Policy

Effective date: July 30 2022

Alemira AG (formerly SIT Alemira Switzerland AG) ( Rheinweg 9, CH-8200 Schaffhausen, Switzerland) corporate registration number: CHE-198.218.273, a member of the Schaffhausen Institute of Technology ecosystem, provides digital learning and research solutions for businesses and education institutions.

Alemira AG and its affiliates, including:

• Alemira PTE. LTD. (8 Temasek boulevard, #30-01, Suntec Tower three, Singapore 038988), 
• Alemira Software Limited (1700 Sofia city, Studentski administrative district, 59 G.M. Dimitrov Blvd., “NV Tower” building, 11th floor, Bulgaria),
• Dybuster AG (Lintheschergasse 7, 8001 Zürich, Switzerland)

(together, , “Alemira” or “we”) prioritize the protection of your personal data. 

This Alemira Privacy Policy (the “Policy”, the “Privacy Policy”) describes how we collect and process your personal data, including data you provide, data collected automatically through the use of our services, and data we obtain from third-party sources.

We are transparent when it comes to the privacy of our customers, website visitors, Service users, employees, and every individual ("you") and hereby inform you about your rights in relation to your personal data that we process.

All of our products and services are designed with data protection in mind. We work hard to keep your information secure. We regularly monitor and update our security practices to help protect your privacy the best we can.

Please read this Privacy Policy carefully.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, THEN PLEASE DO NOT PROVIDE YOUR PERSONAL DATA TO US OR USE OUR SERVICES.

Glossary

Where we refer in this policy to your ‘personal data’, we mean any recorded information that is about you and from which you can be identified. It does not include anonymous or anonymized data where your identity has been removed and cannot be recovered.

Where we refer to the ‘processing’ of your personal data, we mean anything that we do with that information, whether or not by automated means, such as collection, recording, organizing, storing, adapting, use, disclosure, combining, transferring, erasing or destroying.

“Service(s)”, “Alemira Service(s)” means the version of Alemira’s proprietary web-based educational and research solutions with its related services that are supplied to the customer or partner.

“Service Provider” means Alemira’s customer, partner or vendor, that provides Alemira Services to its customers or end-users.

Where this Privacy Policy applies

This Privacy Policy applies to Alemira Services, and the websites of, including, but not limited to https://alemira.com, https://support.alemira.com/, Alemira LMS powered by Open edX (*.alemira.com), Alemira LMS (*.alemira.com), Alemira Coding Lab (https://lab.alemira.com/login), Alemira Active Lab (https://alemira.com/active-labs/). 

Any personal information collected in connection with your use of third-party services or products are not subject to this Privacy Policy.

Alemira accepts no responsibility or liability with respect to third-party services.

We strongly recommend you to familiarize yourself with the policies and terms of the third parties to understand how your personal data that they process is handled.

Please note that we use the following third-party services, including but not limited to:

• HubSpot (https://www.hubspot.com/) to create interactive forms on our website and web services. HubSpot privacy policy: https://legal.hubspot.com/privacy-policy;
• Zendesk (https://www.zendesk.com/) as a Customer Care Solution. Zendesk privacy policy: https://www.zendesk.com/company/agreements-and-terms/privacy-policy/;
• Pelican (https://en.pelican.study/), as a learning management system used to create and supply educational courses and materials. Pelican privacy policy: https://en.pelican.study/pages/policy/;
• Greenhouse (https://www.greenhouse.io/) for recruitment, hiring, and personnel record-keeping. Greenhouse privacy policy: https://www.greenhouse.io/privacy-policy.

Check the full list with relevant details of third-party solutions and services used by Alemira on the subprocessor web page.

This Privacy Policy also applies to the processing of data on all employees, workers, individual contractors, and contingent workers of Alemira ("Staff").

Data Controller and Data Processor

Alemira operates interactive educational and research platforms and services.

The Data Controller (i.e., the person who or entity that determines the purpose and means of processing), in the meaning of the EU General Data Protection Regulation (hereinafter: GDPR), for the personal information collected through the Services is the Service Provider.

When we collect and process personal data pursuant to a Customer Agreement with the Service Provider, we typically act as a Data Processor on behalf of our Customer (the Service Provider using our Services for its business interests).

For the personal data collected directly by and on the purpose determined by Alemira, including Staff personal data, the Data Controller collecting personal data is Alemira AG (formerly SIT Alemira Switzerland AG).

Information we collect

We, our Service Providers, Partners, and our third-party Vendors use your personal data to carry on various business, services, institutional, research and educational activities. The ways in which we collect and process your data vary depending on the Alemira Services that you use.

WE AND OUR SERVICE PROVIDERS /PARTNERS / THIRD-PARTY VENDORS MAY COLLECT THE FOLLOWING PERSONAL DATA:

Personal data you voluntary provide

For the provisioning of the Services, we collect the personal data that you give us exclusively for the purposes listed below. 

We do not reuse the information for another purpose that is different to the one stated.

Educational Services. For some of our products and services, creating an account is necessary. When you create an account, you provide us with a username and password, business, or personal information, such as name, address, email address, phone number and other information that you choose to provide us. 

For data processing carried out for identification, remote monitoring of students and verification of online tests and exams (Proctoring), we process customer’s staff and partners contact information; personal data of students; identification data: full name, e-mail, passport details, full name of student’s legal representative (if the student is a minor); time zone; photographic and video imaging; video; and audio recording of the exam.

Admission. When you apply for admission to a program or course, webinars, marketing, live events, conferences, training and other events or request information from us, whether it be in person or online, and when you seek financial aid your personal information is collected to enable your education, your admission or for providing the service. This may include information such as first name, last name, place of work, job title, country, email, phone number. Email address is necessary to send you communications regarding your course and support. Username is used to manage your account and facilitate your login into the service. Phone number is used by our customer care specialists in order to call you for additional information (preferable lessons time, public school where the child is studying, address of living, etc).

Service administration. For educational service administration, we or our customer using our Services may collect from you: your contact information, country/location information, educational history and test scores, personal information, employment history, personal financial information, family information, education organization information, profile photo.

Purchase. When you make a purchase, you provide us with your order information and, if applicable, financial account information, purchase history, address. (We do not collect payment card information – it is collected and processed by a third-party payment card processor.)

Surveys. When you participate in surveys or focus groups, you give us your insights into our products, services, or other initiatives, as well as other information which you may decide to give us.

Customer care. If you contact our customer care service team, we collect the information you give us during the interactions. Sometimes, we monitor or record these interactions for training purposes and for quality assurance. If we are recording your interaction, we will provide a notice as required by applicable law.

We also collect data for employment and employees record keeping purposes below.

Employees and job applicants. We collect your personal data when you apply for a position with us. We also collect personal data at the start of and throughout the course of your employment. The personal data collected by us or on our behalf is for the primary purpose of facilitating employment, HR-related administrative procedures, and to satisfy legal and contractual obligations. Information we collect may include: contact information, payment information for purposes of payroll processing, tax information, lawful immigration/work visa status, personal information and history, employment history, education history and documents, family information, demographic information, health information.

Alemira entity that is a party to your employment contract or contract for services or otherwise employs you will be the Data Controller of your personal data.

Information collected while you use the Services

When you use the Services, we collect information about which features you use and how you use them, including how often you use the Services and in which circumstances; services performance metrics; and information about the computer, tablet or mobile telephone (“Device”) that you use to access the Services, including: hardware and software information Device or component ID, type and architecture, device-specific and operating system settings, your wireless or mobile network connection; and activity and audit logs, including your search queries, Internet Protocol (IP) address, browser type and language, time zones, date and time of your request and referral URLs. 

Information collected through Data Collection Technology

We use cookies, pixel tags (also known as web beacons, flash cookies, and clear GIFs) and similar technology (“Data Collection Technology”) to automatically collect information about you when you use the Services. Please read the “Data Collection Technology” section below to learn more.

Voice data

We do not keep and process your voice data. However, some of our products have voice control options available. If you decide to use them, with your permission, we activate the built-in extension of your Google Chrome browser, which captures your voice via your microphone and transfers it to Google for recognition. As a result, we receive only a text version of your voice commands, which we do not keep and use only for current command execution. Since your voice data is processed by Google, the purposes and the ways that Google processes your data may vary depending on your Google account settings (if any) and preferences. To understand how Google processes your data, including voice data, please carefully read the Google privacy policy (https://policies.google.com/privacy).

Information we receive from others

We receive information about you from others, including our vendors, service providers, resellers, app stores and other business partners. We also receive information about you from the third parties that help us operate the Services, such as for fraud detection, digital forensics, marketing services, surveys, analytics, webinars and courses management, administering fellowships, scholarships, grants, and similar functions.

Other information with your consent

We collect other information when you give us permission at the time of collection for the purposes disclosed to you at that time.

Alemira is part of the SIT Group which has for-profit and no-profit entities. By giving your consent on Alemira websites to receive tips, news and occasional promotional offers from SIT, you agree to receive offers from SIT Group.

Personal data we do not collect

Alemira does not need special categories of personal information (also known as “sensitive personal information or data”), as defined by the General Data Protection Regulation (GDPR), to provide the Services. Alemira avoids collecting sensitive personal data from you through the Services or otherwise. In the rare circumstances in which Alemira does seek to collect sensitive personal data, Alemira will do so in accordance with data protection laws and/or ask for your consent.

Data Collection Technology

Data collection technology helps us improve your experience of the Services by, for example, storing your website language preferences, so you do not have to select it each time you use the Services, compiling statistics about the use of the Services, helping us analyze technical and navigational information about the Services, and detecting and preventing fraud.

Alemira collects certain information through the use of ‘cookies’, which are small text files that are saved by your browser or device when you access our Site or Alemira Services. Cookies typically contain information on your computer, user settings, browsing history, the domain, the “lifetime” of the cookie, a randomly generated unique number or a similar identifier.

Alemira also uses other types of data collection technology, such as ‘web beacons’ (also called a pixel tag or clear GIF). A web beacon is a piece of computer code that enables us to monitor user activity and website traffic.

To learn more about cookies, web beacons, and other data collection technology, visit https://www.allaboutcookies.org/.

You may find detailed information on collected Cookies and their management in our Cookies Policy.

Alemira Services use the following cookies:

• Strictly necessary cookies, which are required for the operation of the Services, such as to enable you to register or log in to the Services;
• Functionality cookies, which are used to remember your choices and preferences to improve your experience;
• Performance/Analytical cookies, which allow us to count the number of visitors to our website, to learn how users navigate the Services, and to help us to improve how the Services function;
• Advertising and Targeting cookies, which are used to deliver tailored information about our products and services that may be of interest or value to you, marketing, and promotional emails (with your consent where required by applicable law).

We use Google Analytics to better understand the trends and how our visitors and customers use our Services. The Service is provided by Google LLC., a company organized under the laws of the State of Delaware, USA, and operating under the laws of the USA (address: Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA). Google Analytics does not directly identify individual users. Please see https://policies.google.com/technologies/partner-sites for more information about how Google uses the information it collects through our websites. For Google Analytics’ currently available opt-outs, please see https://tools.google.com/dlpage/gaoptout/.

Cookies management

Most browsers allow viewing, managing, deleting or blocking cookies. Please be aware that if you delete or block cookies directly in your browser then some of your preferences can be lost, as well as some functionality may no longer be available.

You may find detailed information on Cookies management in our Cookies Policy.

Our statement on Do Not Track Signals

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain personal data about the browser’s user. Not all browsers offer a DNT option, and DNT signals are not yet uniform. For this reason, many website operators, including Alemira, do not respond to DNT signals.

Lawful basis of data processing

Alemira processes the personal data in accordance with the applicable laws and regulations on data protection.  Alemira lawful bases for processing depending on the context in which the personal data are processed.

Most of the time, the reason we process your information is the performance of our contractual obligations to consider your application, prepare for a future contractual relationship with you, employ you, or provide our Services.

We also process your personal data when the processing is in our legitimate business interests and not overridden by privacy or other fundamental rights and freedoms. With this regard, we process your personal data:

• to respond to data privacy or other queries (like demo requests);
• to improve our offerings continuously;
• to facilitate the provision of the Services;
• for admission research, survey invitations;
• for statistical analysis;
• for fraud detection and legal compliance purposes.

We may have other legitimate interests and if appropriate, we will make them clear at the relevant time.

From time to time, we may ask for your consent to use your personal data for certain specific and explicit reasons – for example when you subscribe to SIT newsletters, offers or marketing materials. We will provide you with relevant information for the processing and you may withdraw your consent at any time by contacting us at privacy@alemira.com.

In some cases, we may also have a legal obligation to collect personal data. If we ask you to provide personal data to comply with a legal requirement, we will make this clear at the relevant time. We will advise you whether providing your personal data is mandatory. We will also inform you of the possible consequences if you do not provide your personal data.

Note that Alemira does not carry out automated decision-making and profiling creating legal effects or significantly affecting data subjects.

Data sharing with third parties

Alemira may share information with our business partners, Service Providers and vendors, including customer service, marketing, and security testing service providers to perform our contractual and other legal responsibilities or for legitimate business purposes. Alemira will ensure that any company with which we share personal data agrees to safeguard it accordingly.

Such types of organisation may be:

• colleges;
• schools;
• external organisations providing services to us, for example our inquiry management and plagiarism;
• detection systems;
• external organisations, acting as controllers for your personal data;
• external organisations offering sponsored services including but not limited to student surveys, marketing services, event registration and coordination;
• the governmental departments or agencies responsible for immigration and student loans;
• third parties including your former employer(s) or educational establishment(s) to obtain a reference or to verify the accuracy of a reference or other information you have submitted with or in support of your application; if you have or are seeking a particular relationship with a third party, for example, because of an exchange scheme;
• sponsors or benefactors of funding and financial support;
• other Higher Education institutions as part of formal partnerships, cross-registration for courses and events with other universities, research and study arrangements with other educational institutions. Where information is shared with third parties, we will seek to share the minimum amount necessary;
• all third-party service providers that process data on our behalf. All service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions. See the list of Alemira third-party subprocessors.

As part of a corporate transaction. We may share and transfer personal data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by Alemira.

When required by law.  Alemira or Alemira’s service providers may use servers and other equipment to provide the Services that are located in countries where litigants, law enforcement bodies, regulatory, courts, and other agencies of the government may have the right to access personal data stored within their jurisdictions upon terms and conditions provided by local law.

Alemira also may provide access to your personal data to government authorities if Alemira suspects or believes that your data contains child pornography or other prohibited content or data or that the data is used for illegal purposes.

When reasonably possible, Alemira will provide notice of any required or requested disclosure and reasonably cooperate to limit such disclosure to the extent allowed by law.

For other lawful disclosures. Alemira also shares information (i) if disclosure would mitigate Alemira’s liability in an actual or threatened lawsuit; (ii) as necessary to protect the legal rights of Alemira, users, customers, vendors, business partners, or other interested parties; (iii) to pursue available remedies or limit the damages; (iv) to enforce our agreements; and (v) to respond to an emergency.

Data transfers outside of the European Economic Area (EEA) or Switzerland

We are a global business that provides its products and services all around the world.

For cross-border transfers of personal data, we always make sure to put in place appropriate and suitable safeguards and to ensure that your personal data remains safe and secure at all times and that your rights are protected.

Where applicable law requires a data transfer mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA, Switzerland, verification that the recipient has implemented Binding Corporate Rules, or other legal methods available to us under applicable law. For transfers to third countries, we have entered into Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your Personal Data to those entities outside the EEA.

Transfers outside EEA or Switzerland will only take place if one of the following applies:

• the transfer has your consent;
• the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract or the transfer is governed by approved contractual clauses;
• the country receiving the data is considered by the EU to provide an adequate level of data protection;
• the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection.

Data retention

We will retain your personal data for a maximum of two years (Retention Period), except if a longer period than the Retention Period is required for, legal, accounting, or government / administrative reporting requirements.

Personal data collected during demonstration session of our Services is being stored for not longer than 7 days.

We may keep your information for a longer period for historical, statistical, or scientific purposes with the appropriate safeguards in place.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Information collected from the use of Services, from employment, your account, billing and other personal information will be retained for as long as we have a legal obligation or for our legitimate interests in establishing legal rights.

Upon expiration of the applicable retention period, we will securely destroy your personal information in accordance with applicable laws and regulations.

Your data protection rights

We guarantee to grant you your user rights, exclusively with regard to the personal data belonging to you. 

Under certain circumstances, by law you have the following rights: 

• The Right to Information. We inform you about the collection and usage of your personal data using this Policy before we engage with such processing. Additionally, you have the right to receive information about leaks (loss, disclosure) of your personal data;
• The Right of Access. You have the right to access and receive a copy of your personal data, and other supplementary information. If you are not a registered user, Alemira may take reasonable steps to verify your identity before providing access to personal data. We may not allow you to review certain data for legal, security or other reasons.
• The Right to Rectification. This enables you to ask us to correct any incomplete or inaccurate data we hold about you;
• The Right to Erasure (also known as the “Right to be Forgotten”). This enables you to ask us to delete or remove your data in certain circumstances, for example, if you consider that there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing;
• The Right to Restriction of Processing. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it;
• The Right to Data Portability. You may request the personal data you have provided to us in a structured format or the transmitting of your data to other entities that you have specified;
• The Right to Object. You may object to the processing of your personal data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to where we are processing your data for direct marketing purposes. If you do not wish to receive marketing-related emails from us, please click the unsubscribe link in one of our marketing emails. 
• The Right to Withdraw Consent. You have the right to withdraw previously given consent for the processing of your personal data for that specific purpose at any time;
• The Right to Avoid Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you. You may withdraw the previously given consent for automated decision-making about you, including profiling. If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact us at privacy@alemira.com. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR and other applicable laws. 

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Children’s privacy

Alemira takes children’s privacy seriously.

We have products and services designed specifically to assist you as a parent by providing child online education features. In such cases, we will only collect and process personal data related to any child under 16 years of age, which you choose and consent to disclose to us or otherwise instruct us to collect and process.

Contacts or complaints handling

To exercise any of your rights, or if you have any other questions or complaints about our use of your Personal Data and its privacy, write us at: privacy@alemira.com

If you are not satisfied with our answer or how Alemira manages your personal data, you may also have the right to make a complaint to a data protection regulator. If you reside within the EU, a list of National Data Protection Authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time and will seek to inform you of substantial updates. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy.

Previous version from 30 of July 2022

Previous version from 30 of March 2022

Previous version from 01 of July 2021