Effective Date: 24th May, 2018

This Privacy Policy describes how We collect, use and disclose information, and what choices you have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, We have worked to make the Privacy Policy clearer and more understandable.

Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says We have to give you as a "data controller":

Our website https://www.coachingcloud.com ("the Site") is owned and operated by Wisdom11 Ltd, which is a UK Limited company registered in England under Company Number 7363602. Our Trading address is 4th Floor, 43 Berkeley Square, London W1J 5AP. Our Registered Office address is 15 Grove Place, Bedford MK40 3JJ. Our Data Protection Officer is Lucinda Stokes and they can be contacted at dpo@coachingcloud.com

Applicability of This Privacy Policy

This Privacy Policy applies to Our Platform ("The Coaching Cloud Platform") software ("the Coaching Cloud Software") and related services available on Our Site (collectively the "Services") and other interactions (e.g., customer service enquiries, webinars, etc.) you may have with Us. If you do not agree with the terms, do not access or use the Services, or any other aspect of Our business.

This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the Coaching Cloud Platform ("Third Party Services"), or any other third-party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the "Customer Agreement"), including the processing of any messages, files or other content submitted through Services accounts (collectively, "Customer Data"). The organisation that entered into the Customer Agreement ("Customer") controls their instance of the Services (their "Community") and any associated Customer Data. Individuals granted access to a Community by a Customer are "Authorised Users". This Privacy Policy applies to both Customers and Authorised Users. Therefore, in this Policy "you" means Customers and/or Authorised Users. If you are an Authorised User and have any questions about specific Community settings and privacy practices, please contact the Customer whose Community you use. If you have received an invitation to join a Community but have not yet created an account, you should request assistance from the Customer that sent the invitation.

Information We Collect and Receive

We may collect and receive Customer Data and other information and data ("Information") in a variety of ways. This Information may include personal information We collect including registration information and Information which is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law ("Personal Information"):

Customer Data

Customers or individuals granted access to a Community by a Customer ("Authorised Users") routinely submit Customer Data to Us when using the Services.

Other Information

We also collect, generate and/or receive other Information:

1. Community and Account Information. To create or update a Community account, you or your Customer supply Us with an email address, phone number, password, domain and/or similar account details. For details on Community creation, contact sales@coachingcloud.com. In addition, Customers that purchase a subscription for the Services provide Us (or Our payment processors) with billing details such as credit card information, banking information and/or a billing address.

2. Usage Information.

Services Metadata. When an Authorised User or Customer interacts with the Services, metadata is generated that provides additional context about the way Authorised Users work. For example, We log the Community, channels, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).

Log data. As with most websites and technology services delivered over the Internet, Our servers automatically collect information when you access or use Our Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

Device information. We collect information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether We collect some or all of this Information often depends on the type of device used and its settings.

Location information. We receive information from Authorised Users, Customers and other third-parties that helps Us approximate your location. We may, for example, use a business address received from Customer, or an IP address received from your browser or device to determine approximate location. We may also collect location information from devices in accordance with the consent process provided by your device.

3. Cookie Information. We use cookies and similar technologies in Our Services that help Us collect Information. The Services may also include cookies and similar tracking technologies of third parties, which may collect Information about you via the Services and across other websites and online services. For more details about how We use these technologies, please see Our Cookie Policy.

4. Third Party Services. Customer can choose to permit or restrict Third Party Services for their Community. Typically, Third Party Services are software that integrate with Our Services, and Customer can permit its Authorised Users to enable and disable these integrations for their Community. Once enabled, the provider of a Third-Party Service may share certain Information with Us. For example, if a cloud storage application is enabled to permit files to be imported to a Community, We may receive user name and email address of Authorised Users and Customers, along with additional information that the application has elected to make available to Us to facilitate the integration. Authorised Users and Customers should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Us. When a Third-Party Service is enabled, We are authorised to connect and access Information made available to Us in accordance with Our agreement with the Third Party Provider. We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services. For more information on and a list of Third Party Services, click here.

5. Contact Information. In accordance with the consent process provided by your device, any contact information that an Authorised User or Customer chooses to import (such as an address book from a device) is collected when using the Services.

6. Third Party Data. We may receive data about organisations, industries, Site visitors, marketing campaigns and other matters related to Our business from parent corporation(s), affiliates and subsidiaries, our partners or others that We use to make our own information better or more useful. This data may be combined with Information We collect and might include aggregate level data, such as which IP addresses correspond to post codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.

Additional Information Provided to Us. We receive Information when submitted to Our Site or if you participate in a user focus group, activity or event, request support, interact with Our social media accounts, take part in sessions (dates, locations etc), upload session notes or files, take part in conversations, upload content and training materials, provide feedback, set goals, or otherwise communicate with Us (for example for transactional purposes).

No one is under a statutory or contractual obligation to provide any Customer Data or Information. However, certain Information is collected automatically and, if some Information, such as Community setup details, is not provided, We may be unable to provide the Services.

How We Use Information

We are both a controller and a processor of Information. Customer is a controller of Customer Data and may be a processor too.

When processing personal data We shall (and Customer agrees to) act in accordance with Data Protection Legislation which shall mean the following legislation to the extent applicable from time to time: (1) national laws implementing the Data Protection Directive (95/46/EC) and the Directive on Privacy and Electronic Communications (2002/58/EC); (2) the General Data Protection Regulation (2016/679) (GDPR); and (3) any other similar national privacy law.

The following terms are given the definition as ascribed in Data Protection Legislation: personal data, process, (processed, processing or other are construed accordingly), processor, controller, data subject, personal data breach.

Customer Data will be used by Us in accordance with Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Services functionality, and as required by applicable law. Customer may, for example, use the Services to grant and remove access to a Community, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.

We use Information in furtherance of Our legitimate interests in operating Our Services. More specifically, We use Information:

1. To provide, update, maintain and protect Our Services. This includes use of Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at an Authorised User's request.

2. As required by applicable law, legal process or regulation. In such circumstances, We shall provide notice to you unless the relevant law or regulatory authority prohibits the giving of notice on important grounds of public interest;

3. To communicate with you by responding to your requests, comments and questions. If you contact us, We may use your Information to respond.

4. To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for specific Communities and Authorised Users. For example, We may improve search functionality by using Information to help determine and rank the relevance of content, conversation topics or expertise to an Authorised User, make Services suggestions based on historical use and predictive models, identify organisational trends and insights, to customise a Services experience or create new productivity features and products.

5. To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in Our Services, Our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, but only with your specific written consent, We sometimes send emails about new product features, promotional communications or other news about Us. These are marketing messages, so you can control whether you receive them.

6. For billing, account management and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and We use account data to administer accounts and keep track of billing and payments.

7. To investigate and help prevent security issues and abuse.

8. For the purposes set out in the paragraph below entitled "The Purposes For Which We Share And Disclose Information'"

9. In order to process the following information types; name, address, email address, password, IP address, Community name, Date of first sign up, date of renewal, date of last sign in and (for Customers) Domain and Vat number (if any)

10. In relation to the following data subjects: Customers and Authorised Users

We shall ensure Our staff who process personal data on your behalf are subject to obligations of confidentiality (either by contract or by statute);

As data processor We shall provide Customer (as data controllers) with reasonable assistance using appropriate and proportionate technological and organisation measures to meet their obligations with regard to data subjects (Authorised Users) exercising their rights under Data Protection Legislation; or with regard to data protection impact assessments; and/or where required consultations with the Information Commissioners Office;

We shall notify you without undue delay on becoming aware of a Personal Information breach

We shall, provided you give Us fourteen days written notice, make available to you information demonstrating compliance with Data Protection Legislation and/or allow you (or a third party on your behalf) to audit the same as may be required by Data Protection Legislation).

Data Retention

We shall, subject to legal or regulatory requirements, at termination or the date on which the service provision ends, at your request either delete or return such personal data processed on your behalf. Notwithstanding this, We will retain Customer Data in accordance with a Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Services functionality, and as required by applicable law. Customer may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Information. We may retain Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Information after you have deactivated your account for the period of time needed for Us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce Our agreements. In any event, We will conduct an annual review to ascertain whether We need to keep your personal data. Your personal data will be deleted if We no longer need it.

The Purposes For which We Share And Disclose Information

This section describes how We may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and We do not control how they or any other third parties choose to share or disclose Information.

1. Customer's Instructions. We will solely share and disclose Customer Data in accordance with a Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Services functionality, and in compliance with applicable law and legal process.

2. Displaying the Services. When an Authorised User submits Information, it may be displayed to other Authorised Users in the same or connected Communities. For example, an Authorised User's email address may be displayed with their Community profile.

3. Customer Access. Customer representatives and personnel may be able to access, modify or restrict access to Authorised User Information. For information about your Community settings, please contact help@coachingcloud.com.

4. Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Information and support Our business, and you consent to such usage. These third parties may, for example, provide virtual computing and storage services.

5. Third Party Services. Customer may enable or permit Authorised Users to enable Third Party Services. When enabled, We may share Information with Third-Party Services. Third Party Services are not owned or controlled by Us and third parties that have been granted access to Information by a Customer may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the provider or the Customer who set up your Community for any questions.

6. During a Change to Our Business. If We engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Our assets or stock, financing, public offering of securities, acquisition of all or a portion of Our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.

7. To Comply with Laws. If We receive a request for information, We may disclose Information if We reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how We respond to requests to disclose data from government agencies and other sources.

8. We can disclose Information to other businesses in Our group, which means Our subsidiaries, Our ultimate holding company and its subsidiary as defined in Section 1159 of the UK Companies Act 2006;

9. To enforce Our rights, prevent fraud, and for safety. We may disclose Information to protect and defend the rights, property or safety of Us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.

10. We may disclose or use Information for the purpose of verifying your identity, updating and enhancing your records, providing appropriate instructions or information to others working for you, including those located outside the EEA, and for statutory returns;

11. With Consent. We may share Information with third parties but only when We have your specific prior written consent to do so.

12. For Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Information for any purpose. For example, We may share aggregated or de-identified Information with prospects or partners for business or research purposes, such as telling a prospective customer the average amount of time spent within a typical Community.

Notwithstanding the previous sentence, in the event that We use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under GDPR, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from Us. This right does not apply where (a) the decision is necessary for the entry into, or performance of, a contract between the you and Us; (b) the decision is authorised by law; or (c) you have given you explicit consent.

Where We use your personal data for profiling purposes, the following shall apply:

a) Clear information explaining the profiling will be provided, including its significance and the likely consequences;

b) Appropriate mathematical or statistical procedures will be used;

c) Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and

d) All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.

We rely on you (as Customer or Authorised User) to obtain any consents necessary under applicable data protection laws to permit you to provide, and Us to process, the applicable Information for these purposes.

From time to time We may send information about Our company, legal developments, or future events to individuals on Our databases. If you prefer Us not to do this, please let Us know by emailing help@coachingcloud.com at any time.

We will not collect more Personal Information than We need for the purposes set out above, and We will not retain such Personal Information for any period longer than required to carry out the purposes set out above.

You can ask Us not to use your Information for marketing. You can do this by emailing help@coachingcloud.com at any time.

Under Data Protection Legislation, you also have the right to:

* request access to, deletion of or correction of, your Personal Information held by Us at no cost to you;

* request that your Personal Information be transferred to another person (data portability);

* be informed of what Personal Information processing is taking place;

* restrict processing;

* object to processing of your Personal Information; and

* complain to a supervisory authority.

To enforce any of the foregoing rights or if you have any other questions about this Privacy Policy, please contact Us at dpo@coachingcloud.com.

Security

We take security of data very seriously. We work hard to protect Information you provide from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the Information We collect, process and store, and the current state of technology. We shall take all reasonable, proportionate and appropriate measures to comply with the security requirements of Data Protection Legislation and Customers (to the extent that they are a Data Processor) agree to do the same.

Any payment transactions will be encrypted. If We give you a password, you must keep it confidential. Given the nature of communications and information processing technology, We cannot guarantee that Information, during transmission through the Internet or while stored on Our systems or otherwise in Our care, will be absolutely safe from intrusion by others.

Age Limitations

To the extent prohibited by applicable law, We do not allow use of Our Services by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided Us with Information, please contact Us and We will take steps to delete such Information.

Changes To This Privacy Policy

We may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or We may make changes to Our business. We will post the changes to this page and encourage you to review Our Privacy Policy to stay informed. If We make changes that materially alter your privacy rights, We will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. If you are an Authorised User, contact the Customer if you wish to request the removal of Personal Information under their control.

International Data Transfers

You agree that We may transfer your collected Personal Information to storage outside the European Economic Area (EEA) and will do so by employing appropriate safeguards as required by GDPR. You acknowledge and agree that it may be processed outside the EEA to fulfil your order and deal with payment.

Co-Operation

We, Customers and Authorised Users shall co-operate and reasonably assist the other with any and all requests, notifications or other communications any of us may receive from either a data subject or the Information Commissioners Office (ICO) having regard to Personal Information processed in respect of this Contract.