Experience Center is a solution offered by CRANIUM NV
Experience Center acknowledges the importance of data protection and privacy of personal data of its students and will treat the personal data of those concerned with due care. It explicitly confirms that all personal data will be processed in accordance with the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter GDPR).
The personal data that are processed through this Web Application, are being processed by Experience Center, a solution by CRANIUM NV, Excelsiorlaan 43, 1930 Zaventem, company number 645.867.372, as the controller of processing. From now on in this notice, “Experience Center” will be referred to as “The Controller”.
Principles for processing personal data
The Controller acknowledges the importance of data protection and privacy of personal data of its students and will treat the personal data of those concerned with due care. It explicitly confirms that all personal data will be processed in accordance with the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter GDPR).
Personal data can be defined as being any information relating to an identified or identifiable natural person (‘data subject’). The Controller may process the following data categories and attributes from a data subject (Student within the web application):
Personal identification data:
- Last name
- First name
- Professional or Personal email address
Behavior related data:
- Course completion (Completed/Not Completed + Completion date)
- Last login date
- Grades (Received after completion of courses and quizzes)
Technical identification data:
- IP Address (Every time a user logs in to the Experience Center Web Application)
- Password (Password of the user used to gain access to the Experience Center Web Application)
- The type of browser and operating system used (Captured by functional cookie to optimize layout and performance)
- Oauth2 bearer token (only in case of using Sign in with Google or Microsoft (Oauth 2)) (A bearer token is issued by a Microsoft or Google authorization server (after user permission) to be used by our Web Application for authentication of a Data Subject (student). This token allows our Web Application to verify with Microsoft or Google authorization servers that the Data Subject trying to log in to our Web Application is known (has an account) within the Microsoft or Google environment of our Customer (employer of the Data Subject (student))
The “Personal Identification Data” are received directly from the data subject or indirectly from the data subjects’ employer. The data subject shall have the right to further complete his “Personal identification data” once logged in to the Experience Center Web Application or after a request to firstname.lastname@example.org.
The controller will process these personal data of the students to achieve the following purposes:
- To invite users and provide them with access to the purchased (by the data subject or his employer) E-learning courses,
- Management of the student database,
- Provide support in case of questions related to the Experience Center Web Application,
- To provide updates on new or improved course material,
- Direct marketing purposes (such as promotions for the data subjects with regard to other or similar products and services provided by The Controller) (Only Company contact people or “Admins” within the Experience Center Web Application, no individual students)
- Guaranteeing operationality and security of the E-learning Web Application (Authentication, Authorization…)
Data subject rights
At all times, the data subject (student) has the possibility to exercise his rights described in the GDPR. The data subject can exercise the following rights:
- Right to information and access: the data subject always has the opportunity to request (a copy of) all collected personal data (including processing purposes, categories of personal data, estimated retention period) for inspection.
- Right to rectification: the data subject always has the opportunity to have incorrect personal data corrected.
- Right to erasure (“right to be forgotten”): If the data subject wishes to have his or her personal data removed, the data subject can always contact the controller via email@example.com to request the removal of personal data by a simple request that is free of charge.
- Right to object (For “Admins” or contact persons): if the data subject no longer wishes to be informed about any updates, receive direct marketing, the data subject is entitled to make such request by mailing to firstname.lastname@example.org or clicking on the unsubscribe-link available below any Experience Center branded email communications.
- Right to object (For “Students”): Please note that the data subject (student) is not always entitled to object to the processing of his/her personal data if such personal data is necessary for the execution of the agreement between The Controller and the data subject’s employer.
- Right to restriction of processing: in certain cases, the data subject is entitled to obtain the restriction of the processing of his or her personal data.
- Right to data portability: the data subject has the right to receive the personal data concerning him or her, processed by The Controller, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.
- Right to lodge a complaint: If, at any time, the data subject is of the opinion that The Controller infringes your privacy, the data subject has the right to lodge a complaint with the Belgian supervisory authority:
- Belgian Data Protection Authority
- Drukpersstraat 35, 1000 Brussels
- Tel: +32 (0)2 274 48 00
- Email: email@example.com
Accuracy, security and exchange of personal data
The Controller takes the appropriate steps to ensure that the personal data being processed by our application are accurate and, where necessary, kept up to date, corrected or erased without undue delay.
The Controller will refrain from disclosing personal data of the data subject to third parties as well as publicly disclosing data subjects’ personal data.
Personal data of data subjects will only be communicated to third parties or external parties provided that consent of the data subjects was obtained beforehand.
The Controller acknowledges that the protection of your personal data is an essential part of data protection. Where it is impossible to fully guarantee security, The Controller will apply the appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.
The Controller can capture (Personal) data using cookies. Cookies are small text files that are placed on the device used by the data subject to visit the Experience Center Web Application.
The Controller will only use these data for functional and performance purposes on a global level. The cookies used are thus only Functional and do not require prior consent from the data subject as their only intent is to assist the user. No (Personal) data stored within these cookies is provided to third parties for other purposes.
The Experience Center Web Application only uses two (in some cases three) cookies for the proper functioning of the Web Application. The data stored in these cookies is not used by or provided to any other websites or services. The cookies are not used for marketing and/or tracking purposes.
The following three cookies can be stored on your system for our web application:
- MoodleSession: Used to keep you logged in to the Web Application when you navigate through the website. This cookie only contains a session ID and the expiration date of the session ID.
- MDL_SSP_SessID: When Google or Microsoft authentication based on Oauth2 is used to login to the Web Application, this cookie is stored in addition to the MoodleSession cookie mentioned above.
- MOODLEID: This cookie is used to keep your username and fill it out automatically next time you visit the login page of the trainer. This cookie is purely for convenience and does not contain any other information then your username.
When you have any questions or concerns regarding this privacy notice, please contact us via firstname.lastname@example.org .
Remember to clearly state (full) name, email address and Company name when submitting a request for access, change or deletion of personal data, and to send a copy of an identification document so that the request of access, change or deletion with certainty relates to the right data subject.
Before sending a proof of identification, please make sure that the national identification/social security number and other non-relevant data are obfuscated.
Changes to our Privacy Notice
We may change this Privacy Notice from time to time due to changes in regulation or changes to the Experience Center Web Application.
New versions will be published to the Web Application. When we publish changes to our Notice, we will change the date and version number of the “last update” of our Privacy Notice.
Significant changes will be reported on our homepage. Nevertheless, we encourage you to read our Privacy Notice periodically as minor updates can occur.