I. COMPLIANCE WITH THE EU DATA PROTECTION DIRECTIVE 95/46/EC
LEO and its affiliated and subsidiary corporations operate globally. In many cases, LEO entities operate in jurisdictions considered by the European Union ("EU") to provide adequate levels of protection to the privacy of individual information. In order to ensure compliance with the EU Privacy Directive, LEO has put in place, as between all LEO entities, and any non-LEO entities that process data on its behalf, Standard Commercial Clauses pursuant to Article 26(2) of the EU Data Protection Directive. LEO’s Chief Privacy Officer ("CPO") is responsible for the company’s compliance and enforcement of the Policy and all data security issues. The CPO is available to any of its valued employees, customers, vendors, business partners or others who may have questions concerning the Policy or data security practices. Relevant contact information is provided below.
II. CHANGES TO THE POLICY
The practices described in this Policy are current Personal data protection policies. LEO reserves the right to modify or amend this Policy at any time consistent with the requirements of the developing international law, principles and practices relating to privacy, including the U.S.-Swiss Safe Harbour framework, the EU-US Privacy Shield Principles, Binding Corporate Rules, and current standard contractual clauses. Appropriate notice will be given on this website concerning such amendments.
This Policy applies to all Personal information received by LEO in any format including electronic, paper or verbal. LEO collects and processes Personal information concerning current and former Members and their respective family members, as well as Member applicants through this website, electronic mail, and manually. LEO is the sole owner of information it collects from current and former Members and Member applicants, customers, vendors and others. LEO will not sell or share this information with third parties in ways different than what is disclosed in this Policy. On a global basis, LEO will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Policy.
Personal information collected by LEO from Members and Member applicants is maintained at its corporate offices in England. LEO collects Personal information for, among other things, legitimate human resource business reasons such as compensation administration; filling Member positions; administration and operations of its incentive programs; meeting governmental reporting requirements; security, health and safety management; performance management; company network access; and authentication. LEO does not request or gather information regarding political opinions, religion, philosophy or sexual preference. To the extent LEO maintains information on an individual’s medical health or ethnicity (as legally required), LEO will protect, secure and use that information in a manner consistent with this Policy and any applicable law.
Personal information collected by LEO from prospective customers, consumers, vendors, business partners and others may be maintained at its corporate offices in England, or at other LEO facilities. LEO collects Personal information for, among other things, legitimate business reasons such as customer service; product, warranty and claims administration; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; internal marketing research; safety and performance management; financial and sales data; and contact information. All Personal information collected by LEO will be used for legitimate business purposes consistent with this Policy.
For purposes of this Policy, the following definitions shall apply:
- "Agent" means any third party that uses Personal information provided by LEO to perform tasks on behalf of or at the instruction of LEO.
- "LEO" means Learning Enterprises Organisation Limited, an English corporation, its predecessors, successors, subsidiaries, affiliates, officers, directors, divisions and business groups worldwide.
- "Personal information" means any information or set of information that identifies or could be used by or on behalf of LEO to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal information.
- "Sensitive Personal information" means Personal information that reveals race, ethnic origin, trade union membership, or that concerns health. In addition, LEO will treat as sensitive Personal information any information received from a third party where that third party treats and identifies the information as sensitive.
V. PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the Privacy Shield Privacy Principles (see: https://www.privacyshield.gov/welcome), and include:
- Your Right to be Informed:
LEO will inform you about:
- the types of personal data it processes;
- the reasons why it processes your personal data;
- if it intends to transfer your personal data on to another company and the reasons why;
- your right to ask LEO to access your personal data;
- your right to choose whether you allow LEO to use your personal data in a "materially different" way or to disclose it to another company (also known as the right to "opt-out"). When the data are sensitive, (that is, data that reveal, for example, your ethnic origin or the state of your health) LEO will to inform you about the fact that it may only use or disclose such data if you allow this (also known as the right to "opt-in");
- how to contact LEO if you have a complaint about the use of your personal data;
- the independent dispute resolution body where you can bring your case;
- Limitations on the use of your data for different purposes
LEO will only use your personal data for the purpose for which it has originally collected, or for which you have subsequently authorised. If LEO wants to use your data for a different purpose, this depends on how much the original purpose diverges from the new purpose:
- LEO will not use your data for a purpose that is incompatible with the original purpose;
- If the new purpose is different but related to the original one (i.e. "materially different"), LEO may only use your data if you do not object or, in the case of sensitive data, if you consent.
- If the new purpose is different from the original one but still close enough that it would not be considered as materially different, such use is permissible.
You also have a right to choose whether you allow LEO to pass on your personal data to another company. While you do not have such a choice when your data will be sent to another company (also known as an "agent") for processing on behalf, in the name and under the instructions of LEO, LEO will have to sign a contract with the agent that obliges the latter to provide the same data protection safeguards as contained in the Privacy Shield framework.
- Data minimisation and obligation to keep your data only for the time needed
LEO may only receive and process personal data to the extent they are relevant for the purpose of processing, and it has to ensure that the data used is accurate, reliable, complete and up to date. It is only allowed to keep your personal data for as long as necessary for the purpose of processing. It may keep your data for longer periods only if it needs them for certain specified purposes such as archiving in the public interest, journalism, literature and art, scientific or historical research, or for statistical analysis. If your data continue to be processed for these purposes, LEO will comply with the Privacy Principles.
- Obligation to secure your data
LEO will ensure that your personal data are kept in a safe environment and secured against loss, misuse, unauthorised access, disclosure, alteration or destruction, taking due account of the nature of the data and the risks involved in the processing.
- Obligation to protect your data if transferred to another company
As noted above (point 2), under certain conditions and taking into account the purpose for which it received your personal data, LEO may transfer them to another company. This can happen for instance when LEO shares your data (with a company that itself decides how to use the data, a so-called "controller") without you objecting to that or concludes a service contract with a (sub-) processor (a so-called "agent"). Irrespective of its location, within or outside the U.S., the company that receives the data must ensure the same level of protection of your personal data as guaranteed under the Privacy Shield framework. This requires a contract between LEO and the third party setting out the conditions under which the third party can use your personal data and its responsibilities to protect your data. This contract will have to require the third party to inform LEO of situations where it cannot continue to meet its obligations, in which case it must stop using the data.
- Your right to access and correct your data
You have the right to ask LEO to give you access to your personal data. This means that you have a right to have your data communicated to you but also to get information about the purpose for which the data are processed, the categories of personal data concerned and the recipients to whom the data are disclosed. You can then request the company to correct, change or delete them if they are not accurate, outdated or have been processed in violation of the Privacy Shield rules. LEO also has to confirm whether or not it holds or processes your personal data. You are normally not obliged to give any reasons as to why you would like to access your data, however, LEO may ask you to do so if your request is too broad or vague. LEO has to respond to your access request within a reasonable time frame. LEO may sometimes be able to limit your access rights, but only in specific situations such as when providing access would undermine confidentiality, breach professional privilege or conflict with legal obligations.
VI. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of Personal information should be directed to the LEO’s Chief Privacy Officer at the address given below. LEO will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal information in accordance with the principles contained in this Policy.
VII. LEO EMPLOYEES, AGENTS, SUPPLIERS AND INDEPENDENT CONTRACTORS
If you are an employee, agent, supplier or independent contractor of LEO, LEO will collect, use and disclose your personal information, including but not limited to your home address, employment history, education history, performance evaluations, sales results, banking information, spouse and dependents, national insurance number, and any other required information, for the purposes of administering the employment, agency, supplier or independent contractor relationship, including hiring, payroll and benefits administration, training, promotion and discipline, communications, payments, tax withholding, and other reasonable or necessary purposes.
Employees, agents, suppliers and independent contractors of LEO grant to LEO the right, without additional compensation at any time during or after the term of their employment or service, the right to: (1) publish their name, photograph and biographical data through any commercial or other medium, publication or means; (2) reproduce, distribute, and display their name, photograph and biographical data, statements, testimonials and other materials authored by them and to license or syndicate use of all such materials in any medium or form of communication, to others; and (3) use their name, photograph and biographical data, their statements, testimonials and other materials in any other publication produced by LEO. This grant of rights includes, but is not limited to, the right to adapt or otherwise use their name, photograph, and biographical data or any portion of their statements, testimonials and other materials alone or in conjunction with other materials, in all types of electronic, digital and computer-based media and technologies, as well as the storage, retrieval, transmission, display, output and reproduction of data through any such media and technologies.
In the event of the death or incapacity of a LEO Member, Personal Information of the LEO Member and his or her customers may be disclosed to the person or entity proposed to assume the departed LEO Member’s business.
VIII. INTERNET PRIVACY
LEO sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. LEO recognizes the importance of maintaining the privacy of Personal information collected through websites that it operates. LEO’s sole purpose for operating its websites is to provide information concerning products to the public. In general, visitors can reach LEO on the Web without revealing any Personal information. Visitors on the Web may elect to voluntarily provide Personal information via LEO websites but are not required to do so. LEO collects information from visitors to the websites who voluntarily provide Personal information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, or seeking employment. The Personal information voluntarily provided by website users is contact information limited to the user’s name, home and/or business address, phone numbers and email address. LEO collects this information so it may answer questions and forward requested information. LEO does not sell or share this information with non-agent third parties.
LEO may also collect anonymous information concerning website users through the use of "cookies" in order to provide better customer service. "Cookies" are small files that websites place on users’ computers to identify the user and enhance the website experience. None of this information is reviewed at an individual level. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. If visitors do so, however, some areas of LEO websites may not function properly.
LEO uses one or more companies to place advertisements for our products and services and those of third parties on our Site and third-party sites. Cookies and other technologies such as Web beacons or tags are used to measure the effectiveness of our ads and to determine the display of content and advertising to you based on your interests both on our site, as well as on third-party sites where you may visit. To support this interest based advertising solution, we, and companies who we have contracted with, may use anonymous information about your visits to our and other Web sites. The information collected and used by this process is always anonymous, and does not enable any third-party to identify you individually.
Although it is our hope that you find the display of advertising to you based on your anonymous interests valuable, if you would prefer not to participate in the services offered through these solutions, you can always opt-out of this activity by visiting the Network Advertising Initiative (NAI) website by clicking http://www.networkadvertising.org/managing/opt_out.asp.
LEO’s websites are not directed toward children. Nevertheless, LEO is committed to complying with applicable laws and requirements, such as the United States’ Children’s Online Privacy Protection Act ("COPPA"). LEO website users have the option to request that LEO not use information previously provided, correct information previously provided, or remove information previously provided to LEO. Those that would like to correct or suppress information they have provided to LEO should forward such inquiries to:
Attention: Chief Privacy Officer
LEO Global Office
Battle Barns Preston Crowmarsh
The inquiries should include the individual’s name, address, and other relevant contact information (phone number, email address). LEO will use all reasonable efforts to honor such requests as quickly as possible.
LEO websites may contain links to other "non-LEO" websites. LEO assumes no responsibility for the content or the privacy policies and practices on those websites. LEO encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of LEO.