Digital Learning Services Privacy Notice
Updated 3 April 2018
This Privacy Notice explains how personal information will be used by Pearson in relation to the digital learning products and services that link to this Privacy Notice. In this Privacy Notice we call these our ”Services."
It covers the handling of personal information by Pearson as a data processor when institutional or corporate customers purchase access to our Services. It also covers the handling of personal information by Pearson as a data controller when individual consumers purchase access to our Services, and when the Services are used outside of an institutional setting.
This Privacy Notice applies to the Services that link to it. Use of other sites and services may be subject to different terms and privacy notices. This Privacy Notice may be supplemented by a separate agreement between Pearson and an institutional customer.
If your access to the Services was purchased for you by an institutional customer, then the institutional customer is the data controller for any personal information which is uploaded or accessed by the Services. The institutional customer is responsible for ensuring it has a legal basis for processing this personal information. Pearson only processes this personal information on the institutional customer’s behalf, as a data processor.
For institutional customers registering users who are learners under the age of 18: please only upload school-issued email addresses for learners (not personal email addresses such as Hotmail accounts).
We collect your information in two ways:
- When you, your parent/carer or your institution (including your teacher) disclose your information through using the Services, registering you to use the Services (including when an institutional customer instructs us to register you to use the Services), contacting us (online or offline), ordering Services from us.
In a separate automatic operation we may collect application and system logs data which could include data such as your IP address, internet service provider and browser type, type of computer/device, and details of the website, application or email communication you came from before entering the Services. This information is used to:
- work out how many times the Services are visited;
- record which parts of the Services have been visited so we can improve the content and layout of the Services;
- understand the effectiveness of our email communications;
- monitor the health of the Services, detect unauthorised access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the Services.
We may from time to time supply third parties with an anonymised form of this data for uses in connection with our Services.
We will never sell users’ personal information. We may disclose and share personal information:
- with our service providers (for example, suppliers who develop or host our Services) in which case we will require them to implement appropriate technical and organisational measures to meet the requirements of applicable law; and/or
- if required or permitted by law; and/or
- with an institutional customer or parent/carer where the institutional customer or parent/carer has purchased access to the Services on the user’s behalf; and/or
- with our group companies who may use the information in accordance with the Marketing communications and opting out section below. Please note information on learners aged under 16 will not be shared with group companies for marketing purposes; and/or
- in connection with a sale, joint venture or other transfer of some or all of our company or assets, subject to the commitment of the acquiring entity to comply with this Privacy Notice; and/or.
- to protect the security and safety of the user and other persons, data, assets and systems, consistent with applicable law; and/or
- in other situations with the user’s consent.
We also use personal information in aggregate form (so that no individual user is identified by name) to identify types of user, audit and analyse how our Services are used, to help with the strategic development of our Services, to conduct educational research, and to develop new products and services. When doing so we remove any direct identifiers so that the data is no longer considered personal data for the purposes of data privacy laws and regulations.
Marketing will not be sent to any learners aged under 16 registered to use the Services unless consent has been provided on behalf of the learners, in which case such consent may be withdrawn at any time.
Contact details for teachers, learners who are 16 or over, and adult subscribers to the Services may be used for these purposes:
- to contact the user with more information about our products and services and those of our group companies, except where the user has told us not to;
- to invite the user to participate in surveys, discussions and prize draws and ask for the user’s views on our Services via online surveys and discussion forums.
Participation in surveys and discussion forums is entirely voluntary. Users may unsubscribe from being contacted for these purposes at any time. Survey information will be used for market research with the aim of improving our Services.
We will not send marketing emails to a user who has opted out of receiving them. Any marketing communications we send will include an unsubscribe link at the end of the email.
We will keep your personal information only for as long as reasonably necessary to fulfil the purposes for which we are processing your personal information, unless the law permits or requires longer. For example, we might need to keep your personal data for quality assurance of the service we have provided, or we might need to keep it to defend future legal claims.
These Services may be aimed at learners aged under 16.
If a learner is under 16 and has any questions in relation to their personal information and the Services, we recommend that the questions are directed to their parent or legal guardian, or to the learner’s teacher where relevant.
In some regions such as the EEA (European Economic Area) you may have certain rights in relation to your personal information including the right to ask the data controller to update and correct your personal information, to request access to and obtain a copy of your personal information, rectification of your personal information if it is no longer accurate or erasure of your personal information if our retention is no longer necessary for the purposes for which it was collected, to restrict or object to the processing of your personal information in certain circumstances, and data portability (if applicable).
If access to the Services was provided by your institution, then you should address any such request to your institution. If you (or your parent/guardian) purchased your access to the Services, then you should address your request to Pearson using the details set out in the Contacting Pearson section below. We will consider and act upon any request in accordance with applicable data protection laws.
If you (or your parent/guardian) purchased your access to the Services you may have the right to complain to the Information Commissioner (if you are in the UK), or to your local data protection supervisory authority, if you are unhappy with our privacy practices notified under this Privacy Notice.
If you have any questions about our Privacy Notice, please do not hesitate to contact us at:
Data Protection Officer
or email us at firstname.lastname@example.org.
This Privacy Notice applies to the products and services which link to it. It is provided on behalf of Pearson plc and its group companies. This means all companies owned or controlled by Pearson plc (registered office 80 Strand, London WC2R 0RL, United Kingdom, registered number 53723).
When we say “users” we mean the individuals who use the Services. Users could include an institutional customer’s learners, teachers and administrators, or individual subscribers who purchase access to the Services for themselves or for a child in their care.
When we say “institutional customers,” we mean learning providers such as schools, colleges, local education authorities, private language schools, education agencies or any other organisations that purchase access to the Services for use by users in its organisation.
Limited personal information is collected during the registration process for the Services. As a guide, we normally request the following data fields for users who are learners: First Name, Last Name and email address. In addition, where relevant, we may also collect: Year Group, date of birth, a learner’s institution and course identifier. We do not usually collect personal addresses for learners under the age of 16 where Services are sold to an institutional customer. The limited personal information we collect during the registration process for teachers typically is: First Name, Last Name and Email address, and where relevant, the teacher’s institution and course identifier.
Institutional customers are responsible for ensuring that any information they upload to the Services is accurate.
For some Services, a user may register using an alias name (pseudonym) and email address that is not otherwise associated with personal information provided to Pearson. This alias registration may not be available if the user account is established through integration with a third party service or if the institutional customer establishes the account for a user or otherwise prohibits the use of this option. If a user establishes a user account through alias registration in an institutional customer setting, the user must notify the institutional customer and the teacher for each educational course or learning program in which the Services are used so that the teacher and educational institution can recognize the user account as belonging to that user.
As users of the Services, learners and teachers may also generate personal information when using the Services. For example, the Services may record assignments, student coursework, responses to interactive exercises, scores, grades and instructor comments, details of the books the learner has read or activities the learner has completed. Users may also generate personal information if they post in a community or forum, or use a communication tool provided through the Services. Pearson is not responsible for use or disclosure of these postings or communications by community or forum members, or by anyone else who receives your communications.
If you would like to find out exactly what personal data will be collected as part of your Services please contact: email@example.com.
Where a consumer purchases access to the Services from Pearson, or where we contact you in accordance with the section headed Marketing communications and opting out, we are acting as a data controller. The European General Data Protection Regulation requires data controllers to tell you the legal bases for handling your personal information, so we have described these here. We may use your personal information:
- to enter into or perform a contract with you (e.g. to provide you with access to the Services you have purchased); and/or
- with your consent (e.g. we may sometimes ask you for specific consent to use your personal information in a particular way); and/or
- to comply with our legal obligations (e.g. we might have regulatory obligations to report or share or archive personal information); and/or
- for a variety of business purposes which are in our legitimate interests as a commercial provider of educational products and services (e.g. as described in the section headed Marketing communications and opting out).
Where we are handling personal information on behalf of an institutional customer, the institutional customer is the data controller and will establish the legal basis for handling your personal information. If you have any queries, you should direct these to the institution which provided you with access to the Services.
The personal information that is collected will be used by Pearson to provide the Services (including to communicate with users regarding service updates) and in accordance with this Privacy Notice. In addition, where an institutional customer has purchased access to the Services, personal information will also be used by Pearson in accordance with the institutional customer’s instructions. This may include analysis of users’ use and progress across a variety of Services so that we can help learners make progress with their learning – for instance to evaluate the educational efficacy and effectiveness of the Services and to make appropriate recommendations to users and institutional customers based on this evaluation.
Email addresses for learners are collected in order to be able to issue passwords securely through our systems and to send out service messages where necessary. Please also refer to the section headed Marketing communications and opting out to see how else email addresses may be used.
Some Services may have the capability to connect to your Google Drive so that you can upload or download documents directly from or into your Google Drive. Before they do so, you will receive a prompt asking you to click “Allow” to enable the Services to connect to your Google Drive. You may remove this connection in the My Account settings for your Google account at any time. Pearson will use this connection to access your Google Drive only for the purpose of uploading or downloading documents that you specifically select with limited metadata to allow identification and retrieval, so that you can access and use the documents within the Services or download them to Google Drive. Pearson will use, process and store these documents and associated personal data in accordance with this Privacy Notice.
At Pearson we maintain appropriate technical and organisational measures against unauthorised or unlawful processing of personal information and against accidental loss, theft, destruction of or damage to personal information.
We seek to protect the safety of all personal information. In particular, provided a user’s browser accepts HTTPS (Hyper Text Transfer Protocol Secure) encryption, we seek to protect payment information against unauthorised access through a secure server. Where we use third parties to process personal information, we require them to ensure the safety of personal information.
Please be careful if you post any personal information on a bulletin board or discussion forum or similar interactive area of the Service as it may be collected and used by others. You understand we cannot control the actions of other users.
For some Services we might need to send your personal information to another country or process it in another country. If you are based in the EEA and we contract service providers who will process your personal information outside the United Kingdom or EEA we will take appropriate steps to ensure your personal information is given the same level of protection as described in this Privacy Notice.
We have entered into an intercompany data processing agreement using the European Commission standard contractual clauses (in the absence of an adequacy decision) for data transfers to our group companies located outside of the UK and the EEA. We rely on adequacy decisions or adequate data transfer mechanisms adopted by the European Commission or a supervisory authority from time to time for transfers of European personal information to third parties located in countries outside of the UK or EEA.
To protect personal information, users and institutional customers are urged to: (a) protect and never share passwords; (b) only access the Services using secure networks; (c) maintain updated internet security and virus protection software on their devices and computer systems; (d) immediately change a password and contact Pearson if there is a suspicion that the password has been compromised; and (e) contact Pearson if there is another security or privacy concern or issue.
Institutional customers and users must not misuse any personal information available on the Services or gather personal information or use robots or other automated scripts, codes or functionalities to do so.
We may immediately suspend or terminate users’ and institutional customers’ access without notice if we become aware that they are in breach of our Terms and Conditions or of this Privacy Notice.
We may update this Privacy Notice from time to time. We will always include the date of a new version so that you know when there has been a change.