the personal data
Recipients of personal data might include but is not in all cases limited to IT service providers (data processors), public authorities (to the extent we are obligated) and support staff in subsidiaries.

The details of transfers of the personal data to any third countries or international organizations
We transfer personal data to third countries outside EU/EEA that the EU Commission has determined has an adequate level of data protection. In cases of transfer to third countries that do not have an adequate level of data protection we use the EU approved standard contractual clauses to ensure an adequate level of data protection. By request we will provide a copy.

The retention periods for the personal data
When a user deletes his account or requests deletion by contacting us at DataProtection@clicklearn.com, a deletion and anonymization process is activated.

The process includes assessing if we are obligated to store some or all the personal data for a longer period of time according to the GDPR and the applicable local, state or federal laws. If we are not obligated to store the personal data and we have no other lawful grounds for further processing, we delete or anonymize the personal data. If the user is inactive for 24 months, the deletion and anonymization process is activated.

The source of the personal data
The personal data have been obtained during sign up process and the continued use.

The details of whether individuals are under a statutory or contractual obligation to provide the personal data
If you do not wish to provide us with the personal data, we need to fulfil the purposes, we are not able to provide the service to you.

The details of the existence of automated decision-making, including profiling
We do not base any automated decision-making, including profiling, referred to in Article 22(1) and (4) of the General Data Protection Regulation on personal data from users. Thus, no decision is based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects concerning the user.

The rights available to individuals in respect of the processing
As we are bound by the GDPR due to our location you have the following rights:

  • Your right of withdrawal of consent - You can always delete your account.Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

The rights are limited in scope and application. Moreover, the rights are applied on a case-by-case basis to each data subject request.

You are not required to pay any charge for exercising your rights.

If you make a request, we must provide information on action taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In that case, we will inform of any such extension within one month of receipt of the request, together with the reasons for the delay.

Please contact us if you wish to make a request. When you make the request, please specify your request as best you can. This will help us process your request more quickly.

The right to lodge a complaint with a supervisory authority
You can lodge a complaint with your local Supervisory Authority in the EU by going to the website of the European Data Protection Board and find the contact information.

If you live outside the EU, please contact the Danish Data Protection Agency:

Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
DK
Tel. +45 33 1932 00
email: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk/

The name and contact details of the organization (data controller)
CLICKLEARN ApS | Sjæleboderne 2, 1. th. | 1122 Copenhagen K | Business registration number: 33075731| Tel. +45 88 77 47 35| DataProtection@clicklearn.com