Adult English

Take Your English to The Next Level

Junior English

Support & Improve Your Child’s Learning

Senior English

Get Ready for Exams, University and a Life of Work

English For Exams

Your Route to Targeted Exam Success

English For Careers

Achieve in Your Current or Next Field of Employment

Learn more about Yes, Learn

Business English

The Courses to Fit Your Ambitions

Career English

Bringing English to Your Specialism

CORPORATE TRAINING SOLUTIONS

Meeting Your Team’s Training Needs

Flexible Programmes

Our Team Works Around Your Needs

Unique Billing Options

Even the Billing Arrangements Can be Flexible

Contact the team now

Get in touch

Facebook

WhatsApp

Instagram

Line

Learn more about Yes, Learn

GDPR & CCPA

Yes, Learn & Your Personal Information

Simply put, we take privacy and your personal information very seriously. Therefore Yes, Learn will not share with, sell or provide your identifiable personal information to any third-party. As our organisation evolves, if this needs to change, we will always seek your express permission before any change happens to the way we handle this data. Forever.

CCPA

In late June, 2018, California passed AB 375, a consumer privacy act that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect in May 2018. The California law doesn’t have some of GDPR’s most onerous requirements, such as the narrow 72-hour window in which a company must report a breach. In other respects, however, it goes even farther.

CCPA takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a law that allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.

Under the CCPA, consumers have the right to:

  • Ask about the categories and specific pieces of personal information a business has collected about them
  • Ask about the purposes for which the business uses that information
  • Ask the business to delete personal information it has collected about them
  • Request that their personal data not be sold to third parties

What data does the CCPA cover?

The California law takes a broader approach to what constitutes sensitive data than the GDPR. For example, olfactory information is covered, as well as browsing history and records of a visitor’s interactions with a website or application. Here’s what AB 375 considers “personal information”:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Characteristics of protected classifications under California or federal law
  • Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
  • Biometric information
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory or similar information
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes

An amendment, AB 874, currently awaiting the governor’s signature would exempt publicly available, deidentified and aggregate consumer information from being classified as PII. Publicly available information is defined as data available and maintained from government records.

The CCPA originally covered employee as well as consumer data. An amendment passed in April, however, exempts employee data from the regulation. Another amendment, AB 25, partially exempts personal information collected from job applicants, owners, directors, officers, medical staff, and contractors. This exemption would expire on January 1, 2021. AB 25 was awaiting the governor’s signature.

GDPR

What is the GDPR?

The GDPR, or General Data Protection Regulation (LINKS TO PAGE), is a European privacy law that went into effect in May 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed. The law impacts European companies and any business that targets European individuals or collects, uses, or processes the personal data of European individuals regardless of where the business is located. Essentially, this means the GDPR will apply to most organisations that process personal data of EU individuals—regardless of where they are established and regardless of where their processing activities take place.

About the General Data Protection Regulation

You’ve probably heard about the General Data Protection Regulation (GDPR), and you might have a few questions about it. Here’s some information about the law and how it affects Yes, Learn and our users.

This article is provided as a resource, but it’s not legal advice. We encourage you to speak to legal counsel to learn how the GDPR may affect you or your organisation.

What and who

The GDPR is a European Union (EU) privacy law that affects businesses around the world. It regulates how any organisation that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.

The GDPR replaces an older directive on data privacy, Directive 95/46/EC, and it introduces a few important changes that may affect Yes, Learn users.

About consent

Yes, Lean needs to have a legal basis, like consent, to process an EU resident’s personal data. Consent, it must be freely given, specific, informed, and unambiguous.

In order to verify that you have obtained adequate consent, you will need a written record of when and how someone agreed to let Yes, Learn process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.

About individual rights

The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data and can ask Yes, Learn to do certain things with that data. We should be prepared to support these requests in a timely manner. Individuals have the right to request their personal data be corrected, provided to them, prohibited for certain uses, or removed completely.

Yes, Learn should also be able to tell someone among other things, how their personal data is being used. If they ask, we’re obligated to share the personal data held on an individual, or offer a way for them to access it.

What does Yes, Learn do to comply?

  • Appointed a Data Protection Officer (DPO) to oversee our compliance program.
  • Continuously review our security measures to ensure any personal data we collect and process on our systems is adequately protected.
  • Ensure our Global Privacy Statement clearly explains Yes, Learn’s commitment to the GDPR, is transparent about how we use personal data, and gives individuals information about how they can exercise their data subject rights.
  • Provide our customers with GDPR-ready terms in our Data Processing Addendum and update our contracts with third party vendors to ensure they are GDPR-compliant.
  • Maintain formal processes around data subject rights to ensure we can help customers fulfil requests they receive.
  • Respond to and fulfil data subject rights requests in our role as a controller.
  • Complete Data Protection Impact Assessments to identify and minimize any risks from our processing activities.
  • Maintain accurate records of our processing activities, both as a processor and controller of personal data.
  • Pay close attention to regulatory guidance around GDPR compliance and making changes to our product features and contracts when they’re needed.
  • Certify annually with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks and continue to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles. 

Collect consent

Transparent data processing is mandatory, and it’s also an opportunity to strengthen your marketing relationships. We’ve updated Yes, Learn signup forms and pages to help us stay compliant with the latest laws.

If Yes, Learn is going to rely on consent to process the personal data of EU citizens, the GDPR says we must obtain specific consent from your contacts and clearly explain how you plan to use their personal data. Our GDPR-friendly fields include checkboxes for opt-in consent, and editable sections that allow you to explain how and why you are using data.

Yes, Learn stores your forms and contact data in case you need it in the future. If someone signed up through a Yes, Learn hosted form, we can export that audience and view information related to the signup. For additional evidence of consent, you may choose to turn on double opt-in.

If we rely on consent to process contacts’ personal data, double check whether the consent that we have obtained meets the GDPR’s standards. For example, check third-party integrations to be sure they don’t automatically add people to your Yes, Learn audience without an opt-in checkbox that clearly states how you’ll use that person’s data. We should also review the terms associated with any Yes, Learn add-ons or third-party integrations we use.

Understand individual rights

All Yes, Learn users can access their Yes, Learn data to correct or update information upon the request. Contacts can continue to update their own data, too, by contacting us or updating their preferences in any email they receive from Yes, Learn.

Resources

We want to help our users, but it’s important to note that the GDPR’s provisions could affect your business outside of how you use Yes, Learn. Here are some additional resources.

https://ec.europa.eu/info/law/law-topic/data-protection_en

Yes, Learn
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.