Privacy Policy
Governing our services, including your use of our learning platforms and other offerings
Effective Date: 1st June 2025
1. Introduction
Adeptis Learning Ltd ("we," "our," or "us") is an EdTech company incorporated in New Zealand with company number 9324658 and NZBN 9429052664113, that provides global SaaS learning platform implementation, LMS hosting, online course delivery, IT advisory services (including Microsoft Azure hosting), and Learning & Development consulting to clients worldwide.
This Privacy Policy outlines how we collect, use, store, and protect your personal data in compliance with applicable privacy laws, including the New Zealand Privacy Act 2020, GDPR (EU/UK), CCPA (California, US), PIPEDA (Canada), Australian Privacy Act 1988, PDPA (Singapore & UAE), and other relevant regional regulations.
2. Information Privacy Principles
We comply with New Zealand's Information Privacy Principles under the Privacy Act 2020:
- We collect only necessary information with your knowledge and consent
- We store information securely using industry-standard measures
- We allow you to access and correct your information
- We only use information for disclosed purposes
- We do not retain information longer than necessary
- We take reasonable steps to ensure information accuracy
3. Data We Collect
3.1 Account and Contact Information
- Identity Data: Full name, job title, organization details
- Contact Data: Email address, phone number, postal address, country of residence
- Billing Data: Payment method details, billing addresses, tax identification numbers
3.2 Technical and Usage Data
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Platform interactions, course participation, login details, session duration
- Performance Data: System performance metrics, error logs, feature usage analytics
3.3 Regional Data Collection
For our global SaaS platform services, we collect:
- Location Data: Country, region, time zone for regional data centre assignment
- Compliance Data: Regulatory requirements specific to your jurisdiction
- Regional Preferences: Language, currency, local compliance needs
3.4 Learning Platform Data
- Learning Progress: Course completion, assessment scores, learning paths
- Content Data: User-generated content, forum posts, assignment submissions
- Administrative Data: User management activities, platform configurations
4. How We Use Your Data
4.1 Service Delivery
- Providing SaaS learning platform implementation and hosting
- Regional data centre allocation and data residency compliance
- Platform customization and white-labeling services
- Technical support and troubleshooting
4.2 Business Operations
- Processing payments and managing billing cycles
- Managing implementation credit programs and contract terms
- Monitoring service performance and uptime
- Ensuring platform security and preventing fraud
4.3 Legal and Compliance
- Meeting regulatory requirements in multiple jurisdictions
- Responding to legal requests and government inquiries
- Maintaining audit trails and compliance documentation
- Implementing data sovereignty requirements
4.4 Communication and Marketing
- Providing customer support and technical assistance
- Sending service updates and maintenance notifications
- Marketing communications (with explicit consent only)
- Platform usage analytics and improvement recommendations
5. Legal Basis for Processing
Our legal bases for processing personal data include:
5.1 Under GDPR and Similar Laws
- Contract Performance: Providing agreed services and platform access
- Legitimate Interests: Service improvement, security, fraud prevention
- Consent: Direct marketing and optional features
- Legal Obligations: Regulatory compliance and law enforcement requests
5.2 Cross-Border Processing
- Standard Contractual Clauses for EU data transfers
- Adequacy decisions where available
- Additional safeguards for sensitive jurisdictions
6. Data Sovereignty and Regional Processing
6.1 Regional Data Centres
We process and store data in Microsoft Azure data centres located in:
- New Zealand: Data stored exclusively in New Zealand data centres
- Australia: Australian data centres for Australian data residency
- Asia Pacific: Singapore, Japan, and other regional centres
- North America: US and Canada data centres
- Europe: Various EU data centres based on implementation requirements
- Extended Regions: Specialized centres in Africa, Middle East, South America, Switzerland
6.2 Data Residency Commitments
- Data stored exclusively in client-selected regions
- Backup and disaster recovery within the same region where possible
- Cross-border transfers only as required by Microsoft Azure infrastructure
6.3 Regional Compliance
We aim to align with applicable privacy laws in the regions we serve, including:
- New Zealand: Aiming to comply with Privacy Act 2020
- Australia: Working toward Privacy Act 1988 alignment
- European Union: Implementing GDPR-aligned practices for EU client data
- California: Developing CCPA-compliant processes for California residents
- Singapore: Adopting PDPA-aligned framework practices
- Canada: Implementing PIPEDA-aligned requirements
7. Data Retention
7.1 Active Service Period
- Account and billing data: Duration of service relationship
- Usage and performance data: 3 years from last platform access
- Learning progress data: As required by client educational policies
- Support communications: 2 years from last interaction
7.2 Post-Termination Retention
- Essential data: 30 days post-termination (for transition support)
- Legal compliance data: As required by applicable laws
- Financial records: 7 years (New Zealand tax requirements)
- Security logs: 1 year post-termination
7.3 Secure Deletion
- Secure deletion processes following retention periods
- Data deletion in accordance with cloud infrastructure capabilities
8. Data Transfers & Security
8.1 Security Measures
We implement reasonable security measures appropriate for our service type, which may include:
- Encryption: Data protection measures as supported by our infrastructure
- Access Controls: Authentication measures where technically feasible
- Network Security: Web application firewall protection where available
- Monitoring: Security monitoring through our hosting providers
- Infrastructure: Microsoft Azure cloud security capabilities
8.2 International Transfers
When personal data is transferred outside the region of collection:
- Standard Contractual Clauses for EU transfers
- Adequacy decisions where available (e.g., New Zealand for EU transfers)
- Additional technical safeguards where required
- Client notification for material transfer changes
8.3 Third-Party Processors
We engage carefully vetted processors including:
- Microsoft Azure: Cloud infrastructure and hosting
- Payment Processors: Secure payment gateway services
- Support Tools: Customer service and communication platforms
- All processors bound by data processing agreements
9. Privacy Breach Notification
9.1 Incident Response
In the event of a privacy breach:
- Prompt investigation and containment measures
- Risk assessment and impact analysis
- Affected clients and relevant authorities notified within 3 days for Singapore-based clients, 72 hours for EU clients, or as otherwise required by applicable law
- Individual notifications without undue delay where high risk exists
9.2 Notification Content
Our notifications include:
- Description of the incident and affected data types
- Potential impact and risk assessment
- Immediate steps taken to contain the breach
- Recommended actions for affected individuals
- Contact information for follow-up questions
9.3 Regional Requirements
- New Zealand: Privacy Commissioner notification as required
- EU/UK: Data Protection Authority notification within 72 hours
- Australia: Notifiable Data Breach scheme compliance
- Other jurisdictions: Local breach notification requirements
10. Your Rights
10.1 Universal Rights
- Access: Request copies of your personal data
- Correction: Update inaccurate or incomplete information
- Deletion: Request removal of personal data (subject to legal requirements)
- Data Portability: Receive your data in machine-readable format
10.2 California Consumer Privacy Act (CCPA) Rights
For California Residents: You have additional rights including:
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of the sale or sharing of personal information
- Right to Correct: Correct inaccurate personal information
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
- Right to Limit: Limit use and disclosure of sensitive personal information
10.3 Regional-Specific Rights
We respect and facilitate privacy rights under applicable local laws, including but not limited to rights of access, correction, deletion, and data portability where provided by law.
10.4 Exercising Your Rights
To exercise your rights:
- Email: privacy@adeptislearning.com with subject "Privacy Rights Request"
- Include: Specific right being exercised, account details, verification information
- Response Time: 30 days maximum (10 working days for New Zealand residents)
- Verification: Identity verification required for security
"Do Not Sell My Personal Information"
California residents can opt-out of data sales by clicking our "Do Not Sell My Personal Information" link or emailing privacy@adeptislearning.com.
11. Third-Party Services & Data Sharing
11.1 No Data Sales
We do not sell, rent, or trade personal data to third parties for marketing purposes.
11.2 Service Providers
We share data only with trusted service providers:
- Microsoft Azure: Cloud hosting and infrastructure
- Payment Processors: Secure transaction processing
- Google Analytics: Website usage analytics and performance monitoring
- Security Services: Threat monitoring and protection
- Customer Support: Communication and ticketing systems
11.3 Legal Disclosures
We may disclose personal data when required by:
- Valid legal process or court orders
- Law enforcement requests with proper authority
- Protection of our rights, property, or safety
- Prevention of fraud or security threats
11.4 Business Transfers
In the event of merger, acquisition, or business transfer:
- All client contracts automatically transfer to successor entities
- Advance notice provided to affected users (minimum 30 days)
- Existing contract terms, pricing, and commitments remain in effect
- Options for data deletion available only where legally required and after contract completion
12. Cookie Policy
12.1 Cookie Types
We use cookies and similar tracking technologies:
Essential Cookies
- Required for platform functionality and security
- Cannot be disabled without affecting service operation
- Session management and authentication
Functional Cookies
- Remember user preferences and settings
- Language selection and interface customization
- Optional but recommended for optimal experience
Analytics Cookies
- Google Analytics for website usage understanding
- Platform performance and feature usage metrics
- Anonymous data aggregation for service improvement
Marketing Cookies (with consent)
- Targeted advertising and content personalization
- Cross-platform tracking for marketing effectiveness
- Opt-in required for activation
12.2 Google Analytics
We use Google Analytics for website usage analysis. You can opt-out using the browser plugin available at: https://tools.google.com/dlpage/gaoptout
12.3 Cookie Management
- Consent Banner: First-visit consent collection
- Preference Centre: Granular cookie control
- Browser Settings: Native cookie management options
- Regular Review: Consent preferences can be updated anytime
12.4 Browser-Specific Instructions
Cookie management varies by browser:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
13. International Compliance
13.1 Multi-Jurisdictional Approach
Our privacy practices account for:
- Varying national privacy law requirements
- Cross-border data transfer restrictions
- Regional cultural and legal sensitivities
- Evolving regulatory landscapes
13.2 Compliance Framework
We maintain compliance with applicable privacy laws and update our practices as regulations evolve.
14. Changes to This Policy
- Update Frequency: As needed for legal compliance and service changes
- Notice Period: 30 days advance notice for material changes
- Communication Methods: Website posting for policy updates
- Continued Use: Constitutes acceptance of updated terms
15. Complaints Process
15.1 Internal Resolution
- Contact Us: privacy@adeptislearning.com with detailed complaint
- Investigation: Thorough review within 10 working days
- Resolution: Written response with proposed solutions
- Follow-up: Monitoring to ensure satisfactory resolution
15.2 External Complaints
If unsatisfied with our response:
- New Zealand: Privacy Commissioner (www.privacy.org.nz)
- Australia: Office of the Australian Information Commissioner
- EU: Local Data Protection Authority
- UK: Information Commissioner's Office
- California: California Privacy Protection Agency
- Other jurisdictions: Relevant privacy regulatory authority
16. Contact Information
For privacy-related questions or to exercise your rights:
Privacy Contact Details
- Privacy Rights: privacy@adeptislearning.com
- General Contact: contact@adeptislearning.com
- Subject Line: "Privacy Policy Inquiry" or "Privacy Rights Request"
- CCPA Requests: "Do Not Sell My Personal Information" or "California Privacy Rights"
Postal Address: PO BOX 25506, St Heliers, Auckland 1740, New Zealand
Website: www.adeptislearning.com
Response Commitment:
- Privacy rights requests: Within 30 days (10 working days for NZ residents)
- General privacy inquiries: Within 5 business days
- Security incidents: Within 24 hours
Multi-Jurisdictional Compliance Notice
This Privacy Policy has been updated to comply with consumer protection and data privacy laws across multiple jurisdictions including New Zealand, Australia, European Union (GDPR), United States (CCPA), Singapore (PDPA), Canada (PIPEDA), and UAE. Your rights may vary depending on your location and applicable local laws.
This Privacy Policy is effective as of 1st June 2025 and supersedes all previous versions. Regular updates ensure continued compliance with evolving privacy laws and business practices.