Nimble Elearning Limited (Nimble) processes data for and on behalf of the Account Holder. As a Data Processor, Nimble is committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation) and ISO 27001. We collect information only which we can justify as reasonable and justifiable for the provision and communication of Nimble-related products and services as detailed on our marketing website.
The EU General Data Protection Regulation (GDPR) marks a step change for data protection and replaces the Data Protection Directive on 25 May 2018. GDPR simplifies and clarifies rules, and strengthens citizens’ rights in relation to their personal data. The GDPR abolishes the single country data protection acts and combines the data protection for all EU member states. When the UK leaves the EU, it will become an approved country and GDPR will continue to form part of UK law.
Data security and integrity is of paramount importance to Nimble. We’ve gone to great lengths to ensure that your personal data is secure and that our service is available 24/7. As a sign of our commitment to information security, we have developed our information security management procedures in accordance with ISO 27001 standards. In September 2017 we were awarded ISO 27001 accreditation by the BSi, who continue to audit our information security management procedures bi-annually.
Cyber Essentials is a UK government backed scheme that helps ensure organisations have implemented the five technical controls considered necessary to prevent the most common forms of cyber attack. In February 2020, Nimble Elearning was awarded Cyber Essentials certification by the IASME Consortium.
We may collect and process the following data about you:
We may collect information about your computer, including (where available) your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
Nimble Elearning will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.
Your personal data is stored within the EU and, unless explicitly agreed with the Account Holder, will not be transferred outside the EU. Your learners’ and users’ data is kept securely on your own password-protected database and will not be used for any purpose other than the delivery of online learning through your Nimble account.
Where you have been given (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Nimble Elearning will use personal information only to provide you with services relating to the Site. Personal information will not be passed to third parties.
We use information held about you in the following ways:
The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed. Should your Nimble account remain unused for a period of two years, or you request removal of your personal data without Nimble having legal grounds to object, then your personal information will be scheduled for deletion.
Data scheduled for deletion will be moved to a secure, encrypted ‘vault’ for no more than three years, before being permanently removed from all Nimble servers and backups.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
You have a right to withdraw consent for Nimble to use your personal data by contacting us. Should you feel that the personal information we hold about you is incorrect or inaccurate, you have the right to request that we rectify this. In both cases, please email@example.com.
You have a right to lodge a complaint with Nimble or with ICO (The Information Commissioner’s Office) directly, should you have a concern about our information rights practices at https://ico.org.uk/concerns/.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR gives you the right to access information held about you, to know why we have it, and how it will be used. Your right of access can be exercised in accordance with the GDPR and will be free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
Children aged 16 or under wishing to provide personal details to Nimble Elearning should get their parent/guardian’s permission to do so.