Keeping you and your data secure and compliant
We know that you just want to get to the good stuff – but we need to ask you to take a look at this first …
… at the bottom of this page you can return to checkout or proceed to registration.
Why this is important to us … and to you
We believe that everyone has the right to privacy and security of their personal and business data. We take every possible measure to hold no more information than is essential to the conduct of our work, and to protect that data in all reasonable ways. We regularly update our information, and the policies and security systems that surround it.
Our company’s over-arching GDPR and IT Security Policy is available to download via this site – see the link below, as is a print version of the remaining policy and arrangement information on this page.
You have chosen to register with this e-learning platform, either to access a sample module, or to undertake a programme with us. Thank you! We look forward to working with you.
To do this, we inevitably have to hold some simple data about you. In the case of a sample module, it is simply your name and email address, on the system itself. If you are undertaking a more in-depth programme with us, then you may be uploading other information, such as assignment notes, comments, discussion items etc (depending on the structure of the programme itself).
The holding of this information is covered by GDPR, so we must by law communicate the nature of our handling of that data, and formally seek your consent.
Who we are
We are first and foremost a change and leadership consultancy. We have worked for many years supporting our clients all over the world, as they work with large and small transformation challenges. Our work takes us into the heart of our clients’ worlds – and confidentiality and discretion are of the utmost importance.
Many of our clients have been asking us to develop new ways to deliver content, learning and new thinking in support of our ongoing consulting activity – and the Academy is the result of those collaborations.
We intend to continue to support clients with a wide range of consulting offers – and increasingly backed-up by leading edge learning packages, delivered just when our learners want them, in bite-sized chunks. The interactions on the platform will be subject to the same rigour of confidentiality that has characterised all our work for many years.
You can find out more about us from our website:
Privacy and data handling policy
What personal data we collect and why we collect it
This section explains all about the data we collect in the course of interacting with, registering and enrolling you – and while you undertake our programmes. Click on the toggles below to open out each section.
Communications and contact form
If you complete the “Contact Us” form on the site, then you will be providing us with your name and email address, and whatever details you choose to submit with your enquiry. We use this information only to respond to your request and your personal information is not added to any marketing lists. After responding to you, we will not store or use this data unless you ask us to.
You may be offered the choice to subscribe to our Newsletter – and it is up to you whether you wish to do so or not. This is covered later in this document.
Once registered with an Account, when you contact us – either using the messaging service which is built into the platform, or through normal email – you may be giving us additional information about you such as phone number (for example this might appear in your auto-signature), the contents of the message and/or attachments you may send us, and any other information that you attach or embed. We may also receive a confirmation when you open an email from us.
We may store that information until and unless you tell us to delete it.
In order to read/watch/explore the modules and lessons, we need to register you on our platform site, and then enrol you into that specific programme or package of resources. This guarantees that the package is secure and private, and only you (as invited person(s)) can see what you are studying and discussing. When we register you into an Account, we ask for your most basic contact information, including items such as name, company name (if relevant), and email address.
When you first enter the Academy platform, you are given the opportunity to add further personal information into your Profile – but there is no requirement for you to do so with the exception of changing your password to a more secure, complex one. There is no need to add any financial or other personal information in order to access a sample module or a paid-for corporate programme. If you are planning to access the ‘pay to use’ elements on the platform, you will be required to submit payment details to do so. How our site handles commercial transactions is covered later in this document/page.
If you are registering as part of a corporate programme, you may have already given your permission (via email) for us to upload your details for you as part of your group, with information provided by your employer. Once you are logged in, you have control over your own Profile. We ask you to immediately change your password to a complex one to protect the security of the whole site. We normally ask for your phone contact details for the dedicated Programme Manager, so that they can contact you to offer support if you find yourself having difficulty with any element for example. It is your right to choose not to give us this information.
We do not use your email address or phone number for any purpose other than to administer the programme for which you have been registered – unless you ask us to!
Media that you upload to our site
You have the opportunity to upload a Profile photo, but are not obliged to do so.
Your User Profile is not visible to anyone except you and the platform administrator(s), but the photo you upload to it will be visible to others in your programme group, with whom you may share a Discussion Group. You may choose to upload other media to accompany Assignments if requested by the nature of the exercise. Media submitted to the My Profile and Assignments areas of the platform are not public.
If you leave a comment or review on the site while logged in, then your User Profile photo will be attached to this – and this will be in the public domain. Therefore, if you upload images to the website, including your User Profile photo, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website should they be within the public pages of the site.
Information we collect when you use the platform
In the course of using our platform, you will be giving us certain personal data to store and use. Click on the toggles below to open out each section.
Cookies and other tracking technologies
As is true of most websites, our e-platform gathers certain information automatically and stores it in log files. This serves the purpose of speeding up access, simplifying procedures such as repeated logins, and remembering what stage you have reached in the consumption of the module, if you do not work through it all in one sitting.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article or post via our site, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
In addition, when you use this service from a range of different devices, we may collect certain information automatically from those devices – again, as all websites do. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services.
By default WordPress (which underpins our platform) does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However, some of our customised functions, plugins and embedded elements may collect personal data from technical processes such as contact forms, comments, analytics, and third-party streams of video or audio materials (see below).
In compliance with GDPR, the information referenced above in this paragraph may be considered personal information.
If you leave a comment on our site you may opt-in to saving your name, email address and website in the form of cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment, and for us to help spam detection. These cookies will last for one year.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
Embedded content from other websites
Many of our lessons use interactive content that contains a video that is hosted on YouTube (third-party) or Vimeo (third-party and our own videos). Both Vimeo and YouTube will set cookies on your computer. They use these cookies to help them and their partners to analyse the traffic to their websites. It is important that we embed videos from these sources as it improves modern and engaging delivery of our content and broadens your learning opportunities. Unfortunately, we are only able to control things advertising attachments on our OWN Vimeo channel (on which there are no adverts!). There may be times when a third-party video we are embedding for legitimate educational reasons has an advertisement attached to it which we would have preferred not to be associated with. If you notice something like this, please report it to us immediately.
- And for YouTube and other Google services – Click here for Google and YouTube
How we use your information and data
Click on the toggles below to open out each section.
We use the information we collect in various ways
- Provide, operate, and maintain our Platform/Services.
- Improve, personalise, and expand our Service to you.
- Understand and analyse how you use our Services – which is information that is both of use to us to improve delivery, and also anonymised analytics may be made available to your paying company sponsor if your programme is part of a corporate project. We never disclose learning content or personal information, but may, for example report statistically on progress of the group, and patterns that are emerging which may be useful information within the broader consultancy or change contract.
- Develop new products, services, features, and functionality of direct relevance to you.
- Communicate with you, including for customer service, to provide you with updates and other information relating to the Service.
- Process your transactions (if relevant).
- Find and prevent fraud.
- For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
Any information you provide us with will not be sold or distributed to any third party and will not be used by Lacerta for anything other than the original purpose you intended.
Who on our team has access
Members of our team have access to the information you provide us. For example:
- Your User Profile (Site Administrator(s) responsible Data Manager only).
- Your comments, discussion items and assignments (Teaching Faculty on your programme, and your Programme Manager only).
- Customer information like your name, email address, and phone number if you have given it to us – all Lacerta staff when and where it is relevant to the work.
- Other team members may have access to limited user information to help fulfil orders, process refunds and support you from time to time.
How long we keep your data
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will delete it on your request or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you register on the site, we also store the personal information you provide in your User Profile and participant actions on the platform. All users can see, edit, or delete their personal information at any time (except you cannot change your username). Lacerta Academy administrators and programme managers can also see and edit that information. We keep this data indefinitely, until and unless you ask us to delete it.
If you ask us to delete your User Profile and all associated data, it will take with it all the collected information about your username, password, account and personal details. If you ask us to delete your record, you will no longer have access after this point and any student records, assignments etc cannot be reconstituted.
Where your data is held and transferred
European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. The server system on which our platform is based is located in the United States of America. This means that data is transferring between you (wherever you are) and the USA and the UK.
- In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield
- In the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
Impact of Brexit
Because the Lacerta Academy Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, or third party data processors like our platform architects, Academy of Mine. Since Brexit has been enacted, Lacerta itself is sadly no longer an EU citizen! How this will impact new data laws over time is, at present, anyone’s guess. But we intend to maintain or exceed the strict standards required in the EU as a matter of best practice.
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU and we are happy to liaise with your GDPR representative at a company level to ensure confidence.
More information about our IT security is contained in our main company GDPR and IT Security Policy document which can be downloaded at the top of this page.
Who we share your data with
By default our platform does not share any personal data with anyone.
In the long term, should you choose to work with us on a project or programme, there may be occasions where we share information on and off platform with our close third-party Partners, Authors and Faculty Members. This is because we operate through a wonderful set of Associates and collaborating Organisations to assemble the best possible team. We will agree this with you at the time and no action is taken in this regard without your consent.
Under no circumstances will Lacerta sell or receive payment for licensing or disclosing your personal information or your users’ information on or from the platform.
- Google provides some additional privacy options regarding its Analytics cookies at Click here for Google Privacy and Analytics Policy
What third parties we receive data from
There are no third parties, including advertisers, on our platform importing data.
Automated decision making and/or profiling of data
Our site does not process automated decision-making, AI or machine learning (for example, allocating credit or aggregating data for advertising). No decisions are made about your data on our site without a human (us!) doing that work.
Other applications within the site and what they do
Click on the toggles below to open out each section.
If you have signed up for our newsletter you may receive emails from us. This includes but is not limited to transactional emails and marketing emails. The following applies:
- We will only send emails which you have explicitly or implicitly (registration, product purchase etc) signed up to.
- On signup we collect your email address, your name and the current web address where you sign up.
- We send our emails via our own server – at Lacerta Consulting Services Ltd. It may come from email@example.com, or from one of the faculty email addresses in the same account.
- Once you get a Newsletter email from us, we track if you open the email in your email client, and if you click a link in the email.
- We respect your browsers “Do Not Track” feature if enabled, which means we do not track your interaction with our Newsletter emails.
Buying stuff – WooCommerce, PayPal and Stripe
While you visit or browse our site, we will track:
- Products you have viewed – we may use this to, for example, show you products you have looked at.
- Location, IP address and browser type – we will use this for purposes like estimating taxes and shipping.
- Shipping address – we will ask you to enter this so we can, for instance, estimate shipping (where relevant) before you place an order, and apply relevant taxes.
When you complete a purchase from us, we will ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and for some purchases account information like username and password. We will use this information for purposes, such as to:
- Send you information about your account and order.
- Respond to your requests, including refunds and complaints.
- Process payments and prevent fraud.
- Set up your account for our store.
- Comply with any legal obligations we have, such as calculating taxes.
- Improve our store offerings.
- Send you marketing messages, if you choose to receive them.
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Payments may be administered through PayPal or Stripe. By using these services you may be sharing personal data with us and with an external service. For more information about the privacy policies of these services see:
We are committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
More information about our company-wide security and IT arrangements and GDPR compliance, please see our main company GDPR and IT Security Policy, available to download at the top of this page, which also covers our data breach procedures.
Your data protection rights under the General Data Protection Regulation (GDPR)
You have the following data protection rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information.
Should you opt into any of our marketing information options you have the right to opt-out of such communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Happy to proceed?
If you are happy with these privacy and security arrangements, please either register (if you are not directly purchasing a product) or return to checkout (if you are).
Please note that when we reply to you, it will come from firstname.lastname@example.org or email@example.com. It is useful to put these addresses in your contacts list now, to prevent replies going into your ‘Junk’ mailbox. If you don’t receive a reply in the next 48 hours, check this to see if it has disappeared in there! 🙂
Contact us if you have any concerns or questions
If you have any concerns or questions, please contact us here, or via email to firstname.lastname@example.org
If you are ‘good to go’ click on the link below to go through to registration.