Workleap Privacy Policy

1. Scope of this policy

This privacy policy (the “Policy”) describes Workleap’s practices with respect to the collection, use and disclosure of Personal Information. 

This Policy is intended to establish responsible and transparent practices for the management of Personal Information, and to satisfy applicable legal requirements. This Policy sets out the standards, responsibilities and obligations of Workleap in respect of any Personal Information collected, accessed or processed by Workleap in the course of its business operations, and specifies Workleap’s obligations arising from the Workleap Products’ respective terms of service (available at https://workleap.com/trust-center/) (collectively the “Terms”) entered into between Workleap and its corporate customers (each, a “Customer”), whereby Workleap might process or have access to Personal Information.  

This Policy also governs Personal Information collected about Workleap’s website users or users of the Workleap Products and Workleap Platform (the “Users”) and explains how Workleap processes Personal Information collected from people who visit its website and otherwise interact with Workleap through https://www.workleap.com/ and its sister websites provided by Workleap (collectively, the “Website”) or through the Workleap Products and Workleap Platform. It also explains how Workleap uses cookies and similar technologies.  Users who do not agree with this Policy shall not access or use the Workleap Products or Workleap Platform, and any related services (collectively, the “Services”) or the Website. 

To the extent Workleap provides the Services to an organization (e.g. to a User’s employer), Workleap, as a data processor, processes such User’s Personal Information under such organization’s instructions as a data controller. Users of the Services should first direct their privacy inquiries to the administrator of the Workleap Platform within their organization, as their use of the Services is subject to their organization’s own privacy policies. 

2. Definition of Personal Information

“Personal Information” is defined as any information about an identifiable individual. This may include, for example, email addresses and contact details and any similar information provided to Workleap in the course of its business operations, or which Workleap may receive from business inquiries. Personal Information that cannot be associated with an identifiable individual, for instance through aggregation or anonymization, is no longer considered Personal Information. 

3. International Compliance

Workleap complies with: (i) data protection laws applicable to Workleap; (ii) anti-spam legislation applicable to Workleap; and (iii) applicable industry standards concerning data protection, confidentiality or information security. Workleap has global operations and therefore, in some cases, information managed by Workleap may be transferred to, processed and stored in other countries, although at all times Workleap will ensure that Personal Information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by Workleap itself. 

Workleap complies with this Policy as well as with applicable Canadian private sector data protection laws such as the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial laws pertaining to the collection, use and disclosure of Personal Information. PIPEDA provides for an adequate protection of Personal Information according to the European Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and the Council. 

Workleap also complies with the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018. Where applicable, Workleap’s commitment to such regulation may be found in the Workleap Products’ respective Data Processing Addendums (available at https://workleap.com/trust-center/). Workleap (or third parties acting on Workleap’s behalf) may transfer Personal Information that Workleap collects to countries outside of the European Economic Area. Where such transfer occurs, Workleap will take steps to ensure that Personal Information is protected. Workleap will make such transfers only if at least one of the following conditions is present: 

• a. Workleap has entered into a contract based on the “Standard Contractual Clauses” (including the United Kingdom’s International Data Transfer Addendum), provided that such contract, combined with technical and organizational measures, offers appropriate safeguards for the rights of the individuals whose personal data is being transferred; 
• b. Such transfer is governed by “Binding Corporate Rules”, which have been approved by data protection authorities; or 
• c. Such transfer is covered by a European Union Commission “adequacy decision”. You can find out more about this here. 

4. Collection of Personal Information through the Services 

Workleap collects information about its Users either directly from them, through their use of the Services or of the Website, or when they are provided by another source, as detailed below. 

• a. Information provided by Users 
  
  Users may provide Workleap with Personal Information by inputting it directly into the Services or via another direct channel such as Workleap’s support system. Such information may include: 
  • Account and profile information: When Users register for an account, Workleap may collect Personal Information such as contact information, information allowing Workleap to better know who Users are, and information regarding User preferences, such as preferred language. Some Services may also allow Users to input a profile picture, a display name, job title, location and similar information. 
  • User-generated content: The Services may collect the content Users create and submit, such as feedback submitted in Workleap Officevibe, training materials submitted in Workleap LMS and onboarding videos uploaded to Workleap Onboarding. 
  • Content provided in a support context: By using the Services, Users may interact with Workleap’s Customer Success team if they encounter a problem with the Services, or simply if they wish to learn more about Workleap products. In doing so, Users may submit contact information and other Personal Information to Workleap’s Customer Success in order for them to identify and better assist the Users. 
  • Payment information: Workleap asks Customers to designate a representative for billing purposes. Workleap thus collects that person’s name and contact information, together with the relevant payment details, which are collected through a trusted payment processing service. 
• b. Information collected when Users use the Services 
  
  In order to provide the Services, Workleap collects information about how Users interact with the Services under certain circumstances. 
  • Technical information about a User’s device: Workleap collects information about the devices used to connect to, or interact with, the Services. This information may include the type of device used, the type of connection used to access the Services, a User’s IP address, browser type and device identifier. This information may be used to guess the User’s approximate location (i.e. country from where Services are accessed) so as to offer a better experience. 
  • Use of the Services: Workleap collects information about its Users when they use the Services. Depending on the Services used, this information may include the features used, the links clicked on, information about other Users interacted with, and other similar information. 
  • Cookies: Workleap uses cookies and other tracking technologies to provide certain security and product functionalities, and to recognize Users and their preferences across various platforms and devices. 
• c. Information collected by Customers and through other third parties 
  
  Workleap may collect information about its Users through trusted partners, other Users, related companies and more importantly, from Workleap’s Customers. 
  • Information provided by Customers: Workleap’s Customers may provide Workleap with information about Users when they set up an account in their name in their capacity as the Users’ employer or service provider. Such information may include a User’s name, contact information and other personal characteristics kept in a Customer’s human resources information system. Personal Information may be collected directly from third parties via data integrations in accordance with a Customer’s instructions. 
  • Information provided by other Users: When Users submit content through the Services, they may submit Personal Information about other Users, such as their name, contact information, job title or similar information relating to their employment. 
  • Information provided by third-party services: Workleap collects information about Users when they connect a third-party service to their account, for instance to facilitate login or to integrate the Services within an external platform. Workleap may also collect information when Users authorize the Services to synchronize with their calendar or with a contact list. 
  • Information provided by Workleap’s affiliated companies: Workleap collects information from its affiliated companies in accordance with their own privacy policy. 
  • Information collected by partners and service providers: Workleap may collect information about Users from its business and research partners who provide Workleap with information on Users’ interests and engagement with Workleap Services. Workleap may also collect profiling information disclosed by its marketing and advertising partners, or by partners with whom Workleap organizes and promotes events, insofar as this collection and disclosure are permitted by such partners’ privacy policies. 

5. Collection and Use of Personal Information through the Website

Workleap generally collects and uses Personal Information from or about its Website Users as follows: 

• a. Information Provided by Users
  
  In many cases, Workleap collects Personal Information directly from Users when they visit or use the Website. For instance, Workleap may collect the following types of information:  
  • Inquiries and Requests for a Trial or Service. Workleap may collect a User’s name, contact information, email address and any other information provided when they make an inquiry or contact Workleap through the Website, when they sign up to receive Workleap’s newsletter or when they submit a request or an order for a Workleap trial or service.  
  • Personalization of Website. When Users visit the Website, they may, from time to time, be invited to provide information, such as their job title, to help Workleap personalize or customize the User’s experience when using the Website.
• b. Technical Information.
  
  When Users visit the Website, Workleap may collect technical information using electronic means such as cookies. This information may include information about visits to the Website, including the IP address of the User’s computer and which browser was used to view the Website, the User’s operating system, screen resolution, approximate location, browser language settings, the site the User came from, keywords searched (if arriving from a search engine), the number of page views, information entered, advertisements seen, etc. This data is used to measure and improve the effectiveness of the Website or to enhance the experience for Users. While most of the time this information is depersonalized, if this information relates to an identifiable individual, Workleap will treat this information as Personal Information. Workleap may also, without limitations, collect and use the following types of information when Users visit and/or interact with Workleap on the Website:   
  • Google Analytics. Workleap uses Google Analytics which allows it to see information on User website activities including, but not limited to, page views, source and time spent on the Website. This information is depersonalizedand is displayed as numbers, meaning that it cannot be tracked back to individuals. Users may opt-out of Workleap’s use of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.  
  • HubSpot. Workleap uses HubSpot which allows it to see information on User website activities including, but not limited to, page views, source and time spent on our website. However, this information is not depersonalized and Users may not opt-out of Workleap’s use of HubSpot.  
  • Google AdWords: Workleap uses Google AdWords Remarketing to advertise Workleap across the Internet and to advertise on third party websites (including Google) to previous visitors of the Website. AdWords remarketing will display ads to Users based on what parts of the Workleap website they have viewed by placing a cookie on the User’s web browser. It could mean that Workleap advertises to previous visitors who haven’t completed a task on the site, or this could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. This cookie does not in any way identify the User or give access to the User’s computer or mobile device. The cookie is only used to indicate to other websites that the User has visited a particular page on the Website, so that they may show the User ads relating to that page. If Users do not wish to participate in Google AdWords Remarketing, they can opt out by visiting https://adssettings.google.com/. 
  • Interest-based Advertising. Workleap may also allow a limited number of trusted third parties to install cookies on User’s hard drive from the Website. The Website may include third-party advertising and links to other websites which may be used to generate personalized advertisements. Personalized ads, sometimes referred to as interest-based or behavioral ads, are ads based upon information about Users, such as page views on the website, information requests or purchases on the website. Workleap does not provide any Personal Information to advertisers or to third party sites that display interest-based ads on the Website. However, advertisers and other third-parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that Users who interact with or click on a personalized ad or content displayed on the website are part of the group that the ad or content is directed towards. Advertisers or ad companies working on their behalf sometimes use technology to serve the ads that appear on the Website directly to a User’s browser. They may also use cookies to measure the effectiveness of their ads and to personalize ad content. Workleap does not have access to or control over cookies or other features that advertisers and third-party sites may use, and the information practices of these advertisers and third-party websites are not covered by this Policy. Please contact them directly for more information about their privacy practices. Users can also generally opt-out of receiving personalized ads from third-party advertisers and ad networks who are members of the Digital Advertising Alliance of Canada. Please visit the  DAAC opt-out page for more information.  
• c. Choice with Cookies 
  
  Users can block the use of cookies via the Website’s cookie banner, or via their browser’s settings. The “Help” feature on most browsers will tell Users how to prevent their browser from accepting new cookies, how to have the browser notify the Users when they receive a new cookie, or how to disable cookies altogether. If Users choose to withhold consent, or subsequently block cookies, they may not be able to access all or part of the content of the website. Additionally, Users can disable or delete similar data used by browser add-ons, by changing the add-on’s settings or visiting the website of its manufacturer.  
• d. Privacy Policies of other Websites 
  
  This Policy only addresses the use and disclosure of information by Workleap. Other websites that may be accessible through the Website have their own privacy policies and data collection, use and disclosure practices.  
• e. Personal Information from Other Sources
  
  Workleap may obtain from third parties additional Personal Information about a Website User if such User gave permission to those third parties to share their information. Workleap’s use and transfer of information received from Google APIs to the Workleap Platform will adhere to https://developers.google.com/terms/api-services-user-data-policy, including the Limited Use requirements, as described under said policy. 

6. Use of Personal Information

When providing the Services, Workleap only processes Personal Information in accordance with the Terms and applicable laws. Workleap generally uses Personal Information from or about its Customers and Users for the following purposes: 

• a. to create, establish and administer Customer’s account, to process payments, to respond to Customer’s inquiries related to its account and to contact Customer about Workleap’s Services or account-related matters; 
• b. to provide Services, including to provide Customer and its Users with access and use of the Workleap Products, the Workleap Platform and customer support; 
• c. to send transactional communications, such as purchase confirmation, renewal notifications, and information related to User activity on the Workleap Products and the Workleap Platform, such as technical notices, release notes, security alerts and other messages related to the administration of the Workleap Products and Workleap Platform;
• d. to measure and analyze User behavior;  
• e. to monitor, maintain and improve Workleap’s Services or features; 
• f. to understand how Users interact with Workleap and ensure its services, products or features work correctly; 
• g. to develop new services, products, features, programs and promotions; 
• h. to understand Customers’ and Users’ needs and preferences and customize how Workleap tailors and markets products, programs and Services to its Customers and Users based on their interest; 
• i. to meet legal and regulatory requirements and to allow Workleap to meet contractual requirements relating to the Services provided to Customer;  
• j. to conduct surveys on the quality of Workleap’s Services or to collect feedback on the Services; 
• k. to provide Users with offers for additional services, features and products that Workleap believes may be of interest to Users (Users can opt-out of such communications by using the “unsubscribe” link provided in such communications); and 
• l. to measure the effectiveness of Workleap’s marketing. 

Whenever possible, Workleap will use Personal Information in a depersonalized, aggregated and/or anonymized format. 

Unless required or authorized by law, Workleap will not use Personal Information for any other or new purpose without obtaining prior consent.  

7. Legal bases for processing Personal Information

Pursuant to privacy laws applicable in the European Economic Area and in the United Kingdom, Workleap collects and processes Personal Information about individuals under a variety of legal bases, depending on the reason for such collection or processing. Workleap shall only collect, process or use Personal Information where: 

• Personal Information is required to provide the Workleap Products, the Workleap Platform and all services ancillary to the proper functioning of the Workleap Products and Workleap Platform, such as support services, to provide a personalized experience, and to ensure the security of the Workleap Products and Workleap Platform; 
• The Customer or User gave Workleap consent to use Personal Information for a specific purpose (including for a purpose listed under section 6 hereof); 
• Processing of Personal Information is necessary to comply with a legal obligation; 
• Processing of Personal Information is warranted by a legitimate interest of Workleap (which is not overridden by your data protection interests), such as the purposes listed in paragraphs (d), (e), (f), (g), and (h) of section 6 hereof, or to protect Workleap’s legal rights and interests.

If a User has consented to Workleap’s use of their Personal Information, the User can withdraw their consent at any time, although this will not affect processing which took place prior to withdrawal. Where Workleap processes a User’s Personal Information because it relies on Workleap’s legitimate interests, objecting to the processing may mean the User will no longer be able to use or access the Services or the Website. 

8. Disclosure of Personal Information

Workleap will not sell, rent or trade Personal Information to any third party. Workleap does not share Personal Information with third-party tools, including AI models, except with permission from Customers or Users. However, Workleap may disclose Personal Information when authorized and/or required by law or as follows: 

8.1. In the context of the Services. The content shared by Users on the Services and account or profile information linked to Users’ accounts may be accessed by other Users from within their organization, and sometimes from outside their organization provided they were granted permission by their organization to access this information. Customer administrators may use this information in accordance with their organization's policies. Workleap LMS Instructors (as defined under the Terms for Workleap LMS) may also use the information they collect for marketing or statistical purposes insofar as they are directly related to the training they provide. 

8.2 Within Workleap. Workleap may share Personal Information within Workleap (i.e. between affiliates and subsidiaries) in Canada and the United States for the purposes described in Section 6 of this Policy.  

8.3 Service Providers. Workleap may grant access to Personal Information to third-party service providers who process it on behalf of Workleap to help provide and improve the Website and Services. Before disclosing any Personal Information with any of its third-party service providers, Workleap will ensure that the third party maintains data management practices for maintaining the confidentiality and security of Personal Information and preventing unauthorized access which comply with applicable industry standards and privacy laws. 

8.4 As Permitted or Required by Law. Workleap may disclose Personal Information as required by applicable law or by proper legal or governmental authority. Workleap may also disclose information to its accountants, auditors, agents and lawyers in connection with the enforcement or protection of its legal rights. Workleap may also release certain Personal Information when it has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property or safety of others and itself, in accordance with or as authorized by law. In the event Workleap receives a governmental or other regulatory request for any Personal Information, Workleap will promptly notify Customer and/or Users, unless it is prohibited to do so, in order that Customer and/or Users shall have the option to defend such action. Workleap shall reasonably cooperate with Customer and/or Users in such defense. 

8.5 Business Transaction. Workleap may disclose Personal Information to a third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of its business. However, in the event the transaction is completed, Personal Information will remain protected by applicable data protection laws. In the event the transaction is not completed, Workleap will require the other party not to use or disclose the Personal Information received in any manner whatsoever and to delete such Personal Information. 

9. Security of Personal Information

Workleap will store and process the Personal Information in a manner consistent with industry security standards. Workleap has implemented technical, organizational and administrative systems, policies, and procedures to help ensure the security, integrity and confidentiality of Personal Information and to mitigate the risk of unauthorized access to, or use of, Personal Information, including: (i) appropriate administrative, technical and physical safeguards and other security measures designed to ensure the security and confidentiality of the Personal Information it manages; (ii) a security design intended to prevent any compromise of its own information systems, computer networks or data files by unauthorized users, viruses or malicious computer programs; (iii) appropriate internal practices including, but not limited to, encryption of data in transit; using appropriate firewall and antivirus software; maintaining these countermeasures, operating systems and other applications with appropriate reasonable up-to-date virus definitions and security patches so as to avoid any adverse impact to the Personal Information that it manages; (iv) appropriate logging and alerts to monitor access controls and to assure data integrity and confidentiality; and (v) permitting only authorized users access to systems and applications, and all persons with authorized access to Personal Information must have a genuine business need-to-know prior to access (together, “Security Program”).  

10. Data Retention

Workleap will retain the Personal Information as necessary for the purposes described in this Policy, unless a longer retention is required by law or justified by a legitimate business interest of Workleap, subject to applicable laws. Personal Information related to a User’s Workleap Product and/or Workleap Platform account is retained so long as the account is active, in accordance with Customer’s instructions. Some Personal Information about a User’s account may be retained after the account is deactivated in order for other Users to make full use of the Services. Notwithstanding the foregoing, upon termination of the Terms, Workleap shall retain the Personal Information stored in the Workleap Products and/or Workleap Platform until Customer instructs Workleap to delete the Personal Information or until Customer’s access to the Services is terminated in accordance with the Terms, whichever occurs first.  

Upon expiry of the retention period, Personal Information is either deleted or permanently de-identified. Notwithstanding the applicable retention period, where Personal Information is kept in a backup, it will be stored in accordance with this Policy until it can be deleted, and it will not be used for any purpose other than as a backup copy. 

11. Training and Supervision

Workleap maintains adequate training programs to ensure that its employees and any third parties acting on its behalf are aware of and adhere to its Security Program. Workleap shall exercise necessary and appropriate supervision over its relevant employees to maintain the appropriate confidentiality and security of the Personal Information it manages. 

12. Data Incidents Involving Personal Information

Workleap shall promptly notify Customer of a data breach, of a loss of data or of a failure of Workleap’s Security Program: 

• (a) which has resulted or is suspected to have resulted in the loss, unauthorised access, disclosure, use or acquisition of Personal Information (including hard copy records); and 
• (b)which presents a real risk of significant harm to individuals whose Personal Information is impacted (“Data Incident”). 

While the initial notice may be in a summary form, a comprehensive written notice shall be given to Customer within the legally required timeframe, where applicable. The notice shall summarize in reasonable detail the nature and scope of the Data Incident (including each data element type) and the corrective action taken or to be taken by Workleap. Workleap shall promptly take all necessary and advisable corrective actions, and shall cooperate with Customer in all reasonable efforts to mitigate the adverse effects of Data Incidents and to prevent their recurrence. 

13. Users Legal Rights Regarding Personal Information

To the extent that Workleap’s processing of Personal Information is subject to the General Data Protection Regulation (Regulation (EU) 2016/679) or to the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018, Workleap relies on the legal bases described under section 7 hereof to process Personal Information. Subject to applicable laws, all Users have the right to: (i) access and rectification or erasure of Personal Information, including erasure and deletion of their profile on the Workleap Products and Workleap Platform, except to the extent that Workleap may need to retain certain Personal Information, including for record keeping purposes or to comply with legal obligations; (ii) restrict or object to Workleap’s use of Personal Information (though, in some cases, this may mean no longer using the Services or the Website) where Workleap is relying on a legitimate interest (or those of a third party) and there is something about User’s particular situation which impacts on User’s fundamental rights and freedoms; (iii) lodge a complaint with their local data protection authority (contact details for data protection authorities in the European Economic Area are available here); and (iv) data portability. Users will not have to pay a fee to exercise such rights, however, Workleap may charge a reasonable fee or refuse to comply if the request is unfounded, repetitive or excessive. 

14. How to Contact Us

Any questions, complaints or requests regarding this Policy or Workleap’s handling of Personal Information can be addressed to Workleap’s customer service at: 

Workleap Platform inc. 

Attention: Data Protection Officer 

1751, rue Richardson, Suite 1.050 
Montréal (Québec) H3K 1G6 
email: support-legal@workleap.com 

A User who seeks to exercise their data protection rights referred to in Section 13, in respect of Personal Information stored or processed by Workleap on behalf of a Customer (typically the User’s employer), must direct their query to such Customer, as being the data controller. If Workleap receives such User’s request to exercise their data protection rights referred to in Section 13 (including for access to or correction of Personal Information), Workleap shall redirect the User to Customer and, upon request from Customer, shall assist Customer in responding to such request, if applicable. 

Workleap’s Data Protection Officer will respond to User requests within the legally applicable timeframe, and in any case no later than 30 days after receipt of such request. Workleap will advise a User in writing of its response to their request. Should Workleap refuse to grant a request, Workleap will inform the User of the legal reason of its refusal, and will apprise the user of remedies available to them and of the time limit for exercising them. 

Should a user be unsatisfied with the outcome of their request, they may lodge a complaint with Workleap’s supervisory authority, the Commission d’accès à l’information (https://www.cai.gouv.qc.ca/a-propos/nous-joindre/). 

15. Change to Privacy Policy

Workleap will review and update its policies and procedures as required to keep current with rules and regulations, new technologies, standards and customer concerns. This Policy may therefore change from time to time.  If Workleap makes changes that materially alter Users privacy rights, Workleap may provide additional notice, such as via email or through the Services or the website. If Users disagree with the terms of this Policy, their only remedy is to discontinue use of the websites and the Services. 

This Policy was last updated on January 24^th, 2024.