Last changes to this policy were made: 27/08/19
1. What personal information is collected and used
Personal data and any information that relates to an identified or identifiable person. Personal Data that you provide to us directly through our Sites will appear in the context in which you provide the data. In particular:
- When you register to access the Lexya platform, we collect your full name, email address, and login credentials.
- When you fill out our online form to contact our sales team or when you subscribe to our newsletter, we collect your full name and e-mail address.
- When you use Stripe Checkout's "Remember me" feature, we collect your email address, credit card number, CVC code, and expiration date. Lexya uses Snipcart and the conditions attached to it for its online shopping cart. See this link to visit Snipcart's policies and terms.
- When replying to Lexya e-mails or surveys, we collect your e-mail address, your name, and any other information you choose to include in the body of your e-mail or your answers.
- If you contact us by phone, we will collect the phone number you will use to call Lexya. If you contact us by phone as a user, we may collect additional information to verify your identity.
- If you are a customer, when you make payments or make transactions through the Lexya website or application, we receive your transaction information. The information we collect will include information about the payment method (credit or debit card number, bank account information, etc.), the amount of the purchase, the date of purchase and the method of payment. . Different payment methods may require the collection of different categories of information. The payment method information we collect depends on the payment method you choose to use in the list of available payment methods.
- When we conduct surveillance, prevention and fraud detection activities, we may also receive personal data from our business partners, financial service providers, identity verification services, and public sources (for example, name, address, phone number, country) required to confirm your identity and prevent fraud. Our Fraud Monitoring, Detection and Prevention Services can use a technology that helps us assess the risk associated with an activated transaction attempt on a partner's Lexya platform.
- You may also submit information to us through other methods, including: (i) in response to marketing or other communications, (ii) via social media or online forums, (iii) participating in an offer, a program or promotion (iv) in the context of a real or potential business relationship with us, or (v) giving us your business card or contact information at trade shows or other events.
The student agrees to share his data when he registers
When the student logs in for the first time on the Lexya platform, he agrees to share the following information: his student user code from his institution, his email address and his full name. This information is shared directly in Lexya by the partner institution.
The information that will automatically be sent to Lexya
The application anonymously collects the following parameters: the courses to which the student is registered as well as the books associated with each of these courses. These parameters are only transmitted and collected by Lexya when the student agrees to transmit his personal data during his first connection. This data will be specifically used to improve the user experience of the student on the platform. This information is shared in Lexya by the partner institution. In any case, this data will not be sold, transmitted or shared to any other tier (see below '' How is the information used).
2. The servers used
Our service is hosted on Microsoft Azure servers. Our main server is located in Canada.
3. Use of information
We do not collect, use or share any information we have without the consent of the school or student. We do not sell any information on our platform. The information that is collected by Lexya allows the student user to access all the features offered by the application. The data will be used only to better meet the needs of the student. The nominal data of the student does not have to be shared with Lexya. They will serve to improve the social functions between each student interaction. We will use anonymous settings to improve the user experience at all times in our future development.
In no circumstances possible, we share or sell student data to external companies. No data will be use for non-educational purposes.
- Browser and device data, such as IP address, device type, browser type and browser type, screen resolution, operating system name and version, manufacturer and the model of the device, language, plug-ins, modules and language version of the sites you visit;
- Usage data, such as time spent on sites, pages visited, links clicked, language preferences and pages that led you to or referred to our sites.
We reserve the right to send you information related to the LEXYA service (example: news, events, promotions, etc.). The student may at any time unsubscribe from any communication. Under no circumstances, we will not permit behavioral targeting of advertisements- i.e. ads that use any behavioral information to provide targeted advertising to students
4. Location of the connected device
This Application does not collect precise information about the location of your mobile device.
5. Access to Documents by Public entities and Protection of Personal Information Act (A-2.1) and the Privacy Act in the Private Sector (P-39.1)
The protection of student data is paramount and that's why interactions with our web application are controlled and done in a safe environment. In accordance with the Access to Government Records and Privacy (A-2.1) Act, we have adopted and adhered to policies to ensure that student information is always secure.
The privacy and security of each student's personal information is more than important to us. That is why the Web application is thoughtful and thoughtful about adopting and respecting privacy legislation in the private sector (P-39.1).
- Lexya does not request any nominal data.
- The surname, first name, email address and gender are optional information. They are present only to enhance the user experience on the platform
- No "private" or confidential information is therefore required for the proper functioning of the platform.
- All web services are in HTTPS
- The data is saved in a database on the Microsoft Azure infrastructure
- The data repository is located in Canada
- At the first connection the student must agree to share his data with Lexya
- Before the student's first login, Lexya does not have any information about the student.
6.Access to information collected by the Platform by third parties
Lexya does not collect, store, use or share any personal information of the student beyond what is necessary for educational or academic purposes authorized by the educational institution. Only aggregated, some anonymous information will be periodically transferred to external sources to allow us to improve the user experience. We will only allow third parties certified and validated by us, the school and the student association partner, while respecting the following:
We may disclose information provided by the user and collected automatically:
- as required by the Privacy Act in the Private Sector (P-39.1)
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or that of others, investigate fraud or respond to a request from the government;
- If Lexya Inc. is faced with a merger / acquisition or even the entire sale of all of our assets, we will mandatorily require the company that will support Lexya to adhere to the same policies we face. We will erase all personal information before the change of direction. We will notify users of these changes by e-mail, as well as our customers via a general meeting.
7. Exit fees
All personal information is confidential unless its disclosure is authorized by the person to whom it relates. To be valid, consent must be free and enlightened. Consent may be withdrawn partially or completely at any time; it is not necessary that this withdrawal be in writing. In general, the law recognizes the right of any person to receive the communication of any personal information concerning him as well as the right to request the rectification of such information that is inaccurate, incomplete or equivocal. Regarding the exercise of the right of access to information that will be collected as part of Lexya, the student must be aware of the information he sends to Lexya.
8. Retention of data, maintains your data
We process personal data as a Processor as defined by the GDPR regulations.
We will remember the user's personal details for as long as they use the Lexya App and 3 months after the termination of use. The main objective in relation to the retention of user data is to improve and constantly improve the student experience. We will automatically collect anonymous information for up to 12 months after the termination of use of Lexya. The data will be erased when the student withdraws his consent or finishes his studies. The student has the right at any time to request a copy of his personal data. If the student wishes to review, update or delete any of his personal information, he may contact our Privacy Officer. The student can reach him by email at email@example.com. Please note that we will ask security questions in order to properly identify you.
9. Security of the Platform and information
We are concerned with how your data is secure and we make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of personal data. We "maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information. Your personal data is only accessible to a limited number of people who need to access information to perform their tasks such as the mandate to develop, operate or improve the platform. Unfortunately, no data transmission or storage system can be guaranteed 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of your account has been compromised), please contact us immediately. If there is a case where there is a security breach, we will notify customers and users as quickly as possible within an ideal 72 hours.
If something happens, we have already put technology appliances in place such as a firewall, a subnetwork and a system continually up to date. Moreover, our people are trained to act quick in case of a breach with the help of a tight protocol already in place.
If you are a Stripe user, we will retain your personal data as long as we provide you with the services. We can keep the necessary Personal Information for the platform, for a period not exceeding 1 year after the end of the student's studies. We retain the Personal Data after we cease to provide Services to you, even if you close your Lexya account or if you are no longer a student, to the extent necessary to fulfill our legal and regulatory obligations, and for monitoring purposes, detection and prevention of fraud. We also retain Personal Data to comply with our tax, accounting and financial obligations, where we are required to maintain the data by our contractual commitments to our financial partners, and where the retention of data is dictated by the payment methods we use. support. When we store data, we do so in accordance with the limitation periods and document retention requirements that are imposed by applicable law.
Our users will receive either a email notification or a notification push (banner) on the website and directly on the Lexya App that will advise them the new consent such as including a button that says “i agree” or “Ok” or a prominent statement stating the changes are effect and where they give consent by continuing the first time the user logs on following the change.
Typically, email notification or a banner on the signatory's website is sufficient if accompanied by new consent such as including a button that says "I agree" or "OK" or a prominent statement stating the changes are in effect and they give consent by continuing the first time the user logs on following the change
11. Links to other websites
The Services may provide the ability to connect to other websites. These websites may operate independently of us and may have their own privacy notices or policies, which we strongly suggest you to consult. If a linked website is not owned or controlled by us, we are not responsible for its content, the use of the website or the privacy practices of the website operator.
13. Contact us