Viizard VLSS - The Intelligent Learning Ecosystem

1. Introduction

J&S Software Services Ltd ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Viizard Virtual Learning System Suite ("Viizard VLSS", "the Platform", "our Services").

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation. This policy applies to all users of our Platform, including educators, learners, and organisation administrators.

By using Viizard VLSS, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller

The data controller responsible for your personal data is:

J&S Software Services Ltd
[INSERT REGISTERED ADDRESS]
Scotland, United Kingdom

Company Registration Number: [INSERT NUMBER]
ICO Registration Number: [INSERT NUMBER]

Data Protection Contact:
Email: [INSERT EMAIL, e.g., privacy@viizard.com]

3. Data We Collect

3.1 Information You Provide Directly

We collect information you provide when you:

Create an account: Name, email address, password, profile photograph (optional), professional title, organisation name
Complete your profile: Biography, qualifications, expertise areas, social media links, contact preferences
Create courses (Educators): Course content, videos, documents, assessments, pricing information
Enrol in courses (Learners): Enrolment details, course progress, assessment submissions, assignment uploads
Make payments: Billing address, payment card details (processed securely by our payment providers)
Communicate with us: Support enquiries, feedback, survey responses
Participate in live sessions: Video and audio data during WebRTC sessions (if recording is enabled by the educator)

3.2 Information Collected Automatically

When you use our Platform, we automatically collect:

Device information: IP address, browser type and version, operating system, device type, screen resolution
Usage data: Pages visited, features used, time spent on pages, click patterns, search queries
Learning analytics: Course progress, completion rates, assessment scores, time spent on content, engagement metrics
Log data: Access times, error logs, referring URLs
Cookies and similar technologies: As described in our Cookie Policy

3.3 Information from Third Parties

We may receive information about you from:

Payment processors: Transaction confirmations and payment status from Stripe and PayPal
Your organisation: If your employer or institution provides access, they may share your name, email, and role
Analytics providers: Aggregated and anonymised usage patterns

3.4 Special Category Data

We do not intentionally collect special category data (such as health information, religious beliefs, or biometric data). If you include such information in course content or communications, you do so at your own discretion.

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Providing Our Services

Creating and managing your account
Enabling course creation, delivery, and enrolment
Processing payments and managing subscriptions
Facilitating live teaching sessions via WebRTC
Issuing certificates and maintaining your Personal Development Portfolio (PDP)
Providing customer support

4.2 Improving Our Platform

Analysing usage patterns to improve features and user experience
Identifying and fixing technical issues
Developing new features and services
Conducting research and analytics

4.3 Communication

Sending service-related notifications (account updates, course reminders, certificate issuance)
Responding to your enquiries and support requests
Sending marketing communications (with your consent)
Notifying you of policy changes

4.4 Security and Compliance

Protecting against fraud, abuse, and security threats
Enforcing our Terms of Use
Complying with legal obligations
Responding to legal requests and preventing harm

4.5 For Educators

Processing learner payments and transferring revenue to your connected payment account
Providing analytics on course performance and learner engagement
Enabling communication with your learners

5. Legal Basis for Processing

Under UK GDPR, we must have a legal basis for processing your personal data. We rely on the following:

Purpose	Legal Basis
Providing our Services, managing your account	Contract: Necessary to perform our contract with you
Processing payments	Contract: Necessary to fulfil transactions
Sending service notifications	Contract: Necessary to provide the service
Improving our Platform, analytics	Legitimate Interests: To improve our services
Security and fraud prevention	Legitimate Interests: To protect our Platform and users
Marketing communications	Consent: Only with your explicit consent
Legal compliance, tax records	Legal Obligation: Required by law
Certificate verification by third parties	Legitimate Interests: To enable credential verification

Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may contact us for more information about these assessments.

6. Data Sharing and Third Parties

We do not sell your personal data. We share your information only in the following circumstances:

6.1 Service Providers

We use trusted third-party service providers to help us operate our Platform:

Cloud Hosting: Google Cloud Platform (GCP) - stores and processes data
Payment Processing: Stripe and PayPal - process payments securely (we do not store your full card details)
Analytics: Google Analytics - helps us understand Platform usage
Email Services: [INSERT PROVIDER] - sends transactional and marketing emails

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2 Educators and Organisations

Learner data shared with Educators: When you enrol in a course, the educator can see your name, email, profile information, course progress, assessment submissions, and completion status
Employee data shared with Organisations: If your employer provides access, organisation administrators can view your training progress, completions, and compliance status

6.3 Certificate Verification

When you earn a certificate, it becomes part of your Personal Development Portfolio (PDP). Employers and other third parties can verify your credentials using the certificate's unique QR code or verification URL. This displays your name, the course completed, completion date, and issuing educator.

6.4 Legal Requirements

We may disclose your information if required to:

Comply with a legal obligation, court order, or regulatory request
Protect our rights, property, or safety, or that of our users or the public
Detect, prevent, or address fraud, security, or technical issues

6.5 Business Transfers

If J&S Software Services Ltd is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any change in ownership or use of your data.

7. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA) on Google Cloud Platform servers.

Some of our service providers may process data outside the UK/EEA. When this occurs, we ensure appropriate safeguards are in place:

Adequacy decisions: Transfers to countries the UK government has deemed to provide adequate data protection
Standard Contractual Clauses (SCCs): EU/UK-approved contractual terms that protect your data
Supplementary measures: Additional technical and organisational protections where necessary

You may contact us to obtain a copy of the safeguards we use for international transfers.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data Type	Retention Period
Account information	Duration of account plus 2 years after deletion
Course content (Educators)	Duration of account; exported upon request before deletion
Learning records and certificates	Indefinitely (to enable ongoing credential verification)
Payment and billing records	7 years (UK tax and accounting requirements)
Support communications	3 years after resolution
Analytics data	26 months (aggregated/anonymised thereafter)
Marketing consent records	Duration of consent plus 2 years

After the retention period, data is securely deleted or anonymised so it can no longer be associated with you.

Note for Learners: Your certificates and portfolio remain verifiable even after account deletion, as this is essential for employers to verify your credentials. You may request full deletion including certificates, but this will invalidate your credentials.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data. You can also update most information directly in your account settings.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent. Some data may be retained for legal compliance.

9.4 Right to Restriction of Processing

You can request that we limit how we use your data while we address your concerns about accuracy or our legal basis for processing.

9.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format (such as CSV or JSON) and have it transferred to another provider.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop unless we have compelling legitimate grounds.

9.7 Rights Related to Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [INSERT EMAIL]. We will respond within one month. If your request is complex, we may extend this by up to two additional months, and we will inform you of the reason.

We may need to verify your identity before processing your request. There is no fee for most requests, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

Right to Complain

If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

10. Cookies

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and assist with marketing efforts.

Cookies are small text files stored on your device. They help us:

Keep you signed in
Remember your preferences
Understand how you use our Platform
Improve our services
Deliver relevant advertising (with your consent)

You can manage your cookie preferences through our cookie consent tool or your browser settings.

For detailed information about the cookies we use, please see our Cookie Policy.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it.

Technical Measures

Encryption: All data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256
PCI-DSS Compliance: Payment processing meets Payment Card Industry Data Security Standards
Access Controls: Role-based access, multi-factor authentication for administrative access
Infrastructure Security: Hosted on Google Cloud Platform with SOC 2 and ISO 27001 certifications
Regular Testing: Vulnerability scanning and security assessments

Organisational Measures

Staff training on data protection and security
Data protection impact assessments for high-risk processing
Incident response procedures
Regular policy reviews

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

12. Children's Privacy

Viizard VLSS is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent.

If you are under 16, you may only use our Platform with the involvement and consent of a parent or guardian.

If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information promptly.

If you believe we have inadvertently collected data from a child, please contact us at [INSERT EMAIL].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will notify you by email or through a prominent notice on our Platform
We may ask for your consent again if required by law

We encourage you to review this policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

J&S Software Services Ltd
[INSERT ADDRESS]
Scotland, United Kingdom

Email: [INSERT EMAIL, e.g., privacy@viizard.com]
General Enquiries: Contact Form

We aim to respond to all enquiries within 5 working days.

Privacy Policy

Contents