Learnybox | Privacy Policy

1 - OUR COMMITMENTS AS DATA CONTROLLER

Section updated on March 29, 2021.

On the Website, you are informed of the mandatory nature of responses by the presence of an asterisk or any other type of notation. In the event of an incomplete request (e.g., online registration or order, request for information, etc.), LearnyBox reserves the right to request additional information or to use any technical means to prevent the form in question from being validated.

1.1 - PROCESSING ON THE WEBSITE

The Website presents LearnyBox's activities and allows us to collect data about you through various forms (contact, newsletter subscription, etc.).

By completing the forms and communicating with LearnyBox via the Website, you provide the following categories of information:

Identity data: title/gender; last name; first name; and, on some forms, Learnybox may ask for your date of birth in order to send you birthday offers;
Contact and correspondence data: email address; postal address (address, postal code, city); phone number; In the event of a customer service request, the nature of your request and the content of your request.
Review and contribution data: username, date of review, content of review, offer concerned, where applicable, public profile photo attached to the review; LearnyBox may enhance its Site by collecting and republishing reviews and contributions made by its customers on other sites (in particular on its pages and social networks) in relation to its offers, when these contributions are freely accessible to the public;
Data necessary for carrying out loyalty, prospecting, research, survey, offer testing, and promotional activities;
Data relating to the organization and processing of contests, lotteries, and any promotional operations;
Data collected through the exercise of rights enshrined in the Regulations.

In accordance with our legitimate interest, and where necessary for the performance of pre-contractual measures taken at your request or of a contract, LearnyBox processes the above-mentioned data for the following purposes:

Presentation of LearnyBox services;
Management, processing, and follow-up of requests and exchanges with LearnyBox via the Website (where applicable, by offering you a chatbot, a call booking tool, etc.);
Management of relationships with prospects;
Management of people's opinions on LearnyBox services or content;
Prospecting and/or sending information, managing technical prospecting operations, selecting individuals for loyalty campaigns, prospecting, surveys, and testing;
Organization of contests, lotteries, or any promotional operations on the Site.

Data used for commercial prospecting management purposes is kept for a maximum of three years from the last active contact from the prospect or customer, and earlier in the event of opposition to receiving messages from LearnyBox. Data from reviews and contributions is kept for as long as the review is accessible to the public on the Site.

Identity and contact data will also be processed for the following purposes:

Updating of its prospecting files by the body responsible for managing the do-not-call list, in accordance with the provisions of the Consumer Code
Management of requests for access, rectification, and opposition, and more generally of your rights as described in this policy.

By using the YouTube API on the Website or as part of your subscription (YouTube API Services Terms of Service), you agree to the terms of use (YouTube Terms of Service) and accept the privacy policy (YouTube Privacy Policy) applicable to its features.

LearnyBox and any authorized third party may collect, access, and record your data usage of this API (YouTube API Data Terms) under the aforementioned terms of use and privacy policy. You can configure the data you authorize to be disclosed from your Google account (Google Security Settings) and, more generally, exercise your rights described in this policy with LearnyBox regarding all processing carried out with the YouTube API.

1.2 - PROCESSING RELATED TO AN ORDER ON THE SITE

The Website allows you to make purchases, which requires the collection of the following categories of data:

Identity and contact data
Data relating to the contractual and commercial relationship: Details of the order content; Pre-contractual and order-related exchanges (subject, date, etc.); Communications with LearnyBox and/or its partners, in particular affiliates.
Payment and transactional data: transaction date, amount, payment method, order number, billing data;

This information is necessary for the management of our customer and prospect database, and more specifically for the following purposes in accordance with the GTC accepted when ordering on the Site:

Carrying out operations relating to the management of files concerning: contracts and registrations; orders; service delivery; legal and commercial guarantees; invoices; accounting and monitoring of the commercial relationship (after-sales service), including for opinions on the Company's offers;
Preventing and combating fraud and means of payment, in particular credit card fraud;
Managing unpaid bills and disputes, provided that this does not relate to offenses and/or result in the person being excluded from a right, service, or contract.

To create an account on the Site, you will also be asked to choose a URL hosted on the LearnyBox domain that will allow Users to access your Platform.

For information purposes only, you are hereby informed of the following retention periods:

Data processed for commercial prospecting purposes: 3 years from the last active behavior of the prospect or the collection of data
Data necessary for processing your order and managing contractual and commercial relationships:
- 5 years from the conclusion of the contract for amounts less than €120.00 10 years from the date of delivery or service provision for amounts greater than €120.00
- For accounting documents (purchase orders, delivery notes, customer invoices): 10 years from the end of the financial year

1.3 - PROCESSING CARRIED OUT IN THE CONTEXT OF THE CUSTOMER'S SUBSCRIPTION

As part of their subscription, all Customers can access digital content, assistance services, support services, etc., which gives rise to the collection and processing of the following categories of data:

Identity and contact details;
Content access data: Username and password, which may be automatically saved on the Website if you consent to this via your browser settings, and login information for the access area (IP address, time of connection, duration of connection, use of any tools available in this dedicated area, etc.);
Content-related data: Content viewing and tracking data: Module viewing data, time spent on content; Information about audio files downloaded and/or listened to;
Tracking data: Progress indicators, statistics, and progress tracking; any notes, surveys, and quizzes completed, and past evaluations;
Publication data: Content of your contribution (comment, question, publications, opinion, etc.), date, time, response rate, information about the publication space concerned;
Organization data: Identity and contact details, information about slots reserved, canceled, or completed, and all information necessary for organizing this type of service;
Tracking data: Progress indicators, any notes taken during the support process, data from audits, surveys and quizzes completed, evaluations passed, information necessary for the preparation of a report.

The legal basis for this processing is the contract concluded with LearnyBox, and the purpose is the performance of this contract. The data may be kept until the expiry of the limitation periods applicable to legal actions that may arise between LearnyBox and a Customer. This data may also be processed for the purpose of combating fraud, in which case the legal basis for the processing is LearnyBox's legitimate interest in ensuring that its co-contractors comply with the terms of engagement and their legal obligations.

When organizing events, whether in person, remotely, free of charge or for a fee, Learny Box collects and processes the personal data of registrants and participants necessary for the organization, management, processing, and follow-up of invitations, registrations, and participation. This data may be archived for five years after the event.

In the event of participation and unless otherwise agreed, you agree that LearnyBox may record your image and/or voice on photo, audio, or video media produced during the event. The recordings may be saved and published by LearnyBox, including on social media, in accordance with its legitimate interests. If you do not wish to appear, you can turn off your camera in the case of a remote event, position yourself at the back of the room, refrain from participating in group photos, refrain from signaling to the photographer/cameraman, etc. in the case of an in-person event.

1.4 - SECURITY MEASURES

Commitment. LearnyBox undertakes to implement all appropriate technical and organizational measures using physical and logistical security measures to ensure a level of security appropriate to the risks of accidental, unauthorized, or illegal access, disclosure, alteration, loss, or destruction of your personal data.

Technical protection measures. You are informed and accept that the Site and any Platform include technical devices that allow the use of its sites and services to be monitored (logged-in user account, IP address, type of application used, various connection and customer account usage logs, etc.) and which may be used in the fight against counterfeiting and/or to identify and/or prevent any illegal use of the Site or Platform by a Customer that does not comply with the GTC or the law.

Passwords. Once you have subscribed, whether on a trial basis or not, you will be asked to create a password to access your Platform. Customers must enter a password of at least 8 characters, including at least one lowercase letter, one uppercase letter, and one number. LearnyBox has a database of the 100 most common passwords, the use of which is prohibited (such as: password, azerty, etc.).

LearnyBox can also automatically generate random 8-character passwords. In order to guarantee the integrity of passwords created when using the Platform, LearnyBox uses the password_hash method to encode passwords. In addition, access to the Platform is blocked after five unsuccessful attempts to log in.

Secure payment. All transactions made on the Site are secure. Credit card payments are handled by payment service providers ("PSPs"), as indicated in the Site's Terms and Conditions or on the order page. Learnybox uses SSL encryption to protect your personal data and the payment methods used. At no time does LearnyBox have direct access to your bank details.

By proceeding with payment, you authorize Learnybox to send instructions to your bank to debit your account according to the deadlines indicated when placing your order. Customers' banking information is kept for longer in the case of payment facilities or subscriptions with tacit renewal.

For more information, please refer to the PSP documentation:

Stripe: Stripe Privacy Policy
Braintree (PayPal): Braintree Privacy Policy
GoCardLess: GoCardLess Privacy Policy

Warnings. The Site may provide links to other sites, applications, and services other than those of LearnyBox, which may be operated by third-party companies. LearnyBox is not responsible for the processing of personal data carried out by these third-party sites, or sites linking to the Site, whose personal data protection policies you are invited to consult for more information.

LearnyBox cannot under any circumstances be held responsible for the processing of personal data carried out by Customers on their own Platform.

Data breaches. If LearnyBox discovers illegal access to your personal data stored on its servers or those of its service providers, or unauthorized access resulting in the realization of the risks identified above, then LearnyBox, after examining the causes and consequences of this incident:

- Notify the CNIL of the incident as soon as possible if this is a legal requirement;
- Notify you of the incident as soon as possible if this is a legal requirement;
- Take the necessary measures within reasonable limits to mitigate the negative effects and damage that may result from the incident.

1.5 - YOUR RIGHTS

In accordance with the regulations, you have the following rights regarding your data:

Right of access to your data, including the right to request a copy, and to the information provided in this privacy policy (Art. 15 GDPR). Where the legal basis for data processing is the legitimate interest of the data controller, you have the right to request information regarding the justification for this legitimate interest;
Right to rectify (Art. 16 GDPR) and update your data;
Right to erasure of your data (Art. 17 GDPR) when the data is no longer necessary, you have withdrawn your consent to its processing (if it was based on our consent), or you object to processing based on our legitimate interest or to processing for marketing purposes or for profiling related to marketing.
Right to withdraw your consent at any time (Art. 13-2c GDPR) for all data processing based on the legal basis of your consent;
Right to restriction of processing, which, unless there is a compelling reason, may only be carried out with your consent (Art. 18 GDPR) when:

You contest the accuracy of the data, for the time necessary to verify it,
If the data processing is unlawful but you oppose the erasure of the data and instead choose to restrict the processing,
When LearnyBox no longer has a reason to retain the data but you still need it for the establishment, exercise, or defense of your legal rights.
When you have objected to processing based on our legitimate interest, for the time necessary to balance the interests involved.

Right to the portability of data provided directly by the data subject when it is subject to automated processing based on your consent or on a contract (Art. 20 GDPR), i.e., the possibility of requesting the communication of this data in a structured, commonly used, and machine-readable format so that it can be communicated to another data controller.
Right to object (Art. 21 GDPR) to the processing of your data when the legal basis for such processing is legitimate interest;
Right to determine the fate of your data after your death and to choose a trusted third party to whom LearnyBox must entrust it.

Furthermore, with regard to commercial prospecting, you can unsubscribe from our mailing lists at any time by clicking on the unsubscribe link in our communications or by contacting LearnyBox to stop receiving marketing messages. Any data subject may ask LearnyBox for details concerning these guarantees applicable to data transfers outside the European Union concerning them.

Any request to exercise these rights must be made by email to contact@learnybox.com or by registered letter with acknowledgment of receipt to the head office. LearnyBox may refer the person concerned to the features of their account that allow them to exercise their rights directly from their account, where available. The request will be forwarded to LearnyBox's data protection officer (Cabinet Touati – La Motte Rouge Avocats AARPI, 77 boulevard Malesherbes 75008 Paris).

If you believe that LearnyBox has not respected your rights, you may lodge a complaint with the CNIL or any other competent data protection authority.

1.6 - RECIPIENTS AND TRANSFERS

All recipients of data must provide sufficient and appropriate contractual guarantees to respect your rights. Based on our legal obligations, your data may be disclosed in accordance with a law, regulation, or decision of a competent regulatory or judicial authority.

The information you provide to LearnyBox is for internal use by the group and its subsidiaries (e.g., Learnybox Formations) by authorized persons. It is strictly confidential and may not be disclosed to third parties, except under the conditions provided for by the Regulations in the event of express agreement or if you have decided to make it public.

External service providers (e.g., suppliers, independent contractors) may, within the framework of the processing described above, receive personal data when necessary for the performance of their duties.

Data may be transferred outside the European Union.

LearnyBox transfers data relating to visitors, prospects, and customers to countries recognized as offering an adequate level of protection.
When the destination country does not offer an adequate level of protection, data flows are governed by transfer tools that comply with regulations (in particular, the European Commission's standard contractual clauses).

LearnyBox may publish, disclose, and use aggregated information (information relating to users of the Site and Platform, prospects, customers, etc.) in such a way that no individual is personally identifiable. This processing is carried out in accordance with LearnyBox's legitimate interest for statistical purposes, sector and market analysis, presentation of activities, promotional and advertising purposes, and other commercial purposes.

1.7 – COOKIES AND TRACKERS

Cookies and trackers (hereinafter "cookies") refer to connection cookies and, more generally, any file deposited when consulting a website or mobile application, installing or using software on the User's terminal equipment for the purpose of reading or writing information on that equipment.

You will be informed of the presence of cookies necessary for the functioning of the Site and those that are not strictly necessary during your first visit to the Site and then at least every 13 months. The maximum retention period for cookies is 13 months after they are first placed on your terminal, and this period is not extended with each visit.

With the exception of cases of use not subject to consent, cookies and trackers will only be placed on your terminal with your express consent. You may be asked periodically to reiterate your consent to ensure that it is still valid.

You can configure cookies as described below, and we inform you that you can also configure your device's browser to activate the "Do Not Track" option, which will indicate to the websites you visit, advertising agencies, or applications that you do not wish to be "tracked." This feature is available for the following browsers:Firefox, Chrome, Internet Explorer, Safari, Opera, and Microsoft Edge.

Cookies strictly necessary for the site to function

You can configure cookies under the conditions described below, and we inform you that you can also configure your device's browser to activate the "Do Not Track" option, which will indicate to the websites you visit, advertising agencies, or applications that you do not wish to be "tracked." This feature is available for the following browsers, among others

The cookies strictly necessary for the Website to function are:

the "tarteaucitron" cookie, which saves your cookie consent choices for a period of 12 months;
the "_logs_connexion" cookie, which saves the link to the Customer account that a Customer has logged into and displays the list of accounts that the Customer has logged into;
the "parrain" cookie, which saves the referrer who promoted the Site to the User, stored for a period of 60 days

The processing of personal data carried out with these cookies is based on our legitimate interest within the meaning of the Regulations in that they enable the main services of the Site to function optimally. You can technically block them by using your browser settings (Firefox with enhanced tracking protection; Firefox with cookie deletion; Chrome; Internet Explorer; Safari ; Opera; Microsoft Edge), but your experience on the Site may be degraded.

Audience measurement cookies

Audience measurement cookies are used to generate traffic statistics that are useful for improving the site. You can object to the use of audience measurement trackers, when they do not fall within the consent exception, in the "Service Management" window located at the bottom left of each page of the site.

The audience measurement cookies on the Site are:

Those provided by Google Analytics for audience measurement services that generate visitor statistics useful for improving the Site (learn more about these cookies and third-party recipients);
A cookie edited directly by LearnyBox, which identifies the origin of the User visiting the Site and compiles traffic statistics.

Even if you initially consented to the storage and use of these cookies, you can still opt out and set your preferences in the "Service Management" window at the bottom left of each page of the Website.

Personalized advertising

LearnyBox and third-party companies use cookies, with your consent, to display personalized advertising based on your browsing and profile on the Site.

The "Facebook Pixel" cookie is an analysis tool that measures the effectiveness of our advertising on Facebook and Instagram by tracking the actions taken by users on the Site (find out more; Meta Privacy Policy & Cookies).

You can opt out of the use of this cookie and set your preferences in the "Service Management" window located at the bottom left of each page of the Site.

2 - OUR COMMITMENTS AS SUBCONTRACTORS

Part updated on March 29, 2021

Within the framework of their contractual relations, the parties undertake to comply with the Regulations. The "parties" referred to are LearnyBox and the Customer.

The parties acknowledge and agree that the Client is the data controller for the personal data collected and processed in connection with the performance of the general terms and conditions agreed to by the Client and that the Client alone is fully responsible for ensuring that such processing complies with the applicable Regulations, in particular with regard to Users.

This policy defines the conditions under which LearnyBox undertakes, as a processor, to carry out on behalf of the Customer, the controller, the personal data processing operations defined below.

Anyone can find out about the processing carried out by LearnyBox as data controller in its privacy policy (Learnybox Privacy Policy).

2.1 - DESCRIPTION OF PROCESSING

The processor is authorized to process, on behalf of the controller, the personal data necessary to provide the service(s) included in the subscription to the Platform (Learnybox).

The processing operations covered by this policy refer to any operation or set of operations, whether or not carried out using automated processes, applied to personal data or sets of personal data via the Platform, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, alignment or interconnection, restriction, erasure or destruction.

The Platform's features are intended for the management of a customer-prospect file, online sales, and the delivery of their online services. Customers have access to tools and features on the Platform that allow them to:

Create, customize, and manage their websites, blogs, pages, and articles as part of their business, including sales funnels with online payment methods;
Capture emails, send newsletters, email sequences, track and optimize their launch and sales operations;
Create and deliver their online training, moderate their community, customize the training path, conduct group online conferences (automated or not) or individual remote interviews, evaluate their customers at the end of the training program and ask for their opinion (surveys, quizzes, etc.);
Create affiliate programs with business partners;

Customers will collect and process the categories of personal data of their Users on their Platform listed below:

Identification data (last name; first name; date of birth, etc.)
Contact data (telephone number, email address, postal address, etc.)
Professional data (company name; company postal address; SIRET number; VAT number, etc.)
Connection data (IP address, connection logs, etc.)
Training and content viewing tracking data (progress logs, knowledge tests, etc.)
Payment, banking, and billing data.

The processing of personal data carried out using the LearnyPay feature (optional) is governed by separate terms and conditions defined by the payment service provider MangoPay: MangoPay Privacy Policy. By using this feature, the Customer certifies and guarantees that they have read and understood these terms and conditions, over which LearnyBox has no control.

2.2 - RETENTION PERIODS

Data relating to the contractual relationship between Customers and their Users is retained for the duration of the Customer's subscription to the Platform, unless the Customer deletes the data from the Platform or unless otherwise indicated below.

During the subscription period, certain categories of data will be automatically deleted:

Platform usage data will be deleted five years after the User's last payment to the Customer, with only information about their identity, contact details, and the order placed (date, price, content, billing, etc.) being retained until the end of the Customer's subscription.
Browsing, email opening, and click data will be retained for three years and then archived for a maximum period of two years, regardless of the duration of the Customer's subscription to the Platform.
Audience measurement statistics may be kept for a maximum of 13 months, then only in anonymized form.

It is the Customer's responsibility to delete contacts or deactivate the sending of commercial prospecting messages on the Platform in accordance with the applicable deadlines.

It is the Customer's responsibility to back up and/or archive data concerning its Users by extracting it and storing it securely outside the Platform. LearnyBox is under no obligation to archive or back up data on behalf of the Customer after the end of its subscription and may proceed with automatic deletions in accordance with the retention periods defined above.

The Customer is the data controller within the meaning of the GDPR and is solely responsible for determining the retention periods it applies to its Users, on the Platform from which it can manually manage the data it wishes to retain or not, and outside the Platform if necessary.

Bank details

Subject to the conditions applied by the payment service provider MangoPay, banking data is retained for the time necessary to complete the transaction, including in the case of successive payments or retention of the card number for subsequent purchases. This period is extended, where applicable, by the withdrawal period.

2.3 - LEARNYBOX'S COMMITMENTS AS A SUBCONTRACTOR

LearnyBox undertakes to:

Process data solely for the purposes covered by the subcontracting agreement;
Process the data in accordance with the Customer's instructions and the Customer's use of the Platform's features. If LearnyBox considers that an instruction constitutes a violation of the GDPR, it shall inform the data controller;
Ensuring the confidentiality of personal data processed in connection with the Customer's subscription;
Ensure that persons authorized to process personal data under this policy undertake to respect confidentiality or are subject to an appropriate legal obligation and receive the necessary training in data protection;
Take into account, with regard to its tools, products, applications, or services, the principles of data protection by design and data protection by default.

Any advice on the use of the Platform is provided for information purposes only and it is the Customer's responsibility to select the settings, provide the information, and carry out all processing on the Platform in accordance with the GDPR, the framework for commercial prospecting, and any other rules applicable to its activities.

2.4 - CUSTOMER'S COMMITMENTS AS DATA CONTROLLER

The Customer warrants and represents that:

That it only collects personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. As such, the Customer undertakes to use the Platform's features in compliance with the obligations set out in the GDPR and not to misuse them;
That it complies with the applicable Regulations, including the GDPR, and ensures that its instructions on the Platform and to LearnyBox comply with them;
That it is authorized, in accordance with the applicable Regulations, to communicate to LearnyBox the personal data of the Users concerned by the processing;
That they will provide the required legal information and, where applicable, obtain the consent of the persons concerned in accordance with the applicable Regulations, in order to communicate and allow LearnyBox to process the data, and that LearnyBox may communicate them to its service provider partners; to any public authority where applicable; to any third party in connection with the performance of a legal or regulatory obligation incumbent on LearnyBox; and to any other person entitled to request the communication of the information, including when the recipients of the personal data are located outside the European Economic Area;

The Customer expressly agrees that they are solely responsible for the lawfulness and consequences of the collection and other processing of personal data carried out on the Platform under their control and direction.

The Customer is solely responsible for the configuration of its Platform, in particular with regard to legal information provided to its Users, the reasonable and compliant use of emailing or SMS tools for commercial prospecting, information and consent collection with regard to cookies, information requested via survey tools, the compliance of any affiliate system it may set up, control of access rights that they may grant to third parties, etc.

Any act of unlawful collection of information, unlawful transmission of files, or any use of the Platform by the Customer that clearly infringes on the rights of the persons concerned or contravenes the GDPR will be considered a case of abuse of usage rights that may lead to the termination of the subscription at the Customer's expense in accordance with the GTC.

The Customer is specifically informed that LearnyBox has a "zero tolerance" policy towards SPAM when a Customer imports contacts into the Platform. In particular, if more than 0.35% of the recipients of an email report it as "junk mail," LearnyBox reserves the right to ask the Customer to justify their fair use of the emailing tools at their disposal.

2.5 - SUBSEQUENT SUBCONTRACTING

LearnyBox may use another subcontractor (hereinafter, "the subsequent subcontractor") to carry out specific processing activities. In this case, it shall inform the Customer in advance and in writing of any planned changes concerning the addition or replacement of other subcontractors under the conditions provided for by the GDPR.

The subsequent subcontractors involved in the provision of the Platform are listed in the Appendix to this policy. The Customer declares that all of the listed subsequent processors provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure that the processing meets its expectations and the requirements of the GDPR, including with regard to data transfers when the processor is located outside the European Union.

The Customer has a period of ten days from the date of receipt of this information to raise any objections, unless another period is specified in the communication. In the absence of any objection, the change will be deemed to have been accepted.

The use of third-party solutions enables the Platform to offer standard features. If the Customer refuses to use these third-party solutions, they must notify LearnyBox, which may offer alternative solutions, the cost of which will be quoted in advance. The Customer is informed that refusal of a subsequent subcontractor may result in malfunctions.

The use of third-party solutions may be subject to certain conditions imposed by their supplier, for example the YouTube API in accordance with its contractual documentation referred to in the appendix.

The Customer may use third-party solutions other than those used by default on the Platform and listed as subsequent subcontractors in the Appendix and/or provide Users with links to other sites, platforms, applications, and services distributed and operated by third-party companies. Before using the services of a third party involving joint processing or subcontracting of personal data, it is the Customer's responsibility to check the third party's compliance with the GDPR and the lawfulness of the intended processing. LearnyBox cannot under any circumstances be held liable for the compliance of these third parties with the GDPR.

2.6 - RIGHTS OF DATA SUBJECTS

The rights of data subjects are the rights of access, rectification, erasure, and objection, the right to restriction of processing, the right to data portability, and the right not to be subject to automated individual decision-making (including profiling).

It is the Customer's responsibility to provide information to Users and all persons concerned by the processing operations at the time of data collection, for example by providing a privacy policy and appropriate information notices on its websites and communication media.

When data subjects submit requests to LearnyBox to exercise their rights, LearnyBox forwards these requests to the Customer at the last email address provided upon receipt. LearnyBox is authorized to inform the data subject that it is not responsible for the exercise of their rights and may provide the Customer's email and/or postal address to the data subject to enable them to contact the Customer directly.

2.7 - SECURITY MEASURES

LearnyBox undertakes to implement all appropriate technical and organizational measures using sufficient physical and logistical security measures to provide a level of security appropriate to the risks of security breaches.

The websites created on the Platform are by default subject to the HTTPS security protocol applicable to data storage in particular.

The Customer is informed and accepts that the Platform may include technical devices that allow the use of its sites and services to be monitored (logged-in user account, IP address, type of application used, various connection and user account usage logs, etc.) and which may be used in the fight against counterfeiting and/or to identify and/or prevent any illegal or non-compliant use of the Platform by its Users. It is the Customer's responsibility to inform its Users of this.

At the Client's request, and excluding strategic or sensitive information covered by trade secrets, LearnyBox may provide a more detailed description of its security and governance policy.

In the event of a security breach on the Platform resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data, LearnyBox shall inform the Customers affected by the breach who are responsible for processing so that they can fulfill their obligations to Users.

Under no circumstances may the commitments defined in the above point relating to notification in the event of a security breach be construed as any acknowledgment of fault or liability for the occurrence of the incident in question. LearnyBox does not, under this policy, make any commitments additional to those provided for in its Terms and Conditions, particularly with regard to hosting, storage space, traffic volume, and service continuity guarantees.

2.8 - DATA DISPOSAL

During the Customer's subscription and beyond, if applicable, LearnyBox undertakes to destroy personal data at the end of the periods defined in this policy.

When the Customer has terminated their subscription, LearnyBox reserves the right to reduce these periods at any time after informing the Customer. The Customer may ask LearnyBox to return all personal data collected and processed on its Platform before proceeding with its permanent destruction.

This return is not automatic and must be expressly requested before the end of the subscription and no later than 10 days after its termination. The Customer may also make this request to LearnyBox during the subscription period. In any event, the extraction and return of data in a readable format may give rise to service charges depending on the nature and quantity of data to be extracted, of which the Customer will be informed in advance.

In the event of termination, the Customer is advised that LearnyBox will maintain its Platform on a data backup system for a limited period of thirty days after the end of their subscription. At the end of this period, all data on the Customer's Platform will be permanently deleted from the servers, which the Customer expressly accepts.

2.9 - DATA TRANSFERS

The Customer is informed that use of the Platform may involve the transfer of data concerning Users to countries outside the European Union, given that the features included in the Customer's subscription may be provided or hosted by third parties established outside the European Union.

The Customer may at any time obtain information on the status of transfers and the documentation relating to the guarantees provided by subsequent subcontractors for the compliance of these transfers in the Appendix and request any additional information from LearnyBox on the details of the transfers.

In the event of a transfer to the United States, LearnyBox verifies that the subcontractor complies with the standard contractual clauses (SCCs), i.e., the model contracts for the transfer of personal data adopted by the European Commission, and that US legislation does not compromise the adequate level of protection guaranteed by the clauses and measures provided for in the SCCs.

The Customer's acceptance of the subsequent processor involved in a data transfer constitutes unreserved acceptance of the transfer guarantees provided by that processor in the documentation referred to in the Appendix. It is the Customer's responsibility to inform the data subjects, in accordance with the GDPR, that their registration on the Customer's Platform may result in data transfers, particularly to the United States.

Create

Market & Sell

Manage

Independent

Business / Organization

Training Organization

Our solutions