SessionLab Privacy Policy

1. Introduction

TrainedOn OÜ (“TrainedOn,” “us,” or “we”) respects the privacy and personal information of the members of the SessionLab community. This Privacy Policy applies to information we receive when you use our website or the SessionLab software (collectively, the “Service”).

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

  • What information we collect about you
  • How we use the information we collect
  • How we share information we collect
  • How we store and secure the information we collect
  • How to access and control your information
  • Other important privacy information

This Privacy Policy is an agreement between TrainedOn and you, as the user of the Service. By accepting our Privacy Policy during your subscription to the Service you indicate your consent to the use of your personal information in a manner described in this policy. Please read carefully our Privacy Policy.

If you do not agree with this policy, do not access or use our Service or interact with any other aspect of our business.

Information related to the use of cookies is set out in our Cookie Policy.

If you have any feedback or suggestion on our Privacy Policy, please do not hesitate to share it with us under privacy@sessionlab.com.

2. Definitions

Service: means the functionality of SessionLab that you can reach by visiting and using our website at www.sessionlab.com and any of its subdomains (e.g. app.sessionlab.com, www.sessionlab.com). It allows you to create and share session plans, organize your session content, and browse and create session resources.

Content: means any materials, such as session plans and resources, library blocks presentations, handouts, exercises, links, pictures, comments or any other content that you enter or upload to SessionLab.

Personal Data: means any information relating to an identified or identifiable natural person, within the meaning of Article 4 (1) of Regulation (EU) 2016/679 (General Data Protection Regulation).

3. Information we collect

We collect and process different types of information from or through the Service. Some of this information qualifies as Personal Data. The legal bases for TrainedOn’s processing of your Personal Data are primarily that the processing is necessary for providing the Service in accordance with TrainedOn’s Terms of Service and that the processing is carried out in TrainedOn’s legitimate interests, which are further explained in the “How We Use the Information We Collect” section of this Policy. We may also collect and process information upon your consent, asking for it as appropriate.

3.1. Information provided by you

When you use the Service, as a User you may provide, and we may collect Personal Data. Examples of Personal Data include name, email address, billing address and credit card information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual.

Account and Profile Information

We collect Personal Data about you when you register for an account, modify your profile, set preferences or make a purchases through the Service. For example, you provide your name, username and e-mail address when you register for the Service. You also have the option of adding a profile photo, bio, and other details to your profile information to be displayed in our Service. We keep track of your preferences when you select settings within the Service.

Content you provide through the Service

Your use of the Service will involve you upload or input various Content (as defined in the Terms of Service) into the Service. You control how your Content is shared with other users.

This Content includes any information about you that you may choose to include. Content also includes the files and links you upload to the Service. Examples of Content we collect and store include sessions and session blocks you create, files you attach to blocks, the name of a team, comments you enter in sessions.

By design, SessionLab is not intended to host Personal Data in the Content you create, however you still may decide to upload or input data in your sessions that qualify as Personal Data. TrainedOn has no direct relationship with the individuals whose Personal Data it hosts as part of your Content. You are responsible for providing notice to your customers and third persons concerning the purpose for which you collect their Personal Data and how this Personal Data is processed in or through the Service as part of your Content.

Information you provide through our support channels

The Service also includes customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. When you contact us via our support channels, open a support ticket or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Payment Information

We collect payment and billing information when you subscribe for any of our paid Service Plans. For example, we ask you to designate a billing representative, including name and contact information. You might also provide payment information, such as payment card details, which we collect and securely share with the payment processing service we use. We do not store your payment information.

3.2. Information collected automatically

We collect information about you when you use our Service, including browsing our websites and taking certain actions within the Service.

Your use of the Service

We keep track of certain information about you when you visit and interact with our Service. This information includes, but is not limited to the features you use; the actions you perform for example clicking on a button or on a link; the type, size and filenames of attachments you upload to the Service; frequently used search terms; and how you interact with other users within the Service.

We log an array of specific events (such as for example ‘Block created’, ‘Page loaded’, ‘Session view changed’, ‘Error’, etc…) with their attributes to allow us to analyse site usage, service improvement and to provide effective support in case of customer support requests.

We also may use these technologies to collect information regarding your interaction with email messages sent by us, such as whether you open, click on, or forward a message.

Device and Connection Information

We collect information about your computer, phone, tablet, or other devices you use to access the Service. This device information includes your connection type and settings when you access or use our Service. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Service.

This is information we collect from everybody, whether they have an account or not, in order to better understand how our website visitors use the Service and to monitor and protect the security of the website.

Cookies and Other Tracking Technologies

TrainedOn and our third-party partners, such as our analytics partners (for example Google Analytics and Mixpanel), use cookies and other tracking technologies (e.g. web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Service and devices. For more information, please refer to our Cookie Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

3.3. Information we receive from other sources

We receive information about you from other Service users, from third party services and from potential business and channel partners.

Other users of the Service

Other users of our Service may provide information about you when they submit Content through the Service. For example, you may be mentioned by someone in a comment, or a collaborator may upload content about you to a session. We also receive your email address from other Service users when they provide it in order to invite you to the Service. Similarly, a team administrator may provide your contact information when they designate you as a billing contact for a team account.

If you choose to use our invitation service to invite a colleague or friend to the Service, we will ask you for that person’s contact information, which may include their email address and automatically send an invitation. We store the information you provide to send the invitation, to register the person if your invitation is accepted, and to track the success of your invitations.

Other services you link to your account

We receive information about you when you integrate or link a third-party service with our Service. By authorizing us to connect with a third-party service, you authorize us to access and store your name, email address, profile picture, and other information that the third-party service makes available to us, and to use and disclose it in accordance with this Policy.

For example, if you create an account or log into the Service using your Google or LinkedIn credentials, we receive your name and email address as permitted by your Google or LinkedIn profile settings in order to authenticate you. We use this information only to log you into our Service with your Google or LinkedIn accounts, we do not use this information for any other purposes.

You may also integrate our Service with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Service. For example, you may authorize our Service to access and display files from a third-party document-sharing service within the Service interface. The information we receive when you link or integrate our Service with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Service.

Other partners

We may obtain information, including Personal Data, from third parties and sources other than the Service. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

4. How we use the information we collect

We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:

4.1. Operating the Service

We use information about you to provide the Service to you, including to process transactions with you, authenticate you when you log in, and operate and maintain the Service.

Below you may find some of the most common examples how we use your information:

  • We need to identify you in order to provide the Service for you and to keep your account accessible only to you, and we need your email address for this.
  • We need to collect information that makes you recognisable to users you collaborate with and to identify you for the public content you create. We use your name, profile photo and profile information to display for other users you decide to collaborate with.
  • We need to store and display to you the content that you input in the application in order to provide you with the Service, and we use the data you input to the application for this purpose.
  • We personalize our Service, such as remembering your settings and preferences for site usage so that you will not have to re-setup them during each visit. We apply cookies to obtain such information.
  • We ask for credit card and billing information as we need to charge you any fees and provide receipts if you are subscribed to a paid service plan

We may access your Content only as necessary (i) to maintain, provide and improve the Service; (ii) to resolve a support request from you; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of our Terms of Service; (iv) as reasonably necessary to allow TrainedOn to comply with or avoid the violation of applicable law or regulation.

4.2. Improving the service

We are always looking for ways to make our Service smarter, faster, secure, integrated and useful to you. We collect and analyse events (such as Page Loaded, View Changed or Errors) and preferences of users in an aggregate way together with feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for improvement of the Service. We may also test certain new features with some users before rolling the feature out to all users.

4.3. To communicate with you about the Service

We use your contact information to send transactional communications via email and within the Service, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.

Depending on your settings, we send you email notifications when you or others interact on the Service, for example, when you are invited to a session or a collaborator comments on a session where you are invited to.

We also provide tailored communications based on your activity and interaction with the Service. For example, certain actions you take in the Service may automatically trigger a message with a suggestion that would make that task easier. We also send you communications as you onboard to the Service to help you become more proficient in using it.

These communications are part of the Service, and in few cases, where regulations bind us, you cannot opt out of them. For example, we are mandated to send you a reminder for the renewal of an annual paid subscription. If an opt-out is available, you will find that option within the communication itself or in your account settings, as described below in  “Opt out of communications.”

4.4. To market, promote, and drive engagement with the Service

We use your contact information and information about how you use the Service to send promotional communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of the Service, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below in “Opt out of communications.”

4.5. Customer support

We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Service. In order to provide effective support, we may need data about the technical setup you are using the application with (such as device and browser information) and contextual information about your usage the application (such as usage history of the application and navigational data)

4.6. For safety and security

We may use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.

4.7. To protect our legitimate business interests and legal rights

Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

4.8. With your consent

We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Service, with your permission, or we may send you additional content digest emails or newsletters with your consent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

5. How we share information we collect

Except as described in this Policy, we will not intentionally disclose your information, including your Personal Data or other Content that we collect or store on the Service to third parties without your consent.

We do not share, sell, rent, or trade Personal Data with third parties for their commercial purposes.

We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

5.1. Sharing with other Service users

When you use the Service, we share certain information about you with other Service users.

For collaboration

You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your workspace administrator (if applicable) select.

Some of the collaboration features of the Service display some or all of your profile information to other Service users when you share or interact with specific content. For example, when you comment on a library block, we display your profile picture and name next to your comments so that other users with access to the block understand who made the comment. Similarly, when you join a team, your name and contact information will be displayed in a list for other team members so they can find and interact with you.

Please be aware that some content in the application can be made publicly available by its creator, for example, a block in the library, meaning any content posted on that block, including information about you, can be publicly viewed and indexed by and returned in search results of search engines. You can check both the session and library block settings at any time to confirm whether a particular piece of content is public or private.

Public content

Our Service offers publicly accessible content in certain areas of our website. You should be aware that any information you voluntarily choose to make public in the Service – including profile information associated with the account you use to post the information – may be read, collected, and used by any member of the public who accesses the website. Your posts may remain without personally identifiable profile information even after you terminate your account. We urge you to consider the sensitivity of any information you input into these areas of the Service.

5.2 Service Providers

We work with third party service providers who provide hosting, maintenance, backup, storage, analytics, help desk, payment processing and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our data protection agreements with them require them to maintain the confidentiality of such information. You may find more information about the measures we take for International Data transfer in Chapter8.

You may find here the list of third party service providers we work with.

5.3 Law Enforcement, Legal Process and Compliance

We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

5.4 Change of Ownership

Information about you, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the Personal Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

Content you created in the Service may be transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Content commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

6. How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within a reasonable timeframe.

You have the right to update and correct your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request a copy your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Service and using settings available within the Service or your account. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, or If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at privacy@sessionlab.com. You also have a right to lodge a complaint with data protection authorities.

6.1. Access and update your information

Our Service gives you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and update your profile information within your profile settings.

6.2. Deactivate access to a session or team

If a session is shared with you and you no longer want to have that session available to you, you can deactivate your own access to it within the Service.

If you want to leave a team you were added to, you may ask the administrator of the team to remove you.

Please be aware that deactivating your access to a session or to a team does not delete the information, for example, comments you created within that session or team, your information remains visible to other Service users. For more information on how to delete your information, see below.

6.3. Delete and modify information within your account

Our Service gives you the ability to delete certain information about you from within the Service. For example, you can remove or modify Content that contains information about you using the keyword search and editing tools associated with that content and you can remove certain profile information from your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

6.4. Delete your account

If you wish to terminate your account, all your information, including your Personal Data and Content you created in the Service will be irrevocably deleted. Termination can be initiated by sending an email at account-removal@sessionlab.com.

Please bear in mind that your information might not be removed from our servers immediately at the time of termination. Residual copies of your deleted Personal Data and Content might be kept for backup purposes however we do make sure not to keep them for longer than 30 days after terminating your account.

6.5. Opt out of communications

You may opt out of receiving promotional and service related communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us at privacy@sessionlab.com to have your contact information removed from our promotional email list or registration database.

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt out from receiving promotional messages from us, you will continue to receive certain transactional and essential administrative messages from us regarding our Service.

6.6. Cookie Control

The usage of browser-based cookies and your choices to control them are described in our Cookie Policy.

6.7 Data portability

According to Article 20 of Regulation (EU) 2016/679, you have the right to receive the Personal Data concerning you, which he you have provided to us. Should you request it, we will provide you with an electronic file of your account information from the Service.

7. How We Protect Your Information

We work with data hosting service providers in the territory of the European Union to host the information we collect, and we use technical measures to secure your data. We use generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, managerial and technical safeguards to protect Personal Data and Content against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data and Content in our possession.

This includes, for example, firewalls, password protection and other access and authentication controls. We continuously and regularly back up your data to help prevent data loss and aid in data recovery. We use SSL technology to encrypt data during transmission through public internet to better protect your information, and we also employ application-layer security features to further anonymize Personal Data.

If you have any questions about security on our Service, you may find more technical details at our Security support page or contact us as set forth in the “How to Contact Us” section.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data or Content has been compromised, please contact us as set forth in the “How to Contact Us” section.

If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

8. Data Transfer

We collect information globally and we work with data hosting service providers in the territory of the European Union to store the information we collect. This means that the Content you create in the application, for example, sessions you create and files you upload to the sessions are stored at data centers within the territory of the European Union.

We also use the services of further third party service providers to operate certain aspects of the service, for example emailing and analytics services. These services providers are either located in the European Union or in the United States. Some of information we forward to them falls into the category of Personal Data, such as your name, email address and IP address. We also forward device and browser information and usage data (events such as Blocks created, View Changed, Page Loaded, etc.).

When we share information about you with third party service providers, we make use of standard contractual data protection clauses (such as Data Protection Agreements), which have been approved by the European Commission. When we select third party service providers, we make sure that they are either Privacy Shield compliant or have executed Standard Contractual Clauses (as approved by the European Commission) that provide legal grounds for assuring that your Personal Data will receive an adequate level of protection within the meaning of Article 46 of Regulation (EU) 2016/679 (General Data Protection Regulation).

9. Data Retention

We only retain the information collected from you until you delete your account or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:

  • the data of deleted accounts are deleted from the production systems immediately after we process your deletion request.
  • backups of data are kept for up to 30 days from the date of deletion;
  • billing information is retained for a period of 7 years as of their provision to TrainedOn in accordance with the Estonian accounting and taxation laws;
  • information on legal transactions between Client and TrainedOn is retained for a period of 10 years as of their provision to TrainedOn in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.

10. Minors and Children’s Privacy

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an Account on the Service, then you may alert us at privacy@sessionlab.com and request that we delete that child’s Personal Data from our systems.

The Service is not intended to be used by minors and is not intended to be used to post content to share publicly or with friends. To the extent that a minor has posted such content on the Service, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this Privacy Policy. If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section. Please be aware that, although we offer this deletion capability, the removal of content may not ensure complete or comprehensive removal of that content or information.

11. Changes and Updates to this Policy

TrainedOn reserves the right to make changes to this Policy. If we make material changes, we will notify you, either through the user interface, in an email notification, or through other reasonable means. By continuing to use the Service after getting notified about the changes, you are expressing and acknowledging your acceptance of the changes. If you do not agree to the changes, please kindly unsubscribe from our Service. Otherwise the new terms and policies will apply to you.

12. How to Contact Us

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at privacy@sessionlab.com.