Privacy policy
By accessing and using ZilLearn’s Services, you acknowledge and agree to abide by the General Terms, applicable Service-Specific Terms of Use and ZilLearn’s policies, including the Copyright, Trademark and Intellectual Property Policy, Cookie Policy, Trust and Safety Policy and this Privacy Policy (collectively, “Terms and Policies”). Unless otherwise specified, capitalized terms used in this Privacy Policy will have the same meaning as they do in the other Terms and Policies.
Please read this Privacy Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us or a supervisory authority in the event you have a complaint
Who we are
Our Services are operated by ZilLearn, Inc., incorporated in the United States of America (“USA“), unless otherwise specified. We are the operator of these core Services, namely, ZilLearn Learning Network, ZilLearn Creator Studio and ZilLearn Skills. For more information, please see https://about.zillearn.com.
Notwithstanding the foregoing, your contracting entity and governing law may be determined based on your location and/or the specific ZilLearn’s Services you are accessing and using. For instance, when you purchase ZilLearn Skills Subscription, you are contracting with ZilLearn Pte. Ltd., incorporated in Singapore. You will comply with the applicable Terms and Policies associated with your purchase, access and use of ZilLearn Skills Subscription, as governed by the laws of the Republic of Singapore.
We collect, use and are responsible for certain personal information about you when we provide our Services to you. When we do so we are regulated under the relevant laws and we are responsible for the protection of that personal information for purposes of those laws.
If you are an European Union (“EU”) data subject, we are regulated under the General Data Protection Regulation (“GDPR”) which applies across the EU and we are responsible as ‘controller’ of that personal information for purposes of those laws.
If you are a Singapore data subject, we are also obligated to comply with the Personal Data Protection Act 2012 (Act No. 26 of 2012) (“PDPA”) in relation to the collection, use and disclosure of personal information for purposes of those laws.
Throughout our Services we may link to third party websites owned and operated by our trusted third party service providers to make additional products and services available to you. These third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these third party websites, please consult their privacy policies as appropriate.
Why we collect your personal information
We collect personal information about you directly from you when you access and use our Services or indirectly, such as your browsing activities while on our Services (refer to ‘How we use cookies’ below).
The personal information we collect about you depends on the particular activities carried out on our Services. These personal information may include:
- your name, email address, mobile number and other contact details, as well as personal information of a sensitive nature, including your national identification number, date of birth and other information which you provide, as may be incidental to your access and use of specific Services or necessary for the protection of public interest in respect of your access and use of specific Services;
- details of any feedback you give us by phone, email, posting on the Services, raising a support ticket or or via our social media handles;
- information about the Services we provide to you; or
- your User Account details, including username and password.
We use these personal information to:
- manage your User Account with us in respect of your access and use of the Services;
- facilitate delivery and improvement of the Services you have subscribed to receive from us or our trusted third parties;
- facilitate any marketing communications to you based on your preferences;
- comply with our legal obligations (including regulatory requirements and law enforcement requests) in respect of your access and use of the Services;
- prevent violations of applicable laws, resolve disputes, detect fraud and abuse, or maintain security in respect of your access and use of the Services;
- protect against harm to the rights, property or safety of anyone in respect of your access and use of the Services; or
- enforce our Terms and Policies in respect of your access and use of the Services.
Where we need to use your personal information collected for other purposes not specified in this Privacy Policy or use your personal information collected for specific purposes for other purposes, we will seek your consent in advance.
How do we handle personal information about minors
Our Services are not intended for use by anyone below the age of eighteen (18) and we do not knowingly collect or use personal information relating to minors.
Our legal basis for processing your personal information
We are required to have a legal basis for using your personal information, subject to the jurisdiction which you are a data subject in. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
- Consent: Where you have given us clear consent for us to process your personal information for a specific purpose.
- Contract: Where our use of your personal information is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: Where our use of your personal information is necessary for us to comply with applicable laws (not including contractual obligations).
- Public task: Where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: Where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).
What personal information we collect, when and how we use them
For further details on when we collect personal information, what we collect and how we use them, please see below:
|
|
|
When you register with us. | Account Management We ask for:
| Account Management We ask for this:
|
When you enquire about a product or service, purchase a product or | Delivery and Improvement of Services We ask for:
| Delivery and Improvement of Services We ask for this to provide you with the Services you have subscribed to receive from us or our certain trusted third parties, and to improve our Services to you, and including but not limited to:
|
When you engage in various | Marketing We ask for:
| Marketing We ask for this:
|
How long we store your personal information for
We rely on consent as the lawful basis for collecting and using your personal information, unless we are permitted by applicable laws to process your personal information without your consent.
We will keep your personal information until:
- you terminate your User Account with us; or
- we terminate your User Account with us.
Upon closure of your User Account, your personal information will generally stop being visible to other Users on our Services within twenty-four (24) hours and we will generally delete closed User Account information within thirty (30) days of closure, except as noted below.
We will retain your personal information even after you have closed your User Account to comply with our legal obligations (including regulatory requirements and law enforcement requests), if reasonably necessary to (i) prevent violations of applicable laws, resolve disputes, detect fraud and abuse, or maintain security; (ii) protect against harm to the rights, property or safety of anyone; or (iii) enforce our Terms and Policies, or to fulfill your request to ‘Unsubscribe’ from further marketing communications from us. We will otherwise retain only de-personalized information after your User Account has been closed.
Information you have shared with other Users (for instance, via direct messaging and public wall posts) will remain visible after your User Account has been closed or the information has been deleted from your profile, and we have no control over information that other Users may have copied out of our Services. Ratings, reviews and feedback associated with closed User Accounts will show a deleted User as the source. Your profile may continue to be displayed on the Services of other Users (for instance, search engine results) until they refresh their cache.
Who we share your personal information with
We may share your personal information with third parties as described below:
- With Course Creators whose Courses you have requested information about, for purposes of providing the Courses to you;
- With any other Users, depending on the information in your profile that you have set as public;
- With our trusted third party service providers in respect of your access and use of the Services, to facilitate delivery and improvement of the Services you have subscribed to receive and any marketing communications to you based on your preferences, and we require any service provider with whom we share your personal information to protect the confidentiality of such information and use it solely for the purposes for which it was shared;
- With law enforcement or any other authorities in respect of your access and use of the Services, if required by applicable laws or requested as part of a judicial, governmental or legal inquiry, order or proceeding; or
- As may be reasonably necessary in respect of your access and use of the Services, to:
- prevent violations of applicable laws, resolve disputes, detect fraud and abuse, or maintain security;
- protect against harm to the rights, property or safety of anyone, who may include ZilLearn, our affiliates, partners, agents, other Users, third parties and the general public; or
- enforce our Terms and Policies.
Some of these third parties may be based outside the USA — for further information, including on how we safeguard your personal information when this occurs, please see ‘Transfer of your personal information out of the USA’.
Transfer of your personal information out of the USA
We may transfer your personal information to jurisdictions outside the USA that we may notify you from time to time, for purposes set out in this Privacy Policy and subject to our personal information security obligations. Such jurisdictions may include the following:
- Singapore, which is one of the administrative hubs for our corporate group, in order for our affiliates or trusted third party service providers to (i) facilitate delivery and improvement of the Services you have subscribed to receive; or (iii) facilitate any marketing communications to you based on your preferences;
- Republic of Ireland, in order for our trusted third party digital sales cross-border transaction tax compliance service provider to ensure transaction tax compliance for the invoicing of products and services purchased or sold via our Web Platform; and
- Any other jurisdictions, in order for us to comply with our legal obligations (including regulatory requirements and law enforcement requests), or if reasonably necessary to (i) prevent violations of applicable laws, resolve disputes, detect fraud and abuse, or maintain security; (ii) protect against harm to the rights, property or safety of anyone; or (iii) enforce our Terms and Policies.
Some of these jurisdictions do not have the same data protection laws as the USA (or if you are an EU data subject, do not have the same data protection laws as the European Economic Area (“EEA”)). Any transfer of your personal information will be subject to suitable relevant safeguards that are designed to protect your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. We will not otherwise transfer your personal information outside of the USA.
How we use cookies
A cookie is a small text file which is placed onto your device (such as a computer, smartphone or other electronic device) when you access and use our Services. We use cookies on our Services to help us recognize you and your device, and store information about your preferences and past actions. We also use other tracking technologies such as web beacons (sometimes called ‘tracking pixels’ or ‘clear gifs’) for similar purposes. A web beacon is a tiny graphic file that contains a unique identifier to notify us when you click on a link in our promotional email that directs you to our Services and to monitor how you use our Services.
For further information on how we use cookies, our use of cookies, third party cookies and how to disable cookies, please see our Cookie Policy here.
Your rights
If you are an EU data subject, under the GDPR, you have a number of important rights. You have similar rights as a Singapore data subject under the PDPA. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information;
- access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address;
- require us to correct any mistakes in your personal information which we hold;
- require the erasure of personal information concerning you in certain situations, where we will, upon your request:
- return to you or delete all such personal information in our possession, including any copies of any part thereof;
- after returning or deleting all such personal information, provide you with written confirmation that we no longer possess any such personal information, except where we have to retain your personal information to comply with our legal obligations (including regulatory requirements and law enforcement requests), or if reasonably necessary to (i) prevent violations of applicable laws, resolve disputes, detect fraud and abuse, or maintain security; (ii) protect against harm to the rights, property or safety of anyone; or (iii) enforce our Terms and Policies. Where applicable, we will also instruct all third parties to whom we have disclosed such personal information to return or delete such personal information; and
- where applicable, we will also instruct all third parties to whom we have disclosed such personal information to return or delete such personal information;
- return to you or delete all such personal information in our possession, including any copies of any part thereof;
- receive your personal information which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those personal information to selected third parties in certain situations;
- object at any time to processing of personal information concerning you for direct marketing;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object in certain other situations to our continued processing of your personal information; or
- otherwise restrict our processing of your personal information in certain circumstances.
If you would like to exercise any of those rights, please:
- contact us by raising a ticket here;
- let us have enough information to identify you;
- let us have proof of your identity and address (a copy of your driving license or passport, and a recent utility or credit card bill);
- let us know the information to which your request relates; and
- in relation to withdrawing your consent to being contacted for marketing purposes, in addition to contacting us, you may also:
- use the ‘Unsubscribe’ link in emails; or
- update your marketing preferences in your User Account settings.
After you have withdrawn your consent by exercising any of your above rights, we will no longer process the personal information corresponding to your withdrawn consent. Consequently, we may not be able to continue providing you with certain functionalities of the Services. In any event, your decision to withdraw your consent will not affect the personal information which has previously been processed based on your consent.
Keeping your personal information secure
We have appropriate administrative, physical and technical security measures in place to prevent personal information from unauthorized or accidental access, collection, use, disclosure, copying, modification, disposal, corruption, loss, damage or destruction, which are calibrated according to the sensitivity of the data involved. We limit access to your personal information to those who have a genuine business need to know it. Those processing your personal information must do so only in an authorized manner and are subject to a duty of confidentiality. Unfortunately, no system can be completely secured and we cannot guarantee that communications between you and ZilLearn on the Services or any personal information provided to us in connection with the data we collect about you on the Services, will be completely free from unauthorized access by third parties.
We also have procedures in place to deal with any suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
You are responsible for maintaining the security of your User Account, including username and password. You must not, at any time, disclose your password to any third party. We will not be responsible and you acknowledge and agree that you will not hold us responsible for any loss or damage incurred by you whatsoever caused by your non-compliance to any of the foregoing.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal information.
If you have any complaint or grievance about how we are handling your personal information or about how we are complying with applicable laws relating to the protection of your personal information, we welcome you to contact us by raising a ticket here.
If you are an EU data subject, the GDPR gives you the right to lodge a complaint with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws has occurred.
If you are a Singapore data subject, under the PDPA, you may also lodge a complaint with the data protection authority, the Personal Data Protection Commission (“PDPC”).
How to contact us
Please contact us if you have any questions about our Privacy Policy.
If you wish to contact us, please raise a ticket here.
Changes to this Privacy Policy
This Privacy Policy was published on February 25, 2020 and last updated on December 1, 2022.