This privacy policy applies to your use of our online language learning courses and mobile application (the “Service”). The Service is provided by LILY INTERNATIONAL EDUCATION INSTITUTE and we will be the data controller in respect of your personal data. You can contact us with any questions regarding this policy or your personal data by emailing admin@lily.institute .
CONTENTS
- Introduction
- About the Service
- How, when and why we collect personal data
- Who has access to your personal data
- How long we store personal data for
- How we keep personal data safe
- Cookies
- International transfers
- Your rights as a data subject
1. INTRODUCTION
This policy relates to ‘personal data’, which means any information which identifies or relates to you (or any other identifiable individual). It also uses the term ‘processing’, which means any operation, action or activity (such as storage, transfer, access, deletion) which involves personal data.
This policy explains what personal data we collect, how and why it is used and kept safe. It also sets out your rights in relation to your personal data. This policy is designed to ensure that your information is used in a fair, lawful and transparent manner in accordance with applicable data protection laws including the General Data Protection Regulation 2016/679 and/or the UK GDPR (‘Data Protection Laws’).
2. ABOUT THE SERVICE
The Service allows you to access our online language learning programs and resources. When using the Service you will provide and generate personal data (such as your name, profile information and study data) which we need to process in order to provide the Service. Please note, this policy only relates to the Service and it does not govern any other collection or use of your personal data.
3. HOW AND WHY WE USE PERSONAL DATA
The table below provides an overview of what personal data is collected from students, why it is collected, and how it is used.
| Types of personal data collected | When the data is collected | Purpose for collection | Legal basis for processing |
|---|---|---|---|
| Name, email address and password | Upon registration | To identify end users and provide the Service |
The processing is necessary for the performance of a contract with the User. Alternatively, this information may also be used for the purposes of our legitimate interest in operating and providing the Service. |
| Audio of spoken language | When you complete longform recording activities | To allow you to share with teachers or review | |
| Avatar details (Optional) | during the Writing for Business course | To provide end users with an avatar at their request | |
| Information about your language ability and course progress | When you use the Service | To provide the Service and enable end users to use its functionality | |
| Personal data within correspondence (e.g. email signatures and metadata) | When you contact us, for example if you lodge a support request, provide feedback or opinions | To communicate with end users and keep a record of our communications | The processing is necessary for our legitimate interests in operating and providing the Service |
In limited circumstances, personal data may be used on the basis of your consent. In these cases your consent will always be clearly requested. You are, of course, free to refuse consent and you will be informed as to what (if any) consequences this might have. Even if you have consented to processing, you can withdraw your consent at any time.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA
Your personal data will be kept private and confidential and used for the purposes explained earlier in this policy (such as providing you with access to the Service). Our personnel (including employees and contractors) will have access to personal data where necessary. For example, course tutors, teachers and coaches will be provided with an end user’s name (users may also choose to provide additional information during the course of interacting with these persons in connection with their learning).
Some of the third parties who provide services to us may have access to your personal data. This includes support providers and software providers. However, these third parties will only process personal data (which may include your information) for specified purposes and in accordance with our strict instructions pursuant to the terms of a written contract.
5. HOW LONG WE STORE PERSONAL DATA FOR
Personal data is stored for as long as is necessary for the purposes described in this policy (or for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements). To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you delete your account, or your licence to access the Service is terminated or expires then your personal data will be stored for a short period after which it will automatically be deleted (typically within 6 months).
6. HOW WE KEEP PERSONAL DATA SAFE
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. This includes both physical security measures (such as keeping paper files in secure, access-controlled premises) and electronic security technology (such as sophisticated encryption protocols, digital back-ups and anti-virus protection).
As explained above, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to legal and contractual confidentiality obligations.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any supervisory authority of a breach when we are legally required to do so.
7. COOKIES
We use the following cookies:
Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and make use of the Services. If you block or refuse these cookies, the Service may not function as intended.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences. These cookies require your consent.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
| Cookie | Type of cookie | Purpose |
|---|---|---|
| session | Essential | keeping track of a logged-in user |
| jwt / lesson / course | Essential | encrypted shared session information for lesson |
| relsConfig & wmConfig | Essential | configuration for course front-end |
You can choose to set your web browser to refuse cookies, or to alert you when cookies are being sent.
8. INTERNATIONAL TRANSFERS
In the event that we export data outside the European Economic Area (EEA) or the UK then we will take steps to make sure that any personal data they process is adequately protected and transferred in accordance with Data Protection Laws, usually by one ensuring the recipient is in a country which provides adequate protection for personal data, or else by implementing contractual safeguards.
9. YOUR RIGHTS AS A DATA SUBJECT
Data Protection Laws provide you with certain rights in relation to your personal data. These are as follows:
- The right to access your personal data. This enables you to receive a copy of the personal data we hold about you.
- The right to request correction or completion of personal data. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- The right to request erasure of your personal data. This enables you to ask us to delete or remove personal data (though this may not apply where we have a good, lawful reason to continue using the information in question). You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to processing of your personal data. You can object to us processing personal data on the basis of our legitimate interests or for direct marketing.
- The right to restrict how your personal data is used. You can limit how we use your information (which means we’ll restrict how we use the data so that it’s stored securely and will typically only be accessed in case of a legal claim).
- The right to have a portable copy or transfer your personal data. We will provide you, or (where technically feasible) a third party, with a copy of your personal data in a structured, commonly used, machine-readable format. Note this only applies to automated information which we process on the basis of your consent or in order to perform a contract.
- The right to withdraw consent. If we are relying on consent to process your personal data, you have the right to withdraw that consent at any time.
Responding: We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply. We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
Fees for making a request: You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
How to make a request: If you want to exercise any of the rights described above, please contact using the details at the start of this policy. You have the right to complain to a data protection supervisory authority if you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled. Details of EEA supervisory authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en or, if you are in the UK, you can contact the Information Commissioners Office (www.ico.org.uk).