We Protect Your Privacy

LEARNING TREE INTERNATIONAL INC. AND EU AFFILIATES

EU PRIVACY NOTICE FOR OUR CUSTOMERS AND OTHER BUSINESS RELATED PERSONAL DATA

1 WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA AND HOW TO CONTACT US

This Notice describes the steps Learning Tree International, Inc. and its EU affiliates (together “Learning Tree”, “Company”, “we” or “us”), part of the Learning Tree Group of Companies (“Learning Tree Group”, “we” or “us”), take to protect the personal data that we process about our customers and other business related personal data. Learning Tree is committed to the protection of the personal data that we process about you in line with the data protection principles set out in the European Union General Data Protection Regulation 2016 (“GDPR”).

Learning Tree’s EU affiliates are each responsible for making this notice accessible to their respective clients and prospects.

If you are an individual associated with one of our customers or vendors, the relevant data controller is the Learning Tree EU affiliate with which the company you are associated with has a contract. If you are a website user or associated with a prospective customer or vendor, the relevant data controller is the Learning Tree entity that you would contract with.

A list of Learning Tree’s EU affiliates and the relevant contact details for each are provided in Annex 1 to this Privacy Notice.

2 WHAT PERSONAL DATA WE COLLECT AND WHY?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting the personal data of our business contacts.

In each of the sections listed below, we describe how we obtain your personal data and how we will treat it.

Section 2.1 Representatives of our Existing or Prospective Customers and Vendors

Section 2.2 Visitors to Premises

Section 2.3 Website Visitors

2.1 Representatives of our Existing or Prospective Customers and Vendors

A - Sources of personal data

We may obtain your personal data from the following sources:

• a) from you directly;
• b) from a company that employs you, or your colleague, if you are an employee of our customer or vendor;
• c) from other entities within the Learning Tree Global Group of Companies;
• d) during networking events that we have either hosted, or sponsored, or attended;
• e) from publicly available sources (for example, your company website, or social media sites); and/or
• f) from other third party sources.

B - Personal data that we collect and process

We may collect the following categories of personal data relating to our corporate customers’ or vendors’ employees, officers, authorised signatories, and other associated individuals. This may include:

• a) name;
• b) salutation;
• c) business name;
• d) business address;
• e) business email address;
• f) business telephone number; and/or
• g) job title.

C - Why do we collect your personal data and what are our lawful bases for it?

If you object to us using your contact details for these purposes, including direct marketing, please send us an email to us using the relevant email address in Annex 1.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

2.2 Visitors to Our Premises

A - Sources of personal data

We may obtain your personal data from you directly and from our systems’ records.

B - Personal data that we collect and process

• a) name;
• b) business contact details;
• c) organisation;
• d) role; and/or
• e) image – CCTV.

C - Why do we collect your personal data and what are our lawful bases for it?

If you object to us using your contact details for these purposes, please send us an email to us using the relevant email address in Annex 1.

2.3 WEBSITE VISITORS

A - Sources of personal data

We may obtain your personal data from the following sources:

• a) from you directly (for example, at the time of subscribing to any services offered on our websites, including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
• b) from your device or browser; and/or
• c) if you contact us, we may keep a record of that correspondence.

B - Personal data that we collect and process

• a) name;
• b) username;
• c) email address
• d) operating system;
• e) browser type;
• f) cookie data (for more information please see our Cookie Notice);
• g) preferences regarding online marketing; and/or
• h) IP address.

C - Why do we collect your personal data and what are our lawful bases for it?

If you object to us using your contact details for these purposes, including direct marketing, please send us an email to us using the relevant email address in Annex 1.

Where we use cookies or similar technologies to fulfil this purpose we will seek your prior consent where required to do so by law.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

3 WHO DO WE SHARE YOUR PERSONAL DATA WITH

We do not sell your personal data to third parties.

Learning Tree Affiliates

We may share your personal data with other entities in the Learning Tree Group of Companies (see the list in Annex 1).

Third Party Courses

We may transfer your personal data to organisations that provide third party training courses, on the basis that these course operators are GPDR-compliant and will adhere to the requirements of data protection laws.

Our Service Providers

We may disclose information about you to organisations that provide a service to us, on the understanding that they will keep the information confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

• a) technical support providers who assist with our website and IT infrastructure;
• b) virtual classroom providers who assist with facilitating remote attendance;
• c) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
• d) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
• e) providers that help us generate and collate reviews in relation to our goods and services;
• f) providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes.

Company Mergers and Takeovers

We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business.

4 TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA

If and when transferring your personal data outside the EEA, we will only do so using one of the following safeguards:

• a) the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
• b) the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA;
• c) the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
• d) the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

International transfers within the Learning Tree Group are governed by EU Commission-approved Standard Contractual Clauses for Controllers and, where relevant, for Processors.

We may also transfer your data to third-party vendors outside the EU. Where we do so, the Standard Contractual Clauses or other safeguards approved by the European Commission are in place to safeguard that personal data.

You may request a copy of these agreements by contacting us using the relevant email address in Annex 1.

5 YOUR RIGHTS

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

• Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request personal data provided by you to be transferred in machine-readable format (“data portability”).
• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
• Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above, or where decisions about you are based solely on automated processing, including profiling.

These rights are not absolute and are subject to various conditions under:

• applicable data protection and privacy legislation; and
• the laws and regulations to which we are subject.

Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If at any time you decide that you do not want to be contacted for any purpose or if you would like to exercise any of your rights as set out above, you can contact us by emailing the relevant email address provided in Annex 1.

6 RETENTION PERIOD

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

7 WEBSITE VISITOR AND COOKIE NOTICE

Cookie Settings

1 COOKIES INFORMATION

Learning Tree International AB (‘we’ ‘our’ ‘us’) are committed to protecting and respecting your privacy. This website is operated by Learning Tree International AB, Fleminggatan 18, 112 26 Stockholm, Sweden. This section is our Cookies Notice; it tells you why we use cookies, the cookies we use and how you can manage the cookies stored on your devices.

2 WHAT ARE COOKIES?

A cookie is a small removable data file, typically of letters and numbers, downloaded on to a computer, smartphone or other device when the user accesses certain websites.

3 WHY DO WE USE COOKIES?

Cookies are used for a variety of reasons from making a website function more efficiently, to recognising a user’s device and tailoring that user’s experience to fit prior preferences. Cookies can also provide the owners of a site valuable information about how that site is being used. We use cookies to allow us to distinguish you from other users of our website, which helps us to provide you with a personalised experience when browsing our website and allows us to improve our site.

4 WHAT COOKIES DO WE USE?

The type of cookies we use are session cookies and persistent cookies. Session cookies are temporary files which last only as long as your browsing session and are erased once you close your browser. Persistent cookies are files that stay in your browser’s subfolders after you close your browser.

Please review the table below for more detailed information on the specific cookies we use.

Essential Cookies

Certain cookies are necessary for our website to function and cannot be switched off. If you block them, our website will not work properly with your computer.

Performance Cookies

These cookies allow us to measure and improve the performance of our site by counting visits, return visits and proving us with information about the pages that are most visited.

Third Party Cookies

These cookies are set by third parties to collect personal data about you to provide personalised advertisements and to provide analytics on the website.

4.1 Google Analytics

Our website uses Google Analytics to monitor how visitors move around the website and how they reached it. This is done so that we can see statistics on the types of content users’ access, find out the number of users that have visited the site before and collect information on how many users have visited our website. The Google Analytics application that we use is set to anonymise the data of our website visitor and cannot be used to identify individuals – they are only used for statistical purposes only. You can opt out of Google cookies here.

5 BLOCKING COOKIES

You have the option of whether to accept or deny cookies. However, choosing to block cookies may disable certain features of this site or prohibit the use of this site altogether. To deny or limit the use of cookies on your device you may set your web browser to deny the setting of any cookies, set your web browser to notify you when a cookie is set or you can delete set cookies later.

The process for blocking or removing cookies will vary from one web browser to the next.

For instructions on how to eliminate or restrict cookies through your browser settings please visit all about cookies.

For more information on how we protect your information please view our full Privacy Notice here.

8 Privacy Notice for Course Participants

1 INTRODUCTION

1.1 Learning Tree International AB (“Learning Tree” "we", "our", "us") is committed to protecting and respecting your privacy. Learning Tree is a provider of organisation-wide IT training, immersive learning, employee engagement and management training to corporate clients, government organisations, independent contractors, and individual customers. Should we process your personal data you can be assured that it will only be used in accordance with this privacy notice (‘Notice’).

1.2 This Notice sets out how and why we process personal data that we receive from you (or otherwise obtain about you).

1.3 This Notice may be amended from time to time. We will post changes to this Notice on our website and any changes will not take effect until a reasonable period of time has passed after posting.

2 DATA CONTROLLER

2.1 The data controller responsible for Processing your Personal Data is Learning Tree International AB, which is registered with company number 556282-4184 and maintains its registered office at Fleminggatan 18, 112 26 Stockholm, Sweden. You may contact us at this address or:

By email: sedataprotection@learningtree.se

By telephone: 46 (0) 8-506 668 00

2.2 Questions, comments and requests regarding this Notice may be emailed to our Privacy Officer at sedataprotection@learningtree.se or sent by post to the above mentioned address.

3 WHAT PERSONAL DATA WE COLLECT AND WHY

3.1 We collect various types of personal data about Course Participants including:

• Name
• Salutation
• Position/Title
• Department
• Business Contact Details (email address, office number)
• Training Needs in relation to the Training Programme

The purposes for collection and processing Course Participant Personal Data is outlined in the table below:

3.2 In some cases, it may be necessary for Learning Tree to process Special Categories of Personal Data about Course Participants, for example, about an individual’s disability or religion, in order to enable us to address their particular needs. Learning Tree will only process Special Categories of Personal Data about you with your explicit consent, and solely for this limited purpose.

3.3 For information as to how we use your cookie data, please see our Website Visitor and Cookie Notice.

3.4 When we record training sessions as part of delivering our educational services/ for the purpose of future use and benefit of our customer course attendees as well as course quality assessment, Learning Tree will notify the participants of the training session that the training session is to be recorded. Recordings are limited to internal Learning Tree use and access by the participants through their personal account on the learning management platform. Course participants will have the right to opt out of such recorded sessions.

4 HOW WE SOURCE YOUR PERSONAL DATA

4.1 We may obtain your personal data directly from you or from a company or organisation with which you are associated.

4.2 We may also obtain your personal data from publicly available sources or third parties.

5 SHARING OF YOUR PERSONAL DATA

5.1 We may disclose your personal data to other members of the Learning Tree International Group in Europe and the United States to facilitate:

• (a) course facilitation;
• (b) general course attendee administration;
• (c) information security services and IT support;
• (d) storage of personal data ;
• (e) marketing campaigns .

5.2 We may also disclose personal data to trusted third parties in and outside of the European Union, subject to various commercial safeguards, to enable them to:

• (a) provide us with IT systems and services;
• (b) provide virtual classrooms for remote trainees;
• (c) provide sandbox environments for trainees;
• (d) deliver courses provided by our trusted partners;
• (e) provide exam administration and certification services.

5.3 We may also use and disclose Personal Data that you provide us for other purposes if authorised by you.

5.4 If Learning Tree decides to sell or buy any business or assets, we may disclose your personal information to other parties related to the transaction. We will do so only where those parties agree to keep your personal information confidential and secure. If changes to the composition of Learning Tree or the Learning Tree group occur, any transfer or subsequent processing of your personal information by third parties will occur in line with the relevant provisions of this Notice.

6 SHARING YOUR PERSONAL DATA OUTSIDE OF THE EEA

6.1 We may also transfer your Personal Data to Learning Tree International, Inc. for purposes of administering Learning Tree’s training courses, including for the purposes of evaluating the quality and efficacy of Learning Tree’s courses, training methods, instructors, and marketing. Where we do share information with Learning Tree International, Inc., the EU Commission Standard Contractual Clauses (Controller-to-Controller) are in place.

6.2 We may transfer your Personal Data to Learning Tree International, Inc. for purposes of storage, aggregation, provision of a training sandbox, to facilitate remote course attendance. Where we do share information with Learning Tree International, Inc., the EU Commission Standard Contractual Clauses (Controller-to-Processor) are in place.

6.3 We may also transfer the Personal data of Course Participants to various third-party vendors outside the European Union in order to assist us with the delivery of online training and exam accreditation. International transfers of Course Participants’ Personal Data to third party vendors will be safeguarded by means of the following arrangements, adapted as necessary to meet the relevant requirements of the GDPR:

• (a) the transfers are subject to the EU Standard Contractual Clauses;
• (b) the processor is subject to Binding Corporate Rules for Processors; or
• (c) the transfer is to an organisation that is certified under the EU-US Privacy Shield framework, supplemented by the GDPR.

6.4 Individuals may request a copy of one or more of the agreements referenced in this section by contacting us using the contact details in paragraph 2.1 above.

7 HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Learning Tree only keeps the personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We will generally hold personal data collected for the purposes of complying with various legal obligations and regulations for the entire duration of our relationship with our Course Participants with regard to the provision of services and any applicable regulatory or retention period prescribed by law. We will retain information about you after your course has ended for as long as required for legal, regulatory, fraud prevention and legitimate business purposes.

However, we may retain data for longer periods, if required by law or if we consider it may be required for the purposes of dealing with potential claims.

8 YOUR RIGHTS

8.1 The GDPR provides you with certain rights in relation to the Processing of your Personal Data, including to:

• Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you.
• Request rectification, correction, or updating to any of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).
• Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you (e.g. if you want us to establish its accuracy or the reason for Processing it).
• Request the transfer of Personal Data provided by you (“data portability”).

Object to the Processing of your Personal Data in certain circumstances.

8.2 The exercise of these rights is not absolute and may be subject to certain pre-conditions and exemptions under the GDPR. Should you wish to exercise the rights accorded by the GDPR, please contact our Privacy Officer.

8.3 Please address any requests to exercise your rights to the physical or email address specified in paragraph 2.1 above.

9 COMPLAINTS

9.1 We strive to process your personal data in accordance with the applicable legal obligations but if you have any complaint(s) in that regard, please address your complaint(s) to our Privacy Officer.

9.2 You also have the right to lodge a complaint with the UK Information Commissioner’s Office (“ICO”) if you are not happy with how Learning Tree Processes your Personal Data and we cannot provide you with a satisfactory resolution to your request.

10 DEFINITION

The following terms used within this Notice are defined as follows:

“Course Participant” means an employee or independent contractor of a legal entity, corporation, or sole proprietor with which Learning Tree has a contract, who participates in a course of training and related activities, including but not limited to testing or assessment;

“Data Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data; where the purposes and means of Processing are determined by national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by national or EU law.

“Data Processor” means a natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Data Controller.

"European Economic Area" or "EEA" means the Member States of the European Union, plus Norway, Iceland and Lichtenstein.

“GDPR" means the EU General Data Protection Regulation 2016/679 including national laws implementing or supplementing the GDPR.

“Learning Tree International Group” means the group of companies directly, or indirectly, held and/ or controlled by Learning Tree International, Inc. (LTRE.PK), a company with its principal place of business at 13650 Dulles Technology Drive, Suite 400, Herndon, VA, 20171-6156, USA, which includes Learning Tree International Inc. itself.

“Learning Tree International AB” is a member of the Learning Tree Group, with its principal place of business at Fleminggatan 18, 112 26 Stockholm, Sweden.

“Personal Data” means any information relating to an identified or identifiable natural person (also referred to as ‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Special Categories of Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of identifying an individual, data concerning health or data concerning a natural person’s sex life or sexual orientation.

“Process” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.