Privacy Policy

Effective starting: December 19, 2023.

This Privacy Policy informs you of our policies and procedures regarding the collection, use and disclosure of personal information or personal data we receive from you as Visitors, Customers and registered Users of this Site (efrontlearning.com) and the Services (“eFront”). Personal information or personal data is any data that may identify you as a person, either directly or indirectly. This Privacy Policy applies only to information that you provide to us through this Site and the Services and explains in plain language what we do with that information, how we share it, and how we handle the content you place. It also explains your rights and the choices available to you regarding our use of your personal information and how you can access and update this information.

Our Privacy Policy may be updated from time to time, and we will notify you of any material changes by posting the new Privacy Policy on the Site at Privacy Policy and revising the “Effective starting” date at the top of this policy. You may find out more about eFront GDPR, eFront UK GDPR and eFront DPF compliance on the Site at eFront GDPR, eFront UK GDPR and at eFront DPF. We encourage you to review our Privacy Policy whenever you use this Site to stay informed about our information practices and the ways you can help protect your privacy.

This Privacy Policy applies to the information that we obtain through your use of Site via a “Device” or when you otherwise interact with the Site and the Services. A “Device” is any computer used to access the Site and the Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. “Site” includes the efrontlearning web site, and the Services include the eFront SaaS services but do not include any other own or third party products or services for which a separate privacy policy is provided. These are third party products or services that you may choose to integrate with eFront Services. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.

By accessing and using this Site and the Services, you confirm that you have read and fully understood this Privacy Policy, that you agree to the collection and the usage of your own and others’ personal information in accordance with the Privacy Policy and that you have the authority to provide us with all information submitted by you via the Site, including but not limited to personal information of third parties. By registering for or using eFront Services and accepting the Terms of Service you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

1. Who We Are

Epignosis: The Epignosis Group of companies (“Epignosis”) provide accessible and affordable eLearning services such as eFront, to any single company or organization worldwide. “Epignosis LLC”, located in the United States of America (315 Montgomery Street (9th Floor) San Francisco, California CA 94104 USA tel. (+1) 646 797 2799) and “Epignosis UK LtD”, having as seat of establishment the United Kingdom (1 Fore Street Avenue London United Kingdom EC2Y 9DT) , tel. (+44) 20 7193 1614) promote and provide eLearning services, while the Greek Branch (Lykourgou Str. 1, Athens, 10551, (+30) 211 800 6449) of Epignosis UK Ltd is responsible for the management, maintenance and operation of the Learning Management Solutions. The Epignosis Group complies with Data Protection Laws, including the European regulation for data protection 2016/679/EU (General Data Protection Regulation – GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), as well as with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Epignosis will not knowingly do anything or permit anything to be done which might lead to a breach of the Data Protection Laws.

2. The Services

eFront: eFront is a highly customizable robust Learning Management System (LMS) for enterprises, with unrivaled ease and flexibility, to fit all brand specifications and train masses of employees, partners and customers. eFront is highly secure and can be either hosted in a cloud environment (at a datacenter of a major cloud provider selected by the Customer) or deployed within an organization’s intranet. Each Customer administers and manages his own dedicated eFront service instance. Customers can enroll their users and sign them up to the courses (“Learners”) created by their Instructors, and customize their LMS by means of specifying custom user roles with certain permissions; using gamification elements; performing a logical separation of their domain into a flat list or a nested hierarchy of different logical units-departments (‘Branches’), each with its own courses, learners, instructors and branding (sub-domain, theme, logo) etc. Designed to be the industry’s most adaptable enterprise LMS, eFront gives its Customers complete control over their virtual training environment and data. eFront blends seamlessly with any other infrastructure and has the power to grow as the Customer’s needs grow.

3. How We Use Personal Information We Collect as Controllers

We collect personal data or personal information through the Site (https://www.efrontlearning.com/) and the Services (“eFront”)

Visitors
A visitor of our Site is the person simply visiting our Site, as well as the person interacting with our Site e.g. by filling in and sending the contact form, or ordering our Newsletter (referred to as “you”, “your” or “Visitor” in this Policy).

Cookies
A cookie is a small data file stored by your browser at your device’s hard disk for record-keeping purposes, namely it records information about the use and activity on the Site. This information may include, but is not limited to, your Internet Protocol address, browser type, but also your web browsing history before visiting the Site, our Site’s search history.

Some cookies are “first party cookies”, which means that they are set by the owner of a website. Cookies set by parties other than the owner of a website are called “third party cookies”.

Cookies are used for different reasons.

There are the necessary cookies, which are required for technical reasons in order for a website to operate.

Some cookies are used to enhance the performance and functionality of a website, but are non-essential to their use. However, if you decide not to accept such cookies, certain functionality may become unavailable. Such cookies are called preferences cookies.

Some cookies collect information that is used in aggregate form to help a website owner understand how its website is being used. Such cookies are called analytics. For example Google, stores a Google Analytics cookie in order to be able to differentiate between users and be able to show to the website owner how many times people visit a website on average and information on what pages they’ve seen, how long the duration was, and so on. Third party cookies used on our Site upon your consent are Google Analytics.

Some cookies are used for marketing purposes. These are the marketing cookies and are third-party cookies. Third-party cookies are placed by providers (e.g., by Google, Facebook), who a website owner may have engaged to provide advertising services on its behalf. If, from the analysis of information, visitors of a webpage are interested in one of the services, then advertising material would be projected on third party websites. To see how data is collected and analyzed by third party cookies, you can also visit the websites of the third parties.

When you visit our Site, you are asked to consent to the use of cookies. You may choose to consent to none, one or more of the above cookies, except for the necessary ones. You may withdraw your consent to the use of cookies any time during your visit to our Site freely and easily by clicking on the Cookies Manager button and setting your preferences.

Additionally, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.

Newsletter
If you wish to receive our Newsletter, for example announcements about new offers and actions of us, you may enter your e-mail address on the Site to specifically request registering for the Newsletter. Your email address is solely used for the purpose of sending our Newsletter and you are removed from the Newsletter recipient list, once you choose to unsubscribe. You may be removed from this list, easily and without cost, by selecting the “unsubscribe” link within the e-mail content. You can also send an email at privacy@efrontlearning.com.

To send the Newsletter, we use Mailchimp, a US based company, as a provider of electronic communication platform. For the privacy policy of Mailchimp see Mailchimp Privacy.

Contact Form
If you wish to communicate with us by using the Contact Form, you may enter your name, your e-mail address, your telephone number, the matter you would like to discuss about with us and write your message in the dedicated space. Such personal data is used solely for the purpose of responding to you, and we keep your data only as long as it is necessary to respond to your request.

Other Submissions
We collect other data that you submit to our Site or as you participate in any interactive features of the Services, participate in a survey, contest, activity or event, or otherwise communicate with us. Such personal data is used solely for the purpose they were collected, and we keep your data only as long as it is necessary to serve that purpose.

Customers
In addition to the data we collect about Visitors, we also collect data from our Customers that are required for your contract with us, such as identification data (email, address) and contract data (your subscription plan) as well as billing and invoicing data. For billing and payments we engage Stripe (Stripe Global Privacy Policy), Paypal (Paypal Privacy Statement), and Braintree (Braintree Privacy Policy), Xero as an accounting and invoicing platform, (Xero Privacy Policy), and Baremetrics (Baremetrics Privacy Poilicy) for financial metrics, as our agents.

Credit Cards: You should know that we do not store your credit card information in our systems. All credit card transactions are processed using secure encryption – the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely at gateways on a PCI-compliant network.

We have made sure, by means of a written contract or assignment, that our agents provide at least the same level of data protection as we do, for example that they follow reliable technical and organizational security measures. You should know that Epignosis LLC is liable for onward transfers.

4. How We Use Personal Information We Collect as Processors

If you decide to purchase or sign in for free to the Services, we process personal data inputted in the Services by you/the Customer and your Authorized Users (any person authorized by you to use the Services via your account), as data processors, i.e. in the way described and instructed by you in the Data Processing Addendum.

Data Processing Addendum
Epignosis is the data processor for all personal data processed in relation to the provision of the Services. This means that such personal data is collected on the Customer’s/Account Owner’s behalf for its own purposes, that Customer/Account Owner is solely responsible i) for the legality, reliability, accuracy and quality of such personal data ii) for the legality of the processing purposes and iii) for the necessity of the processing to serve these purposes, and that the Customer/Account Owner is the data controller of personal data processed, while using the Services. Therefore, the Customer/Account Owner is responsible to satisfy the requests of the data subjects/individuals, whose personal data is processed through the Services, while Epignosis shall provide assistance, as requested by Customer. Additionally, the Customer/Account Owner is responsible to inform the data subjects/individuals (any person whose personal data is processed by usage of the Services) about the scope, the purpose, the duration and the means of the processing, and to acquire the consent of the data subjects/individuals, whose personal data is being processed through the Services, where required. Epignosis executes a Data Processing Addendum with the Customer/Account Owner, which is available on the site at eFront DPA.

We share personal data with our agents (sub-contractors and sub-processors), solely for the provision of the Services. We have made sure, by means of a written contract or assignment that our sub-processors comply with the DPA, and provide at least the same level of data protection as we do, for example that they follow reliable technical and organizational security measures.

Our full list of sub-processors, including their tasks, and contact details, as well as their privacy policy is available on this Site as part of the DPA (Attachment 3).

Users of the Services should know that in some cases another User (such as an administrator) may create an account on your behalf and may provide your information, including personal information (most commonly when your company requests that you use our service). We collect information under the direction of our Customers and often have no direct relationship with the individuals whose Personal Information we process. If you are an employee of one of our Customers and would no longer like us to process your information, please contact your employer and us at the contact information below.

Third-party intergrations in efront: You may access third-party services via efront. These services may include access to content, such as courses or You Tube, Twitter or Facebook by linking your account in efront with an account on the third-party service or by clicking on third-party buttons (such as “like” or “share” buttons), which you have created subject to the third party’s Terms of Use. efront may also contain links to third-party websites. Linked websites and third-party services are not under our control, and we are not responsible for their content.

Third-party integrations may also enable access to functionalities, such as videoconferencing (Microsoft Teams, helpdesk (Zendesk). Use of these third-party services is optional, and you may have access to them by linking your account in efront with an account on the third-party service, which you have created subject to the third party’s Terms of Use.

By using one of the above third-party integrations (offering content or functionality), you agree that such third parties may process Personal Information you provide them by using their services. To the fullest extent permitted by law, we are not responsible for any third-party service’s use of Customer’s exported information.

Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services. Such Content includes any personal information or other sensitive information that you choose to include (“incidentally-collected personal information”). Although Epignosis owns the code, databases, and all rights to the eFront services, Customers retain ownership, control and all rights to their records and data which are their property.

5. How We Process and Retain Personal Information

We collect and process personal data in a transparent manner, to the extent necessary for specified, explicit and legitimate purposes, and do not process it further in a manner incompatible with those purposes. We take care that the data we collect are accurate and, when necessary, updated. We take all reasonable steps to immediately delete or rectify personal data, if inaccurate. We process data in a way that guarantees their security, including their protection against unauthorized or unlawful processing and accidental loss, destruction or degradation, using appropriate technical or organizational measures. We are ready to prove at any moment how we adhere to the above principles. We take the appropriate technical and organizational measures for the security, confidentiality, integrity and availability of the data. We expressly declare that these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indeterminate number of natural persons.

Each domain’s data are retained for as long as the Customer’s paid subscription to the service or free plan lasts. If Customer elects not to renew a Subscription, Customer’s account will be decommissioned one day after the license’s expiration. The Customer can request the immediate deletion or return of its data and the Supplier will comply without undue delay. If the Customer never confirms the request to have its data deleted or returned, the Supplier will retain a backup for a maximum of 365 days, to accommodate a returning Customer or a request of the Customer to have its data returned, after which period, the data will be permanently deleted.

6. Information Sharing and Disclosure

Users: We will display your Personal Information in your profile page and elsewhere on the Site according to the preferences you set in your account. Any information you choose to provide should reflect how much you want other eFront Users to know about you. We recommend that you guard your anonymity and sensitive information, and we encourage you to think carefully about what information you disclose in your profile pages. You can review and revise your profile information at any time. You should be aware that the administrator, as well as specially designated support personnel in order to provide support for technical issues you may face, may be able to: access information in and about your account; access communications history, including file attachments, for your account; disclose, restrict, or access information that you have provided or that is made available to you when using your account, including your Content; and control how your account may be accessed or deleted.

Third Parties: We do not sell your personal information or Content and will not share or disclose any of your personal information or Content with third parties except as described in this Policy. We do not share personal information about you with third parties for their marketing purposes (including direct marketing purposes).

Service Providers, Business Partners and Others: For security, service operation and management purposes, eFront also uses third-party services that provide the same level of protection as Epignosis. Third-party vendors and providers supply the necessary hardware, software, networking and storage to run the eFront service; a detailed listing of them is included in the Terms of Service in the eFront DPA. These third parties have access to your personal information only for purposes of performing these tasks on our behalf.

Compliance with Laws and Law Enforcement: eFront cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of eFront or a third party, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.

Children: Our services are not directed to children. We do not knowingly collect Personal Information from children. If we become aware that a child has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at the contact information below.

Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified on any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

7. Your Rights

Epignosis respects your rights as a data subject and individual. When Epignosis processes personal data on behalf of and as instructed by its Customers, our Customers are responsible towards the data subjects and you should contact the respective Customer to which the content of your service belongs for exercising your rights. In this case, Epignosis does not respond directly to your requests for the exercise of your rights that come to our knowledge, but we inform the Customer without delay and provide all reasonable assistance to satisfy your requests in accordance with instructions of the Customer. The Services have all the necessary features to enable our Customers to protect the rights of the data subjects on their behalf. For example, the Services provide the ability to obtain and manage consent, and to implement strict and secure password policies as well as to exercise the right to be forgotten.

A synopsis of your rights as a data subject under the GDPR is provided below. You may also refer to the eFront GDPR page for detailed step-by-step instructions on how you can exercise these rights by means of invoking eFront service features.

For your rights under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK

Extension to the EU-U.S. DPF, you may refer to the eFront DPF page.

Transparency, information and answers to requests: Epignosis adheres to the principle of transparency in processing. For any question regarding this policy you may contact us at privacy at efront dot com. We will respond without delay and in any case within one month upon receipt of the request.

Access: You have the right to receive from Epignosis confirmation on whether your personal data are processed and in case this happens all required information thereof (processing means, goal, records etc.).

Rectification: You have the right to require the rectification of inaccurate data relating to you without undue delay, as well as to fill in incomplete data if necessary for processing. If you have an account on our Site you can update your account data through your profile by selecting “My information” from the options menu at the top of the screen.

Erasure: You have the right to ask for the erasure of personal data concerning you without undue delay. Epignosis by means of its designated personnel will erase the data where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes of processing; or b) the person requesting the erasure withdraws consent on which the processing is based and there is no other legal ground for the processing; or c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing; or d) the personal data have to be erased for compliance with a legal obligation. Epignosis will not proceed to the erasure of the personal data if the data must be maintained for compliance with a legal obligation or in cases where the processing is required for the establishment, exercise or defence of legal claims. If you receive marketing emails, you can remove yourself from the recipients list by selecting the “unsubscribe” link within the e-mail.

Restriction of processing: You have the right to request restriction of processing if the accuracy of personal data is disputed, for that period of time that allows Epignosis to verify the accuracy of personal data or based on any other legitimate reason specified in applicable Data Protection Laws.

Data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format as well as the right to request the direct transmission of personal data by Epignosis to another, if this is technically feasible.

Right to Object: You may oppose the processing of personal data which takes place without your consent. In this case, Epignosis no longer submits the personal data unless it demonstrates imperative and legitimate reasons for the processing that outweigh the interests, rights and freedoms of you as a data subject or for the foundation, exercise or support of legal claims. If you receive promotional emails, you can remove yourself from the recipients list by selecting the “unsubscribe” link within the e-mail content. You may also oppose processing at any time by contacting us at the email provided at the end of this Policy.

Complaint to Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes Data Privacy Laws.

Right to opt out and right to Non-Discrimination: If you are a California resident, you should be specifically aware that you have the right to direct a business that sells (or may in the future sell) your Personal Information to stop selling your Personal Information and to refrain from doing so in the future. We do not sell your Personal Information to any other party.

If you are a California resident, you should be specifically aware that we will not discriminate against California residents or against any person, if they exercise any of the rights provided in the CCPA, or any applicable privacy law provision. In particular, we will not deny goods or services; charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provide a different level or quality of goods or services; or suggest that anybody (including California residents) will receive a different price or rate for goods or services or a different level or quality of goods or services.

8. Security

eFront is very concerned with safeguarding your information. We employ reasonable measures designed to protect your information from unauthorized access. For our security measures you may also refer to Security.

9. Data Ownership

Although Epignosis owns the code, databases, and all rights to the eFront services, Customers retain ownership, control and all rights to their records and data which are their property.

10. Data Transfers from the EU and the UK to the United States

Epignosis has self-certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework.

11. Recourse

You may address inquiries, requests or complaints about this Privacy Policy and your Rights to dpo@epignosishq.com and/or privacy@efrontlearning.com.

To find out more about the recourse mechanisms and the Alternative Dispute Resolution Provider available in adherence to the Principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, please visit the DPF page.

12. Cooperation With Supervisory Authority

Epignosis commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the ICO in the UK and comply with the advice given with regard to data transferred from the EU and the UK. The EU representative of Epignosis LLC is the Greek Branch of Epignosis UK Ltd. The UK Representative of Epignosis LLC is Epignosis UK Ltd.

13. Contacting Us

If you have any questions about this Privacy Policy, please contact us at: privacy@efrontlearning.com and/or dpo@epignosishq.com.