We Are Learning

We respect the privacy of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This privacy notice sets out the personal information that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.

If you are in any doubt regarding the applicable standards, or have any comments or questions about this privacy notice, please contact us as provided below in “Who we are and how to contact us”.

Getting oriented

This privacy notice applies to

our website(s)
all of the services that we offer on our own behalf, including our product offerings and our web applications (“Web App”)
our communications to you

Not all sections will necessarily apply to you. It depends on how you interact with us, our services and website(s).

Unless otherwise stated, this notice does not cover any linked third-party websites or services that we do not own or control.

Cookies

For cookies, please read the separate cookie notice on this site available via https://wearelearning.io/legal and please check the cookie consent manager implemented on both this website (see “Cookie Preferences” at the bottom of the page) and in the Web App. The cookie notice applies in addition to this privacy notice.

An overview: broad categories of personal data we process

WeAre processes personal data in three broad categories:

data we collect through our website or when you otherwise interact with us
data from use of our services
data that may be included in the content that customers manage in our services

Some data protection and privacy laws talk about “personal data”, others about “personal information”. For simplicity, we use the term “personal data” throughout this privacy notice.

Who decides how personal data in these categories is processed (who is the “data controller”)?

Data protection and privacy laws in certain jurisdictions, like in the European Union, distinguish between “controllers” and “processors” of personal data. These concepts come from the European Union General Data Protection Regulation (“GDPR”). A controller decides why and how personal data is processed. A processor processes personal data on behalf of a controller.

The California Consumer Privacy Act (“CCPA”) has similar concepts: “business” (similar to the data controller) and “service provider” (similar to the data processor). For simplicity, when we talk about a “data controller”, we also mean a “business”. And when we talk about a “data processor” we also mean a “service provider”.

WeAre is the data controller of personal data in the first broad category. This means that we decide for what purposes and how we process this data. Generally speaking, we use this data for our legitimate business interests, for example to understand who our customers and potential customers are, what their interests in our services are, to manage our customer and supplier relationships.

Personal data in the second category can be controlled by both our customers and us, each for their own purposes. When we process such data for the purpose of providing services to our customers, we are the data processor, and the customer is the data controller. This includes purposes such as customer support. When we process this data, for example to manage the customer relationship and billing, or to understand how our services are used for product development purposes, we process this data for our own purposes, and we are therefore the data controller.

Personal data in the third category, customer content, is controlled by our customers. We are always the processor of personal data that may be included in customer content and process it in accordance with our customer agreements.

Brief overview

This privacy notice explains:

Who we are and how to contact us
Changes to this privacy notice
Your rights
When we collect personal data from you and from third parties
Data transfers and how we share personal data
Data collection on our website and in our Web App
Third-party content and services on our website and in our Web App
Data collection when contacting us and interacting in our communities
Data collection when using our services
Data collection when visiting our premises or participating in events or training
Personal data we collect and process for marketing purposes
How we keep personal data safe
How we use cookies
How long we keep your personal data
Children’s privacy

Who we are and how to contact us

The entity responsible for processing your personal data (the “data controller”) in accordance with this privacy notice is We Are Learning AS, with its business offices at Drammensveien 130, 0277 Oslo, Norway.

If you have any questions about our processing of your personal data, you can contact our data protection officer at: We Are Learning AS/Data Protection Officer, Drammensveien 130, 0277 Oslo, Norway and by email: dpo@wearelearning.io. You can also contact us at: support@WeAreLearning.io

In this privacy notice we refer to We Are Learning AS as “WeAre”, “we”, “us”, “our”.

Changes to this privacy notice

Please read this privacy notice carefully and note that we may change it. We may change it specifically if our products and services or the websites we offer evolve or if the relevant laws or their application change. We recommend that you read this privacy notice from time to time and make a copy for your files. We will post new versions of this privacy notice on our website and identify new notices with the date they take effect.

Your rights

This section explains what rights you have in relation to our processing of your personal data. If you want to make use of your rights, please contact us (please see contact details above in “Who we are and how to contact us”).

Your European rights under the GDPR

If our processing of your personal data is subject to the European Union General Data Protection Regulation (“GDPR”), you have the following rights with respect to your personal data:

Right of access: You can request information about your personal data that we process in accordance with GDPR article 15.
Right to erasure: You have the right to request the deletion of your personal data in accordance with GDPR article 17.
Right of rectification: If the information concerning you is not correct, you can request a correction in accordance with GDPR article 16. If your data is incomplete, you may request that it be completed.
Right to restrict processing: In accordance with GDPR article 18, you have the right to request a restriction of processing your personal data.
Right to withdraw your consent: If you have given your consent for processing, you have the right to revoke it according to GDPR article 7.3.
Right to data portability: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format as well as the right to transfer this data to another data controller, if the conditions of GDPR article 20.1 (a), (b) are met.
Right to file a complaint: You have the right to file a complaint with a data protection supervisory authority about our processing of your personal data in accordance with GDPR article 77.
Right to object to processing: In accordance with GDPR article 21.1, you have the right at any time to object, for reasons arising from your particular situation, to processing your personal data on the basis of GDPR article 6.1 (e) or (f). In such a case we will not process your data unless we can demonstrate compelling legitimate reasons to do so which outweigh your interests, rights and freedoms, or if the processing is for purposes of establishing, asserting, exercising or defending against legal claims. Furthermore, according to GDPR article 21.2, you have the right at any time to object to processing your personal data for the purpose of direct marketing; this also applies to any profiling, insofar as it is connected with such direct marketing.

Your California rights under the CCPA

If our processing of your personal data is subject to the California Consumer Privacy Act (“CCPA”), you have the following rights with respect to your personal data:

Right of information and access: You can request information about and access to your personal data that we process in accordance with the CCPA.
Right to erasure: You have the right to request deletion of your personal data in accordance with the CCPA.
Right to opt-out of the sale of your personal data: We have third party cookies on our website to assist us with analyzing our marketing effectiveness and providing you with tailored content and advertising. We may share cookie data as well as other data we may have on you with marketing companies (for example using your email address to obtain firmographic information about the company you work for) or with our business partners, such as in case of joint events organized with such partners. If you would like to know more about how you can control how we collect information through the use of cookies and similar technologies, including how to opt out of such data processing, please see the separate cookie notice available via WeAre.com/legal. To opt out of cookies and of sale (as defined in the CCPA) of your personal data please use the settings in the cookie consent manager implemented on our website and in our Web App or contact us using the contact details provided above in “Who we are and how to contact us”.
Right to non-discrimination: You have the right to receive non-discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA. This means we cannot, for example, deny goods or services to you or charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, due to you having exercised your rights.

When we collect personal data from you and from third parties

Collecting personal data from you

We collect personal data from you when you for example:

Visit our website
Use third party content integrated into our website or services
Contact our company
Interact in community Slack channels
Sign up for newsletters or download whitepapers or reports
Read our emails
Participate in user research and surveys
Sign up for and use our services
Communicate with us via customer support tools
Visit our premises
Register for or attend our events and training
Apply for a job with us

For more information, please read further below in this privacy notice in the applicable sections or feel free to contact us (contact details above in “Who we are and how to contact us”) and we will be happy to answer your questions.

Collecting your personal data from third parties

We mostly collect personal data from you. However, we receive personal data about you from third parties when you for example:

Use the social media integrations on our website
Use our Slack channels
Participate in user research or surveys facilitated by third parties
Sign up for our services using a social media or other third-party account
Register for an event or training through a third-party service
Marketing service providers such as data enrichment provider

Data transfers and how we share personal data

This section gives you an overview of how we may transfer and share personal data. Please note that other parts of this privacy notice and the separate cookie notice on this site include more information that may be relevant to transferring and sharing personal data.

How we share your personal data

We share your personal data with sub-processors and service providers that assist us with the provision of our services, as well as in connection with our business and business transactions or as necessary to comply with our legal obligations.

How we share information with our sub-processors and service providers is described in various parts of this privacy notice, including:

Data collection on our website
Third-party content and services on our website and in our Web App
Contacting us and interaction in our communities
Using our services
Visiting our premises; events and training
Marketing

Please also view our cookie notice available via https://wearelearning.io/legal to learn about data collection and sharing via cookies.

Transferred data is protected by appropriate agreements

We use service providers to host our services with locations inside the European Economic Area, Switzerland and/or the UK (collectively, “Europe”). We transfer data from our services to such locations.

We may use service providers across our website and services (such as support services) with locations outside of Europe, including in the United States of America. We transfer data from our website and services to such locations.

If we transfer or otherwise process personal data in our services or our website in a country outside of Europe, we will ensure that such transfers and processing are covered by lawful data processing agreements and data transfer mechanisms (such as the EU Commission approved “standard contractual clauses”) in accordance with GDPR article 46.2(c).

The sub-processors and service providers to whom we transfer personal data are vetted by our security team.

Third parties with whom we share personal data

Service providers – We share your identifiers, internet activity, billing details and sensory data (as may be recorded, for example, during user research or other interviews) with the relevant service providers such as security service providers or our customer relationship and billing management providers or with third parties who conduct research and surveys on our behalf. The legal basis for sharing your information is our legitimate interest in providing our services efficiently.

Some of such data sharing, including

integration of video hosting or social network plug-ins (please see in “Third-party content and services on our website and in our Web App”),
interaction in our Slack channels (please see “Contacting us and interaction in our communities”), and
marketing tools integrated in our website and firmographic data providers (please see “Marketing”)

may be deemed a “sale” under the CCPA. To exercise your right to opt-out of such sharing please contact us using the contact details provided above in “Who we are and how to contact us”.

Firmographic data providers – when you visit our website or use our services, we may share your identifiers (like email address) with third parties who provide us with firmographic data (such as the name of the company you work at) related to your identifiers (for example based on your email address domain). Third party marketing services – we may share your identifiers, internet activity, and inferences from the foregoing with marketing and advertising partners to deliver tailored advertising to you (please see in “Marketing”). Social media services – if you register or log in to our services using social media, your identifiers and other personal data you authorize may be shared with the particular social media service. The social media’s processing of your personal data is governed by their privacy policies and your settings in the relevant social media service. We further describe how we share information with social media services under: “Social networks integrations”. Customer support services and customer engagement – when you communicate with us through our website or the Web App, we share your identifiers, internet activity, and any personal data you choose to include in your communication with customer support service providers such as Zendesk (please see in “Contacting us and interaction in our communities” and “Using our services”). Third-party app and extension providers in our Web App - if you install third-party apps or extensions in the Web App when using our services, the providers of such apps and extensions, and the providers of third-party services that the apps and extensions may connect with, will receive your identifiers and other data that you authorize such apps, extensions and third-party services to access. Please familiarize yourself with the applicable terms and privacy notices from such app and extension providers. Events and training hosts and facilitators – when you register for or attend an event, we share your identifiers and other registration information with such third parties. These third parties may include our business partners that participate in or organize such events with us. Please see in “Visiting our premises; events and training”. Between our investors; due to corporate transactions - We may share your personal data if we are involved in a merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or if we undergo bankruptcy or liquidation. Such activity might involve us disclosing personal data to prospective or actual purchasers, sellers and their advisers. Such disclosures will only take place under appropriate confidentiality undertakings and if necessary for such purpose and your interests, rights and freedoms do not outweigh such disclosure. The legal basis for this sharing is our legitimate interest in carrying out our business operations. Pursuant to your instructions – when requested, we will share or facilitate sharing your data with third parties pursuant to your instructions. The legal basis for this sharing is your request and the performance of our contract with you. To comply with our legal obligations, protect our rights and those of others – we may share your personal data to comply with our legal obligations, and to protect our rights. We will share your personal data if we are legally required to do so, such as in response to a court order or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands, or to comply with requirements of mandatory applicable law. We will also share your data as necessary to enforce terms of contract that you have agreed to, including to protect the rights, property, or safety of WeAre, its users, or any other person.

To prevent fraud and abuse of our services – we will share your identifiers, internet activity, sensory data, and other relevant data to prevent or detect fraud or to address technical issues and if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of our services or the Internet in general, such as spamming, denial of service attacks, or attempts to compromise the security of our infrastructure or our services.

Data collection on our website and in the Web App

This section applies to our website and Web App, and the various methods of communicating with us via these properties. For information on cookies (and similar technologies) integrated in our website and the Web App, please read the cookie notice (which forms part of this privacy notice) accessible on this site via https://wearelearning.io/legal and check the cookie consent manager implemented on both this website (see “Cookie Preferences” at the bottom of the page) and in the Web App.

What data we collect (“Website Data”)

When you visit individual pages of our website WeAreLearning.io or our Web App, we generally collect the following data from you (also referred to as “Website Data”):

Identifiers, such as:

hostname of the accessing device
IP address
cookie ID

Internet activity, such as:

browser type/browser version
operating system used
language and version of the browser software
website from which the request comes
content of the request (specific page)
date and time of the server request
access status/HTTP status code
referrer URL (website visited before)
volume of data transferred
time zone difference from Greenwich Mean Time (GMT)

Additionally, in the Web App, we log the user activity, including log-in timestamps and actions taken in the Web App.

Legal basis for and purpose of processing personal data

Unless otherwise stated below, the legal basis to process this type of personal data is GDPR article 6.1(f), our legitimate interests to enable the provision of a functioning and appealing website and user experience and to ensure that our marketing messages are more relevant to the user. We will retain your data for as long as we consider it reasonably likely for you (or your organization) to become or remain a customer. For retention of cookie data, please refer to the cookie consent manager integrated on our website and in the Web App. To the extent that we use any tracking technologies, such as cookies, which are not technically essential, the legal basis for processing such data originating from the European Union is GDPR article 6.1(a), that is your consent that we request via the cookie consent manager.

If you sign up for our services or give us your consent for example when downloading certain materials from our website (such as a whitepaper), we may use your identifiers and internet activity, along with information such as firmographic information we receive about you from third parties (our marketing service providers), to provide you with tailored marketing (see below in “Marketing”). Such firmographic information allows us to analyze a deeper subset of data from which we may present personalized content and messages, for example to analyze if you or your organization would benefit from or be interested in certain service features or information related to our services. The legal basis of our processing your data this way is GDPR article 6.1(f), that is our legitimate interests to ensure that our content and messaging (including customer success, sales and marketing) provided to you are more accurate and suitable. To the extent that we require your consent, the legal basis for processing your data is your consent as per GDPR article 6.1(a).

Third-party content and services on our website and in our services

The below sections apply to various third-party services and content that are integrated into our website and our Web App. Please note that information about cookies (and similar technologies) integrated in our website and services is in a separate cookie notice on this site available via https://wearelearning.io/legal.

The website and the Web App integrate third-party content such as videos, maps, RSS feeds and graphics from other websites. When you use the third-party content, we provide these third parties with your identifiers such as your IP address and Website Data. Without such data they would not be able to properly deliver the content to the requesting browser.

Some of the third parties may process data outside of the European Union and European Economic Area. For more information on data transfer please see above in “Data transfers and how we share personal data”.

Integration of certain Google services

We may use Google reCAPTCHA on certain pages of our web pages. The purpose of reCAPTCHA is to check whether the data input on our webpages (for example, in a contact form) is by a human or by a bot. For this purpose, reCAPTCHA analyzes the website visitor’s behavior based on different characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (for example, IP address, time spent on the website or mouse movements). The data collected during the analysis is forwarded to Google. The analyses can run completely in the background. Website visitors are not necessarily notified that an analysis is taking place. Further information about Google reCAPTCHA and the Google privacy policy can be found at the following links: policies.google.com/privacy and google.com/recaptcha/about. The provider of Google services is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. For more information about the purpose and scope of processing by Google, please refer to Google’s privacy policy. There you will also find further information about your rights in this regard and settings options to protect your privacy: policies.google.com/privacy.

Integration of certain analytics and marketing services

We use services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.) and Amplitude, Inc. (Keizersgracht 277,1016ED Amsterdam, The Netherlands) to better understand our website users’ needs and to optimize the experience by for example tracking how much time users spend on which pages, which links they choose to click and so on. They may use cookies and other technologies to collect data on our users’ behavior and their devices. This includes for example a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (device identifiers), browser information, and geographic location (country only). The service stores this information on our behalf in a pseudonymized user profile and does not sell the data collected on our behalf. The legal basis of our processing your data for analytics is your consent as per GDPR article 6.1(a) which we request via the cookie consent manager implemented on our website. If you consented to cookies set by Google or Amplitude, you can withdraw your consent by adjusting your cookie settings either in the cookie consent manager implemented on our website or in your browser.

We use services provided by Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the https://privacy.microsoft.com/en-US/privacystatement. The legal basis of our processing your data for analytics is your consent as per GDPR article 6.1(a) which we request via the cookie consent manager implemented on our website. If you consented to cookies set by Microsoft Clarity, you can withdraw your consent by adjusting your cookie settings either in the cookie consent manager implemented on our website or in your browser.

We use services provided by Intercom Intercom R&D Unlimited Company (2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin, Ireland). Intercom provides us with a chatbot which we use to engage with website visitors subject to the visitor’s consent to marketing cookies via the cookie consent manager implemented on our website. Intercom does not sell the data collected on our behalf. The service may use your IP address to check if it is associated with a business for us to determine whether you or your company could be interested in our services. Your consent is the legal basis of our processing your data by Intercom as per GDPR article 6.1(a). If you have consented to cookies set by Intercom, you can withdraw your consent by adjusting your cookie settings either in the cookie consent manager implemented on our website or in your browser. More information about Intercom and their privacy practices can be found here: https://www.intercom.com/legal/privacy.

Video hosting

We may display videos on our website or offer videos to logged-in users in the Web App. Videos may be hosted for us by a third-party service provider. When you watch videos on our website, we collect identifiers and your Website Data. We collect this information to provide you with the requested videos. We share this information with the third-party video provider. Such third-party providers may process personal data for their own purposes. We may also embed videos from other services such as YouTube (provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.). You can review the YouTube privacy practices here: policies.google.com/privacy. These service providers are subject to change, and we encourage you to review their privacy practices when using the relevant service.

Sharing such information with YouTube, or other video service providers may constitute a “sale” of your personal data under the CCPA. To exercise your right to opt-out of such sharing contact us using the contact details provided above in “Who we are and how to contact us”. If you opt out of sales, we may not be able to provide you with these services.

Social networks integrations

Some social network plug-ins are integrated in our website and services. When you use these plug-ins, we collect your identifiers and Website Data. We use this information to provide the social network integration in our website and services. We will also share your identifiers and Website Data with these social networks. The legal basis for processing your data provided to us via social media integrations is GDPR article 6.1(b) if you are using social media to register or sign into our services. Additionally, we process your data based on GDPR article 6.1(f) to provide easy access to social media outlets via our website and also to improve our services by making them more interesting and convenient to you as a user.

The social networks may process your personal data for their own purposes. The social media integrations are provided for your convenience and are subject to change. Always review the current social media providers and their privacy practices when interacting with us through such providers. We do not have any control over these social media networks and how they process the personal data they collect. Please refer to their privacy policies and privacy controls. Please note that the social media networks may transfer your data to countries outside of the European Economic Area (such as the United States of America). Since the social media networks collect data also via cookies, we recommend you familiarize yourself with their cookie practices and check the cookie settings in your browser.

Sharing your personal data with these social networks may constitute a “sale” of your personal data under the CCPA. To exercise your rights to opt-out of such sharing, please contact us using the contact details provided above in “Who we are and how to contact us”. If you opt out of the sale, we may not be able to offer these integrations to you.

Using our services

This section describes how we process personal data and customer content in the WeAre services. This is in addition to “Data collection on our website and our services” above which is focused on third-party integrations generally across our website and Web App and how we collect and process Website Data.

Personal data in the context of our services includes:

data related to you as the user of our service (that is, when you are logged in as a registered user (Creators), such as identifiers like email address and IP address
personal data that may be included in the customer content managed in our services if our customers choose to manage such content in our services, and
request headers in the API calls from customer applications (like websites to which the customer content is delivered from our service) can include personal data such as IP addresses that may belong to the end user of the customer application - like in any Internet service. This could include both Creators and Learners.

Purposes and legal basis for processing personal data

In respect of any of the personal data mentioned above, to the extent required to provide our services, we process such data as a data processor on behalf of our customers pursuant to an agreement with such customer. The legal basis for such processing is GDPR article 6.1(b).

To register for our services, we collect your identifiers such as your email address, name or alias, and IP address. We will also collect the date and time of registration and log-ins and log the actions taken in the services. For paid use of our services, we will also request additional personal data from you or your organization, including identifiers such as address and payment details. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and subscription data for a period of ten years. We share your identifiers and payment information with our service providers for service provision and payment processing purposes.

We collect Website Data from logged-in users and combine it with identifiers (such as your signup data) and information about how you use our services as well as firmographic data about the business you work in and your role in that business. In such cases we process the data as a controller based on GDPR article 6.1(f), our legitimate interests to provide our product development and engineering teams with accurate usage data and to make our customer success operations, marketing and sales messages more helpful and relevant. We will retain the data for as long as we consider the data to be valuable for purposes of product development, customer success and support as well as marketing.

To the extent that we use any tracking technologies, such as cookies, the legal basis for processing such data is GDPR article 6.1(a) in respect of data originating from the European Union, that is your consent that we request via a cookie consent manager implemented in the Web App (see in “Account Settings” in the Web App). Please see the separate cookie notice on this site available via https://wearelearning.io/legal.

Customer content used in our services

This section explains how the WeAre services work. This section doesn’t apply to anyone visiting our website but the actual operation of our training creation services.

Logged-in users (Creators) can upload to our services a variety of content such as text, voice data and images to create high quality simulations. Such customer content may occasionally include personal data, such as voice data of individuals. Our customers are responsible for the customer content uploaded to or authored in our services. We will only process such customer content as necessary to provide our services. Customer content is hosted in our services running on Microsoft Azure in the European Economic Area as described in our FAQ webpage available on this site. AI generated simulations of customer content is currently processed through Microsoft Azure in the United States. The legal basis for processing is GDPR article 6.1(b) (customer contract). More information about Microsoft Azure and OpenAI and their privacy practices can be found here: https://privacy.microsoft.com/en-us/privacystatement and https://openai.com/policies/privacy-policy.

Support tools

To be able to communicate better with our customers and users of our services, we may use communications and support tools on our website and in the Web App. For the chatbot integrated on our website, please see “Integration of certain analytics and marketing services”.

This involves transferring your data to any such support tools. Such data includes your name or alias you use in our services as well as timestamp and IP address. Also, the contents of our communication are routed via the service provider platform. We will ensure that any service provider providing support tools is committed to complying with the European Union’s data protection regulations.

To the extent that we use any support tools to communicate with you while you are logged in as a registered user, we process your data on the basis GDPR article 6.1(b), that is our contract with you to provide you with customer support and a communication channel between you and us, as well as GDPR article 6.1(f), that is our legitimate interest to ensure a more efficient and convenient user and customer support experience. If you are not logged in as a registered user, we process your data on the basis of GDPR article 6.1(f).

Please note that you may be able to request and receive support via other means too, such as those tools described in section “Contacting us and interaction in our communities”.

Contacting us and interaction in our communities

In this section we give an overview of data collection and processing when you interact with us directly, not on our website or in our services.

General

We may use third parties to process the data you submit to us (our customer relationship management tools or providers of communication services) and we may combine such data with other data we may have, for example data regarding your subscription and contract in our billing tools or firmographic information about your business and your role in the business. We do this to ensure we provide the best possible customer support and user experience and we may also use the data for our product development and marketing purposes if we are legally allowed to do so, including through the use of web beacons and pixels in our newsletters (additionally, please see “Marketing” and the separate cookie notice available via https://wearelearning.io/legal.

We do not have any influence over whether certain of such third-party providers process personal data for their own purposes. This can be the case if you, for example, use a social media platform to communicate with us. Please review the privacy policy of the applicable third party to ensure you are aware of such processing. For general information about our sharing and transferring personal data, please see “Data transfers and how we share personal data”. If such sharing constitutes a “sale” of your personal data under the CCPA, you may be able to exercise your rights to opt-out of such sharing. In such a case, please contact us using the contact details provided above in “Who we are and how to contact us”. If you opt out of such a sale, we may not be able to provide the relevant service to you.

Contact forms and support requests

There are various ways to contact us, for example by email or by using contact or support forms or a feedback tool on our website or via various social media platforms. If you contact us, we collect your identifiers such as your email address or social media profile name, and other personal data you choose to include in such contact. We will use your personal data to respond to your inquiry. If you do not provide us with any additional information we may request, we may not be able to properly handle your request. The contact forms or the applicable web page will inform you in more detail about the use and sharing of your personal data in that specific context (for example a sign-up form may explain with whom we may share data for that specific sign-up, such as for an event).

The legal basis for processing your data is GDPR article 6.1(f) and 6.1(b). The former, to be able to address your inquiry and provide you with the information and services you request and to improve our services. Additionally, the latter, if the contact is made with the intention of concluding a contract or if you are already a WeAre customer, for example to provide customer support that you may request.

Because the communications services we may use are subject to change, please contact us to inquire what services we use at any given time. For customer communications and support services, please see also in “Using our services” to read more about these communication tools.

Your interaction in our community

Slack channels

WeAre offers various Slack channels for purposes of communicating with us and other WeAre users or interested parties. These channels are provided to us by Slack Technologies Limited (One Park Place, Upper Hatch Street, Dublin 2, Ireland). Use of Slack is subject to Slack’s own terms available here: slack.com/terms-of-service/user.

When you use the Slack channels, we collect your identifiers and other personal data you choose to submit to the channels. We will process your personal data in this context as the administrators of the WeAre Slack channels for purposes of managing the channels and our relationship with you. The data we process is such that you will voluntarily submit in Slack channels (such as your posts) and your sign-up information or data that we have from you or your organization to enable inviting you to the Slack channels. Our processing is based on GDPR article 6.1(f) where our legitimate interests are to provide WeAre users and interested parties with a community to share their experiences of using WeAre services and to enhance the user and customer experience for example by way of providing a channel for best practice sharing.

From time to time, we may integrate third-party services with Slack. Such third-party services may share information from such services with Slack or vice versa. Please review your privacy settings in such services to manage data sharing from such third-party services.

To learn how Slack processes personal data, please review the Slack privacy policy available here: slack.com/privacy-policy.

Video conferencing

When attending a video conference organized by us, your personal data will be necessarily processed.

Such data includes: identifiers (such as name, email address, optional profile photo), content (such as voice and video calls, chat messages, files, whiteboards and other information shared in the video conferencing service), metadata related to the meeting and telephony or other connectivity data (such as meeting topic, start and end time, participant IP addresses, device/hardware information, phone number).

WeAre currently uses services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.

While using Google Hangouts, some data will be disclosed to other call participants and to meeting hosts. For example, when you attend a meeting, your name may appear in the attendee list. Turning on your video camera, your image and possibly your surroundings will be shown. If you send chat messages or share content or your screen, they can be viewed by others in the chat or the meeting.

Calls will not be recorded without permission. WeAre meetings that are primarily internal, such as company-wide town halls and training sessions, are recorded by default to allow later viewing by those who could not participate in the live session.

WeAre processes personal data for these purposes based on legitimate business interests (effective communication with relevant stakeholders) in accordance with GDPR Article 6.1(f). If the video conference relates to a contract, we additionally process data based on GDPR Article 6.1(b). Where applicable, call recording is based on consent as per GDPR article 6.1(a). Data is retained for as long as reasonably needed for each specific purpose.

Personal data will generally be shared with Google to provide the underlying service. Recordings may be stored in repositories such as Google Drive. Meeting invitations, which may include personal data, are typically sent using email and calendar services provided by third party service providers. Google is committed to EU data protection principles under data processing agreements containing the EU Commission approved “standard contractual clauses” in accordance with GDPR article 46.2(c).

Newsletters, whitepapers and reports

This section explains how you can subscribe to or otherwise obtain more information about our company. Please note that we address marketing communications in a separate section below (see “Marketing”): for example, if you are an existing customer and have not unsubscribed from such communications, you may receive marketing communications from us as explained in that section.

You may have the possibility to subscribe to email newsletters on our website, which we use to inform you regularly about various topics related to our company and services. You may also have the opportunity to download white papers and reports from our website. In such cases you may also have the opportunity to opt in to receive marketing communications from us.

When you subscribe to a newsletter or when you download whitepapers or reports, we collect the personal data requested in the applicable form, such as email address to be able provide the requested information and materials. Processing your personal data in this context is based on GDPR article 6.1(f) where our legitimate interest is to promote our company by serving you with information and materials that you are interested in. Additionally, we may ask your permission in such request forms to approach you with marketing communications. Giving your permission is of course optional. In such a case processing your data is based on your consent as per GDPR article 6.1(a), as may be applicable to you. All our newsletters include a link to manage your subscription preferences: you can always opt out of our newsletters. You can also always contact us through the contact details given above in “Who we are and how to contact us” for assistance.

We may analyze how recipients interact with the newsletters. They may contain so-called web beacons or tracking pixels. We use them to collect your identifiers such as your email address and to collect your internet activity, such as when the newsletter is read, and which links are clicked. We use this personal data, combined with other personal data we may have on you, such as your employer as well as your role in that organization, to create inferences about you. We use this data to tailor the newsletter to your inferred interests and your organization. We perform this type of analysis and process the related data for as long as we reasonably believe that you (or your organization) could become or remain a customer. After such time or after you have opted out of such communications, we retain contact details to ensure we no longer send newsletters to those who have unsubscribed. The legal basis of this kind of processing is GDPR article 6.1(f) where our legitimate interest is to analyze the use of our newsletters and to optimize and tailor them to provide more suitable information to the subscriber.

Surveys and user research

We occasionally send out surveys, conduct user and other research and may invite you to participate in such surveys and research so that you can provide us with your feedback and ideas. Participation in our surveys and user research is of course voluntary.

We will process personal data in that context for purposes of our legitimate interests in accordance with GDPR article 6.1(f): to provide our product development and marketing teams with relevant information and to enable such research projects, for example to organize meetings and video or phone calls. To record video or audio calls or to make screen captures, we will ask for your permission. In such cases processing your data is subject to your consent in accordance with GDPR article 6.1(a), as may be applicable to you.

The surveys and research may take different forms from face-to-face discussions to video or audio calls or online survey forms. You may be able to participate via different methods, such as via our website, through a third-party website or a survey form. Please note that such third-party tools (such as web forms or survey tools that you may be directed to) may process personal data for their own purposes, such as via cookies. Because third-party tools are subject to change, please ask us at the time of participating if you would like to know more.

In each case we will collect your identifiers such as your contact details and IP address, as well as sensory information such as video and audio recording (if you give us your consent, where applicable). A video usually captures your device screen while you are interacting with our services but may also capture images of you or your surroundings. An audio recording typically captures your comments while you use our product and your answers to our questions. We will also collect the personal data that you voluntarily give to us in such surveys and research, for example as may be included in your answers.

We collect and use your personal data to the extent needed to carry out the research and to stay in touch with you for any possible follow-up. We may share your personal data, including your identifiers and sensory information, with third parties who act as our service providers. Such service providers are subject to change, so please ask us at the time of participating in the research and familiarize yourself with the privacy practices of the applicable provider.

We will keep the research data, including your personal data, for as long as we consider the research data to be useful, for example for product development purposes. The exact time depends on the research, the answers and the possible use case.

Visiting our premises; events and training

In this section we describe how personal data is processed when we are in touch in person or for example in an online training environment.

Events

WeAre may organize, host or participate in various events. These may take place at our offices or at third-party venues. If you attend an event, we collect identifiers such as your contact details. We use this information to organize and manage these events and to contact you afterwards for follow-up and marketing purposes (for marketing, please see the section “Marketing” below). The legal basis for processing your personal data related to events depends on your relationship with WeAre. For example, if you are a customer or a prospective customer, the legal basis will be GDPR article 6.1(b), that is your contract or intended contract with us, and 6.1(f), where the legitimate interests are related to organizing and managing the events and our legitimate marketing purposes.

You can register as a guest or a speaker on our website or via a separate registration form that we may send to you. When you register, we collect identifiers such as your contact information and other personal data that we reasonably need to organize and manage the related event. We take photographs, videos, and audio recordings at live events, so when you attend a WeAre live event you are agreeing to be photographed and recorded. Event photographs and recordings may be used by us for promotional purposes.

Certain events may allow you to register for various meetup groups via third-party services. When you register through a third-party service, the third-party service will share certain personal data with us. Please refer to the privacy policies of such third-party services and their privacy settings to control the data they share with us.

We may share your identifiers and other registration information with third-parties or also receive personal data from third-parties (for example, event hosts and organizers and third-party platforms or services used to organize events or our business partners participating or jointly organizing the event) for purposes of registration, for organizing and managing events (for example to dispatch event materials) and for marketing purposes. Some of these third parties may be located outside of the European Economic Area (please see “Data transfers and how we share personal data” above). Please refer to the third party’s privacy policies to review and control the data that you have allowed them to share.

We will retain your data for as long as it is necessary to organize and manage the event and for follow-up and marketing communications (see “Marketing” below). If you are a customer, we may retain the data for as long as required for purposes of the customer relationship.

Training; Webinars

We may provide you with opportunities to participate in training and webinars. Training may be organized at our offices or by or with third parties, for such training please see “Events” above. In each case (whether on-site or online training or webinars) we will make additional and more detailed information available in conjunction with the training (for example, by linking relevant privacy policies to our learning portal or the web page or registration form that we may use). Feel free to approach our organizers for more information on processing your personal data or get in touch with us via the contact details provided above (see “Who we are and how to contact us”).

Data processing may vary depending on the venue, partners and organizers or tools and facilities used to provide the training. In some instances, if we record the training, we will collect your sensory data as may appear in such recordings. The organizers or host venue may also collect additional personal data for their own purposes. Please refer to their privacy notices for their use of your personal data.

When we provide online training or webinars, we share your personal data with third parties to facilitate the provision of training content (such as online video or webinar providers or third-party learning management portals) or the business partners participating in or facilitating such training or webinars. Some of such providers (especially online training service providers) may reside outside of the European Economic Area, for example, in the United States of America (please see “Data transfers and how we share personal data” above).

Processing your personal data for training purposes is based on GDPR article 6.1(b) if you have a contract with us for such training, and additionally GDPR article 6.1(f) where our legitimate interests are ensuring a better customer experience and customer satisfaction and more efficient use of our services. The data is retained for as long as reasonably necessary for the training purposes and any legitimate follow-up, such as for certification purposes.

Marketing

In this section we elaborate on our marketing practices. Please note that our cookie notice available on this site as well as other sections of this privacy notice may be relevant for marketing purposes too, such as “Newsletters, whitepapers and reports”.

Email marketing

We may send various email newsletters and marketing messages to different groups of customers and those who have expressed interest in receiving such messages from us (for example by expressing their interest at an event or by opting in in a web sign-up form). We may also send a newsletter to our premium/enterprise customers and partner newsletters to our technology and solution partners. The newsletters may include offers from our portfolio, news articles, information about our company events or events that we will attend, technical information, updates from our blog and updates from the WeAre community.

The newsletters discussed above in “Newsletters, whitepapers and reports”, as well as other communications from us, may be considered marketing. We only approach existing customers in accordance with and on the basis of statutory requirements related to marketing (including in accordance with GDPR article 6.1(f)) or based on newsletter subscriptions or marketing consent you may have given in accordance with GDPR article 6.1(a), as may be applicable to you. We will not process your personal data for such purposes if you request us not to do so. In such a case we will block your data for the relevant marketing purposes when you cancel your newsletter subscription or otherwise object to marketing communications or withdraw your consent, where applicable. Our newsletters will always include a link to unsubscribe or to manage your subscriptions.

Marketing tools integrated in our website

We use various marketing tools integrated into our website. These tools use cookies and similar technologies, which are discussed in the separate cookie notice on this site available via www.wearelearning.io/legal. Many of the marketing tools set so called third-party cookies and thereby collect and process data for their own purposes. Some of them are based outside of the European Economic Area. Their own use of data collected from our website is subject to their privacy policy available on their websites. Please review the cookie inventory available in the cookie consent manager implemented on our website and in the Web App for more details.

Use of cookie data for these purposes is based on your consent (GDPR article 6.1(a), as may be applicable to you) which we request via a cookie consent manager implemented on our website and in our Web App. In other cases, you can opt out of cookies by following the instructions in the cookie notice or by managing your cookie preferences in the cookie consent manager implemented on our website (see “Cookie Preferences” at the bottom of the page). Sharing your personal data with these third-party marketing service providers may constitute a “sale” under the CCPA. To exercise your right to opt-out of such sharing, please see the page “Do not sell / Data access request” on this site or contact us by using the contact details provided above in “Who we are and how to contact us”.

Security of personal data

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, abuse, loss and other disruption. To this end, we regularly review our security measures and adapt them to current standards.

How long we keep your personal data

We will retain your personal data only for as long as is necessary for the purposes set out in this privacy notice. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Children’s privacy

Our services are not designed to be used by any individual who is a child under the law of their jurisdiction. We do not knowingly collect personal data from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us using the details provided above in “Who we are and how to contact us” above. If we become aware that we have collected personal data from anyone under the age of 16 without verification of parental consent, we will take appropriate steps to delete that information.

Privacy Notice

Privacy Notice