Pathway Cloud LMS (Pathway) is the Learning Management System owned and operated by Willow Learning Ltd, whose trading name is WillowDNA.
Under written agreements between Willow Learning Ltd and the organisations who are Our customers, We provide Pathway Cloud LMS and related services (the Services) that involve Us in the processing of Personal Data on behalf of the customer organisations.
Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), Willow Learning Ltd is therefore a Data Processor that processes Personal Data on behalf of organisations who are Data Controllers.
Willow Learning Ltd understands that your privacy is important to you and that you care about how your personal data is used and shared online.
We respect and value the privacy of everyone who uses Pathway Cloud LMS (“Pathway”) and will only process personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
means an account required to access and/or use certain areas and features of Pathway
means a small text file placed on your computer or device by Pathway when you visit certain parts of Pathway and/or when you use certain features of Pathway. Details of the Cookies used by Pathway are set out in section 13, below.
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
“Data Controller”, “Data Processor”, “processing”, and “data subject”
shall have the meanings given to the terms “controller”, “processor”, “processing”, and “data subject” respectively in Article 4 of the GDPR.
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Pathway.
This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
means Pathway Cloud LMS (Pathway) and associated services which are provided by the Data Processor to the Data Controller and which the Data Controller uses for the purpose of providing online learning, training and/or education services.
means Willow Learning Ltd, a limited company registered in England under company number 06090467, whose registered address is Bristol and Bath Science Park, Emersons Green, Bristol, BS16 7FR, and whose main trading address is Bristol and Bath Science Park, Emersons Green, Bristol, BS16 7FR.
Information About Us
Pathway is owned and operated by Willow Learning Ltd, a limited company registered in England under company number 06090467, whose registered address is Bristol and Bath Science Park, Emersons Green, Bristol, BS16 7FR and whose main trading address is Bristol and Bath Science Park, Emersons Green, Bristol, BS16 7RF
Our VAT number is 901 0391 75.
Our Data Protection Officer is Jon Atkey who can be contacted by email at firstname.lastname@example.org, by telephone on 0117 3707735, or by post at Bristol and Bath Science Park, Emersons Green, Bristol BS16 7FR an account required to access and/or use certain areas and features of Pathway
Provision of the Services and Processing Personal Data
As Data Processor, we only carry out the Services, and only process the Personal Data received from the Data Controller:
for the purposes of those Services and not for any other purpose;
to the extent and in such a manner as is necessary for those purposes;
strictly in accordance with the express written authorisation and instructions of the Data Controller (which may be specific instructions or instructions of a general nature or as otherwise notified by the Data Controller to the Data Processor).
As a data subject, you have the following rights under the GDPR, which this Policy and Our processing of personal data have been designed to uphold:
The right to be informed about the collection and use of personal data;
The right of access to your personal data (see section 13);
The right to rectification if any personal data held about you is inaccurate or incomplete (please contact the Data Controller);
The right to be forgotten – i.e. the right to ask for any personal data held about you to be deleted;
The right to restrict (i.e. prevent) the processing of your personal data;
The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
The right to object to your personal data being used for particular purposes; and
Rights with respect to automated decision making and profiling
If you have any cause for complaint about the use of your personal data, please contact the Data Controller, or contact Us using the details provided in section 15 and We will provide the relevant contact details. If We and/or the Data Controller are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
What Data Do We Collect?
contact information such as email addresses and telephone numbers;
web browser type and version;
course participation data such as course name(s), module and/or learning path name(s), activity name(s), progress and result(s).
How Do We Process Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 8, below.
Our processing of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with your Data Controller, because you have consented to Our processing of your personal data (e.g. by emailing the helpdesk service operated by us on behalf of the Data Controller), or because it is in Our legitimate interests. Specifically, We may process your data for the following purposes:
Providing and managing your Account;
Providing and managing your access to Pathway;
Personalising and tailoring your experience on Pathway;
Supplying the Services to you;
Personalising and tailoring the Services for you;
Replying to emails from you;
Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by emailing email@example.com;
Analysing your use of Pathway and gathering feedback to enable Us to continually improve Pathway and your user experience;
Third parties (including for example TedTalks or YouTube) whose content appears on Pathway may use third party Cookies, as detailed below in section 14. Please refer to section 14 for more information on controlling Cookies. Please note that We do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
You have the right to withdraw your consent to the use of your personal data at any time, and to request that it is deleted.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for as long as agreed with your Data Controller.
How and Where Do We Store Your Data?
We only keep your personal data for as long as We need to in order to use it as described above in section 7, and/or for as long as We are required to keep it.
Your Pathway data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
If you use our support or help desk services, the ticket platform, Zendesk, may store data relating to your query outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using the support or help desk services and submitting information to Us. If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR. Read more about the Zendesk policy here:
Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Pathway.
Steps We take to secure and protect your data include:
Storing all Pathway data in Microsoft’s Azure servers. Azure safeguards data in facilities that are protected by industry-leading physical security systems and are compliant with a comprehensive portfolio of standards and regulations. You can read more about Microsoft Azure here:
Using encrypted links for all transmissions into and out from Pathway.
Using only the most highly regarded third party data processors – see Section 9 below.
You can read more about our Data Protection Policy here:
Do We Share Your Data?
We may sometimes contract with third parties to supply services to you on Our behalf. These may include video players, webinar and help desk services. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of Pathway including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.
What Happens If Our Business Changes Hands?
In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
How Can You Control Your Data?
In addition to your rights under the GDPR, you may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
Your Right to Withhold Information?
To use features and functions available on Pathway you will be required to submit or allow for the collection of certain data.
All Cookies used by and on Pathway are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a pop-up message requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you.
Certain features of Pathway depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown below in section 14.5. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings as detailed below in section 14.9, but please be aware that Pathway may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
The following first party Cookies may be placed on your computer or device:
|Name of Cookie
To enable Us to identify your Pathway session on the server.
By storing data between each of your interactions with Pathway it enables us to serve you with data that is specific to you.
This cookie does not remain on your hard disk.
Used to store a user authentication. This is applied after a user logs in.
These statuses can contain "cmi.core.lesson_location", course status ("passed, "completed", "failed", "incomplete", "browsed", "not attempted").
TinyLMS cookie names begin with "TinyLMS".
The system also stores cookies to keep the state of widgets, whether they are open or closed. The cookie name will begin with widget id and it will have a value of "is-open" or "is-closed".
Pathway uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Pathway is used and plan for future use. This, in turn, enables Us to improve Pathway and the services offered through it.
The analytics service(s) used by Pathway use(s) Cookies to gather the required information.
The analytics service(s) used by Pathway use(s) the following Cookies:
|Name of Cookie
|First / Third Party
Stores the number of visits you make to Pathway, the time of your first visit, your previous visit and your current visit. It expires two years after your last visit to Pathway.
Checks how long you stay on Pathway: when your visit starts and ends." It expires at the end of the day.
Checks how long you stay on Pathway: when your visit starts and ends. It expires as soon as you close the browser window.
Throttles your request rate to Pathway in order to ensure good performance for all users. We set it to expire one day after your last visit to Pathway.
Records whether you came from a search engine (and if so, the search keyword used), a link, or from no previous page (e.g. a bookmark). It expires six months after your last visit.
In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Pathway more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.