We collect personal information including the name, email address, phone number, country of residence and, where relevant, name of employer and position title. From time to time we might also collect other information volunteered by users (that is, entered on our system or our website or provided to our team) or given to us with consent of users or by use of cookies (e.g. IP addresses – please refer to the Cookies and log files heading below). We also retain information about the learning activities undertaken by users, including course completion. The credit card details provided by users, when they pay for our products and services, are passed directly to our payment processor and are not retained by us.

• to identify and authenticate users, including administrators and associated learners;
• to allow users within an organization (e.g. within an employer) to communicate with each other;
• for support or response purposes, when users request support or make an inquiry;
• to plan, improve, tailor, optimize and promote our products and services for users;
• to provide users with relevant information and offers of courses and other services that we believe might be of interest to users, which we may do by email;
• to manage users’ accounts;
• to send users prizes, certificates or Scholarships to use our courses and other services and products;
• to provide learners with a lifelong digital learning record; and
• for contractual and other lawful legitimate business purposes or for the establishment, exercise or defense of legal claims.

           Our affiliates and other third party service providers to Shichida Cloud, which may include cloud based customer relationship, content management and hosting services and involve application programming interfaces, are also given access to some or all of the above information for similar purposes. For example:

• our course content providers may have access to names of learners enrolled in the providers’ courses;
• our distribution partners, who offer our content for sale through their own platforms or who otherwise integrate with our software, may collect, and handle the same enrolment information; and
• our implementation partners may have access to the information we collect for the purpose of assisting us and our distribution partners to develop our systems to offer and deliver our products and services.

            All such third parties are bound by the same laws and regulations that we are, wherever they are located in the world, and we require them to adopt and apply data protection policies and practices that are consistent with this policy. Users need to understand that their choice not to provide certain personal information, as described above, will limit, or prevent their ability to access and use our products and services.

           We ordinarily ask for consent from users to collect, process, manage, store and use personal information, as set out in this policy, including when users purchase or request a trial of our products or services, as a prerequisite to such purchase, trial and use. This is ordinarily done on-line, as part of registration (including for trial purposes) or of course enrolment. When users ‘get in touch’ with us via the contact page on our website or directly to shichida.cloud they will voluntarily provide the kind of information set out above.

           We hold information only for so long as is necessary for the purposes set out above; in this, we are guided by our contractual obligations and by other lawful legitimate business interests. For example, we commit to learners that we will retain their digital learning record for life, as part of our service. If, at any time, a learner wishes us to delete or transfer their learning record, they may do so as set out below.

           Upon registration, administrators and learners have ongoing access to their online accounts, within which they can correct inaccuracies or update or add information. Additionally, they (and other users such as those who trial our products and services) can request us to:

• make changes to their accounts, including to personal information;
• send to them, or to transmit to another controller, all of their stored personal information (in which case we will do so in a structured, commonly used and machine-readable format);
• restrict processing of specific personal information; or
• delete information.

           Similarly, users may withdraw their consent for us to hold any or all their personal information by request and may unsubscribe to any or all emails through the automated facility sent with each email. As mentioned above, these actions or requests will limit the ability of users to access and use our products and services. It may be the case that, for contractual or other lawful legitimate business purposes, we retain and use an archived version of users’ personal information, which may be pseudonymized, anonymized or otherwise de-identified. We have facilities in place to request affiliates and other third parties, as necessary, to amend or delete personal information held on their systems.

           We work hard to protect Shichida Cloud as well as Shichida Myanmar and our users from misuse, interference, loss, unauthorized access, modification, or disclosure of information we hold. In doing so, we apply technical and organizational measures to ensure a level of security appropriate to the risk including:

• analyzing and assessing privacy and security issues, risks and impacts during the design and development of new features and solutions for our products, services and delivery platform, governed by guidelines and security standards for our IT developers;
• ensuring confidentiality, integrity, availability and resilience of processing systems and services (for instance, we restrict access to personal information to Shichida Cloud and Shichida Myanmar employees, contractors; affiliates and other third parties described above, who need the information for the purposes described above and who are subject to strict contractual privacy and confidentiality obligations);
• the ability to promptly restore availability and access to personal data in the event of an incident;
• regular review and testing of our information collection, storage and processing practices, including physical security measures, aimed to ensure security of data processing; and
• as we deem necessary, pseudonymization and encryption (e.g. using SSL) of data; for example, for the purpose of transfers, when data is encrypted and access is restricted at rest.

           We are guided in these activities by ISO/IEC 27001:2013, the international standard that describes best practice for an information security management system and by the ‘Guide to securing personal information (‘Reasonable steps’ to protect personal information)’, dated January 2015, issued by the Office of the Australian Information Commissioner.

           We allow limited use of various technologies to collect and store information when users visit our website; this may include using cookies (i.e. a string of unique data that a website stores on a user’s computer and that the user’s browser provides to the website each time the user returns) or similar technologies to identify the user’s browser or device. For example, at the time of publication of this policy, we use Intercom (for our support tools, including chat within an organization of learners) and Google analytics and mix panel (for website traffic metrics and analytics). This helps us to optimize our users’ experience and to continually improve and tailor our products and services for users.

           Users may set their browser to block all cookies or to indicate when a cookie is being set.

           We automatically log IP addresses, browser types and dates/times, which assist with our support efforts, diagnoses of user-initiated issues and queries, and audits for security purposes.

           We acknowledge the various data breach obligations in each of the jurisdictions in which we operate. We commit to promptly identify and respond to any breaches, to act to prevent harm and to report, if and as required, to the relevant supervisory authority and users.

           Our Privacy Policy may change from time to time. We will not reduce users’ rights under this Privacy Policy without their explicit consent. We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice (which may include email notification of Privacy Policy changes). We will also keep prior versions of this Privacy Policy in an archive for review by users upon request.

           As mentioned above, requests to access, update, restrict or delete personal information can be made to Shichida Cloud. We will gladly provide the contact details of the relevant supervisory authorities within the countries in which we operate. We aim to respond to all inquiries and complaints within 30 days.