Privacy Policy

Data collection manager: ALTISSIA INTERNATIONAL S.A., whose headquarters is located at 16 Place de l’Université, 1348 Louvain-la-Neuve (Belgium), CBE: 0876.816.058 (hereafter referred to as “Altissia” or “We”) Email address: [email protected]

General Information

Altissia offers users online language and spelling course services (hereafter referred to as the “Services”), accessible from the website www.altissia.org (hereafter referred to as the “Site”) or via a learning platform installed on the user’s device (hereafter referred to as the “Platform”). In this context, Altissia is committed to respecting the privacy of users. Altissia therefore makes every effort to protect the confidentiality of the Data collected and to respect both national legislation related to the collection and processing of Data as well as European Regulation 2016/679, known as the General Data Protection Regulation (hereafter referred to as: “GDPR”).

This policy regarding the use of personal data (hereafter referred to as the “Privacy Policy”) details Altissia’s practices with regard to the collection of personal information (hereafter referred to as “Data”) following consultation of the Site, placing orders, requesting information, and executing the Services from the Site or Platform or via any other electronic means of communication.

By “use of personal data”, we mean any handling of data that can identify you as a natural person. On the other hand, the data collected by Altissia in the context of a study on language knowledge (specifically with a view to refining the tests offered to Users) are anonymised and are solely intended for the production of anonymous global statistics. This data is not subject to any individual processing and is therefore not subject to the Privacy Policy.

The data that we collect is specifically defined in the “Data Collection” section, which we invite you to read carefully. Altissia is committed to respecting your privacy and providing you with as much information as possible to allow you to control what happens to your Data. You will therefore find below further information about the Data we collect, why we collect it, how long we keep it, your privacy rights and how you can exercise them.

Data Collection

Altissia collects Data concerning different types of users, who may combine different profiles:

Regular users who browse the Site without voluntarily communicating Data to Altissia (hereafter referred to as the “User”) Persons who actively express their interest in purchasing Services and voluntarily communicate Data to Altissia (hereafter referred to as “Interested Parties”). This may include: A user who communicates his or her email address to be able to carry out a free test offered by the Services (hereafter referred to as the “Tester”) A user who creates a client account in order to place an order for the Services (hereafter referred to as the “Client”) The final recipient of the Services who activates the “Load&Learn” key to receive the Services (hereafter referred to as the “Student” You will find below the different types of Data that we collect, which can be collected cumulatively:

The Data collected automatically at the time of each access to the Site by any User: IP address Date and time of access to the site Pages browsed Type of browser used The platform and/or operating system installed on the device (computer, tablet, smartphone) The search engine and keywords used to find the site Data communicated to Altissia by the Interested Parties that enable us to contact you and perform the Services (login, gender, first name, last name, email address, birthdate, postal address, zip code, city, country, phone number) Data related to your Altissia Services orders Data collected by the Interested Parties when they contact our customer service department (in particular by email) in order to offer the best Services possible (for the execution of the Services that concern you or as part of pre-contractual measures) The information collected automatically when a Student or Client uses the Site or the Platform: Operating activities (which are recorded in a designated file in the form of a “log”), including the User’s login, the features executed, the time of execution or “timestamp”, and the workstation used via the User’s IP address Data related to a Student’s Use of the Platform or the Site that allows us to customise and refine the learning method: Student Activities in each learning language (results, completion, participation, Course Platform, Live Classes, Language Assessment, Level Achieved by the Student) Connections to the course platform Altissia uses your Data only to the extent necessary for the purposes for which it was obtained.

For what purposes and on what legal basis do we use your Data?

Altissia uses your Data for various purposes; in this context, each time we only use the data that is essential to achieve the intended purpose. We use the Data when it is necessary:

In the context of the preparation of a contract, its execution or its dissolution (Article 6.1.b. GDPR). For example, to provide you with the requested Services, respond to questions you have about the Services, ask you for your opinion about the Services and optimise your searches when you are on our Site. To conform with the legal and regulatory provisions to which Altissia is subject (Article 6.1.c GDPR). On the basis of our legitimate interests, ensuring in such cases to balance these with respect for your privacy, in particular if you are a minor (see the section “Handling of Data Related to Children”) (Article 6.1.f. GDPR). We may thus use the Contact Data of the Interested Parties for the purpose of information, advertising and marketing Altissia’s products and services. Specifically, this allows us to: Send you our Newsletter Offer you new products, services, or special campaigns that are likely to be of interest to you (by mail, telephone, email or via social networks) Send you promotional offers Finally, Altissia may collect and use data with your consent if it is to send you promotional messages, provided that you are not yet listed as an Interested Party. In this context, you may at any time request to unsubscribe to these promotional messages.

To whom can we transmit your Data?

We only transmit your Data to third parties when:

It is necessary for the proper execution of our services It is necessary to meet a legal obligation You give us the authorisation In order to execute our Services, we may subcontract, in whole or in part, some of our tasks to technical subcontractors, for example to an IT company with a view to hosting the Site and storing the Data and backup copies. We ensure that subcontractors handle your data in the same manner we do; that is, in a safe, respectful and responsible way; and we provide adequate contractual guarantees to this effect. Altissia therefore requires its subcontractors to comply with data protection legislation and to provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures, so that the use of the data meets the requirements of applicable data protection legislation and guarantees the protection of your rights.

Your Rights

Right of Access

You have the right to consult your Data at any time, free of charge.

Right to Rectification

You have the right to demand that incorrect Data be corrected and that inappropriate Data or Data that is no longer needed be deleted.

Right to Erasure

When you no longer want your Data to be used and request that it be deleted, we will proceed to delete your Data from our database.

It is necessary to take into account that it is not always possible to delete all personal data requested, for example when its processing is essential for the establishment, exercise or defence of legal rights, or because it is required by the judicial authorities to retain such Data. You will receive further information concerning this subject, should it be necessary, in the response to your request.

Right to Data Portability

To the extent necessary, you will also be entitled to the portability of your Data under the conditions provided by applicable data protection legislation. We draw your attention to the fact that data portability is only possible for Data that you yourself have provided to Altissia on the basis of an authorisation or a contract. This right of portability is therefore only applied to Client and Student Data.

Right to Object to the Processing of your Data What happens when you do not wish or no longer wish to receive any form of commercial communication? You maintain the right to object, without having to provide a justification, to the use of your personal data for direct marketing purposes. To this effect, you may at any time request to unsubscribe to these promotional messages.

Right to Limit Use

Finally, you maintain the right to limit the use of your Data by Altissia, in accordance with applicable data protection legislation.

Exercising your Rights

You have the possibility to exercise the rights listed above at any time, either by writing us an email via the address [email protected] or by sending us a posted letter to Altissia’s headquarters at this address: Place de l’Université 16, 1348 Louvain-la-Neuve, Belgium.

For how long do we keep your data?

We are unable to retain your Data beyond the time necessary to fulfil the purposes for which it is collected.

Altissia may nevertheless use the Contact Information of Interested Parties to identify the latter and inform them of new Altissia products and promotions for a period of:

– 5 years following the end of the contract for Clients and Students

– 1 year following the test completed by a Tester

Reminder: you may at any time request to unsubscribe to these promotional messages.

At the end of the storage periods described above, personal data will be deleted or made anonymous, except insofar as its storage is a legal obligation, specifically in case of compliance with the obligation to keep documents for accounting and tax purposes.

Security

We have developed adapted technical and organisational security rules, in order to prevent the destruction, loss, falsification, modification, unauthorised access, and accidental disclosure to third parties and any other unauthorised handling of Data.

For example, Altissia synchronises databases containing User or Customer Data securely on three different physical supports in different locations.

In order to protect the entire system against viruses and security breaches, system software and application software packages are updated as soon as a security update is available.

A firewall is installed on each server and configured by our network administrator to protect against any external attack. Access to the servers is also restricted by private-public key, with the private key being encrypted (DES 256).

Finally, the individual computer of each Altissia employee is equipped with an automatically updated and professional antivirus. In addition, developers or employees working on the infrastructure are equipped with a computer that has a fully encrypted hard disk.

In the event of a data leak with adverse consequences for your Data, you are personally notified under the circumstances and within the time limits as stipulated by law.

To ensure the security of your Data, we advise that you:

– Do not disclose your password to third parties

– Change your password regularly

– Make sure that access to your computer/tablet/smartphone is secure

You are solely responsible for your client account and the consequences of its use, as well as for any information of any kind that you communicate to Altissia. Altissia is not liable in the event of damage caused because of erroneous, incomplete or fraudulent information that you provide to us.

Telecommunications Privacy Guarantee

All transmissions of personal data will be encrypted via “https” pages. This mainly concerns all the administrator tools (server management, database access, server access). All communication between servers is encrypted using TLS technology, and access to the server is via encrypted SSH and VPN connections. This guarantees a high level of data security and confidentiality.

In addition, all user and supervisor passwords are encrypted (SHA256) in our database and cannot be read externally or internally by ALTISSIA. It is for this reason that we only send new passwords and never an existing password. This is a very important security measure that prevents inappropriate access to strictly personal and confidential data.

Links to Third Party Sites

We would like to point out that our website may contain links to third party sites, and some of our services may grant you access to third party services (such as social networks). We have no control over how third party sites and services handle your Data. We do not review third party sites and services, and we are not responsible for those third party sites and services or their practices regarding the protection of your Data. We invite you to carefully read the data handling policies of third party sites that you access from our site.

Handling of Data Related to Children

We do not intentionally collect personal information from children under the age of 16 without the explicit authorisation of a parent or guardian. In the event that information about children under the age of 16 has been inadvertently collected by us, we will take steps to delete the Data as soon as possible, unless we are required by law to store that information.

Changes to the Privacy Policy

Altissia may modify this Privacy Policy periodically, in particular in the event of legislative changes. We therefore invite you to always consult the latest version of the Privacy Policy on our website https://altissia.org/en/privacy-policy

Contact Us

If you wish to contact Altissia regarding this Privacy Policy (for example, to exercise your rights or make a complaint regarding the handling of your Data), you may do so:

By e-mail: [email protected] By post to the address: Altissia International S.A.

16, Place de l’Université

1348 Louvain-la-Neuve

Belgium

Do not hesitate to contact us should you consider that we have not treated your data appropriately. We will do our best to follow up your request as quickly as possible.

Should you remain unsatisfied with our response, you can also contact us directly and file a complaint with the data protection authority.

Data Protection Supervisory Authority

Rue de la Presse, 35, 1000 Brussels +32 (0)2 274 48 00 [email protected] www.privacycommission.be. COOKIE POLICY

General Information

The present cookie management policy aims to provide information that is as clear and complete as possible about the cookies we use and their purpose. We also invite you to read our Privacy Policy to learn about the rules that apply to the protection of personal data.

A cookie is a small data file stored on the hard drive of your computer, tablet or smartphone when you visit a website. The cookie is placed on your device by the server that hosts the website. The server recognises your device when you return to the site in question because of a cookie’s unique ID number. There are different types of cookies, categorised based on origin, function and lifetime.

What types of cookies do we use?

Essential cookies: These cookies ensure that you can browse our websites and applications as well as use features (such as the shopping cart and your privacy settings). Functional cookies: These cookies facilitate the operation of our websites and applications and enable a personalised browsing experience, for example by storing login names, passwords and preferences, such as language settings. These encrypted cookies are installed directly by Altissia for a period of one year. Analysis and advertising cookies: These cookies collect data concerning the use of our Site and Platform, such as the number of visitors, popular web pages and the time users spend on a given page. To this effect, we use cookies from third parties for statistical and marketing purposes, such as Google Analytics, Google Universal Analytics, Google Tag Manager and Facebook. These cookies contain information that we use to process your requests and to improve our services on the internet. You can control or prevent the storage of cookies. Please note that a website may not function as well after a change in settings. The same is true for mobile applications. If you would like to find out more about the control and management of cookies, please visit the site www.allaboutcookies.org.