Velop - Powering Professional Development

Who we are	We are Velop Limited. We provide a platform for; Professional individuals to log and track their learning and development activities independently, and; Educational institutions to track and manage their employee’s professional development activity and ongoing development requests. Our registered office is: Touchwood House, South Lea Road, Bath, BA1 3RW We are committed to safeguarding your privacy and ensuring the security of your data by fully complying with the rules and regulations set out in the GDPR and the Data Protection Act 2018. This privacy policy outlines how we collect, use, and protect your personal information when you use Velop. By accessing Velop, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use Velop. We (Velop) primarily act as a Data Processor on behalf of our customers (education institutions) in providing our services. You (the education institution) are the Data Controller. You own, store and are responsible for data about your teachers, staff and employees. Velop requires a subscription fee for education institutions to fully enable all features. Please contact info@velop.app for further information.
What personal data we collect and why	Name Work email address Job title Educational institution Subject areas Usage data Unique device identifiers (Google Advertiser ID or IDFA, for example) We will not collect any information regarding pupils, parents or your personal data outside of your role in your educational institution. When you use Velop for professional development, we will collect and process the following information: Learning progress, including courses taken, completion status, and assessment results. Preferences and interests related to professional development topics. Feedback and ratings you provide for courses and instructors.
How we use your personal data	We use the information we collect for the following purposes: Service Provision To provide you with access to Velop's professional development features and resources. To tailor your professional development experience based on your preferences and progress. To facilitate communication with course instructors, administrators, and fellow learners. Analytics and Improvement To analyse usage patterns and improve Velop's content and features. To conduct research and gather insights to enhance the effectiveness of professional development in education. Communication To send you updates, notifications, and relevant information about professional development opportunities. To respond to your inquiries and provide support. 3rd Parties The Velop platform integrates with several third-party providers to help us provide our service, as set out below: Third party purpose privacy information Amazon Web Services (AWS) Hosting services https://aws.amazon.com/compliance/data-privacy-faq/ Google Analytics 4 User tracking and analytics https://policies.google.com/privacy Google Tag Manager Tag and script management in a centralised manner. This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data https://policies.google.com/privacy Google Workspace Cloud storage, productivity and collaboration tools Google Cloud Privacy Notice Slack Business messaging app Privacy policy \| Legal \| Slack
Lawful basis	Under data protection law, we have to identify relevant lawful bases for our use of your personal data. We primarily rely on: Legitimate interests – to provide and administer the Velop platform to users and customers. Legal obligation – in meeting our legal obligations under financial, health and safety and employment laws (among others). Educational institutions (as “controllers”) define their own lawful bases for processing personal data relating to their staff.
How long do we keep your personal data?	We hold personal data of Velop users for as long as they are active users. We will delete account data and subscriber data 12 months after an Account was last active (i.e. where an Account has no active subscription).
International Transfers	Velop Limited is based in the UK and therefore subject to the UK GDPR and related UK data protection legislation. Our main IT infrastructure (Amazon Web Services) is hosted in Ireland but some of the third parties Velop integrates with store data outside the UK and the European Economic Area (EEA). Where this is the case, we have arrangements in place to ensure that personal data is afforded the same level of protection as within the UK or EEA, as required by UK GDPR Articles 45-49.
Your Rights	Under data protection legislation, you have rights in relation to your personal data, as below: The right of access (obtaining a copy of your data) The right to rectification (correcting your data) The right to erasure (deleting your data) The right to restrict processing (to stop use of your data for a time limited period) The right to data portability (to move your data to another organisation) The right to object (to object to our use of your data) Rights in relation to automated decision making and profiling (to know if and how we use any technology to make decisions about you). There are some limited exemptions to these rights, so they may not apply in every scenario. For further information on these rights, please see the Information Commissioner’s Office (ICO) website. If you wish to make a request in relation to any of these rights, please contact us as: data-protection@velop.app. Where we act as a processor on behalf of our customers, we will pass any requests to the customer to respond to (as a controller).
Information Security	We have information security measures in place to reduce the risk of unauthorised access to, misuse or loss of personal data. These include: Appropriate access controls and user authentication Incident and breach processes Appropriate internal IT and network security Business continuity processes Contracts with our suppliers covering data protection and information security \ On discovery of a data breach the following actions should be taken: Containment and recovery Assessing the risk Notification of breach to the Information Commissioner’s Office (ICO) Evaluation and response Any data breach will be disclosed to Velop users within 24 hours.
Queries and Complaints	In the first instance, we would hope to resolve any queries or concerns you have in an informal way, if you contact us at: data-protection@velop.app. If you are not satisfied with our response, you also have a right to complain to the Information Commissioner’s Office (ICO) as the regulator of data protection. For further information, please see: Make a complaint \| ICO
Updates to this Policy	We may sometimes need to update this Policy to reflect changes to the way we provide our services or to comply with updates to data protection law. Please check back regularly to see whether any changes have occurred. This Policy was last updated on 14th January 2024.

Privacy Policy