FourthRev Privacy Policy
Last updated: 29/07/21
This policy tells you how we look after your personal data when you visit our website, you are an individual that has enrolled onto an online course (Learner) provided by FourthRev or one of our partners or when you are a key contact working for one of our existing or prospective partners.
It sets out what information we collect about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns.
We sometimes need to update this policy, to reflect any changes to the way our website, platform or service is provided or to comply with new legal requirements. We will notify you of any important changes before they take effect.
1. Who we are and other important information
We are the FourthRev Group (FourthRev, we, us or our) which is formed of the following companies:
FourthRev Ltd, a company registered in England and Wales under number 12333799 whose registered address is Harwood House, 43 Harwood Road, London, England, SW6 4QP.
FourthRev Pty Ltd, a company registered in Australia under number 632 361 061 whose registered address is 10 Oxley Road, Hawthorn, 3122, VIC.
We provide online courses to upskill individuals that wish to have, or progress, their career in the digital sector. We also provide our services to businesses that wish to offer development opportunities to their staff. We work with companies and academic institutions (Partners) to inform our course content so our Learners gain relevant skills and receive industry recognised accreditation. Our courses are taught by experts employed by our Partners, whether professionals working within industry or university lecturers. We also sometimes collaborate with Partners to provide a course together, to combine our expertise and offer our courses to a wider audience.
If you are a website visitor or a key contact engaged by an existing or prospective Partner, FourthRev is the controllerfor your information (which means we decide what information we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number ZA753319.
If you are a Learner whose course has been paid for by your employer, FourthRev and your employer act as independent controllers (which means we separately make decisions about your information and use it for different purposes).
For all other Learners, we act as a joint controller with the Partner that we collaborate with to provide the course (which means we decide together how your information is used, and consult with one another if we need to make a decision in relation to your information or a request you have made).
2. The information we collect about you
Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from below:
Personal Data
- Identity information – full name, role, learner reference number, name of your employer, date of birth you
Received from
- you
- our Partner
Personal Data
- Contact details – email address, telephone number, postal address
Received from
- you
- our Partner
Personal Data
- Profile – username, password, profile picture, your registered courses, content you post (including messages to other Learners or lecturers)
Received from
- you
Personal Data
- Live stream sessions – recordings of audio and video where you unmute and use your webcam during a live session, your name as it appears on your screen, any content you post during the live stream session
Received from
- you
Personal Data
- Application information – information you provided as part of the application process to register as a Learner
Received from
- you
Personal Data
- Location information – we make assumptions on your location based on either the IP address of the device by which you access the online course, or you have provided location information (e.g. company office at which you are stationed)
Received from
- you via cookies and similar technologies)
Personal Data
- Enquiry information – any additional information you provide when you submit an enquiry form on our website, contact FourthRev, report a concern.
Received from
- you
- your employer
Personal Data
- Feedback – information and responses you provide when completing surveys and questionnaires
Received from
- you
Personal Data
- Financial details – bank account number and sort code, name of account holder
Received from
- you
Personal Data
- Award – your final result, date certificate issued to you, expiry date of certificate (if applicable)
Received from
- awarding body
- our Partner
Personal Data
- Performance – course completion percentage, results, attendance
Received from
- you
Personal Data
- Sensitive Data – information about your racial or ethnic origin, your religious or philosophical beliefs, data about sex life or sexual orientation which you may provide as part of voluntary diversity questionnaires or might be otherwise inferred
Received from
- you
- our Partner
Personal Data
- Marketing – marketing preferences, preferred method of communication
Received from
- you
- our Partner
Personal Data
- How you use our services and platform – information about your activity on our platform and website, including audit logs, download errors, times and dates of log-in
Received from
- you (via cookies and similar technologies)
Personal Data
- Technical information– internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our website or platform.
Received from
- you (via cookies and similar technologies)
We may anonymise the personal data we collect (so it can no longer identify you as an individual) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. most viewed webpage on our website, percentage of users enrolled onto which course types). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
3. How we use your information
UK data protection law requires FourthRev to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
- to enter into and fulfil our contract with you
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
- comply with a legal obligation that we have; and
- do something that you have given your consent for.
The table below sets out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy policy and notify you.
Purposes
- Taking steps to enter into the contract with you or our business customer (and fulfil the terms of that contract)
Justification
- Performance of contract (where our customer is an individual)Legitimate interests (where our customer is an organisation, as necessary to conclude our contract with such organisation and obtain contact details for key contracts)
Purposes
- Processing payments and collecting and recovering monies owed to us
Justification
- Performance of contract (where our customer is an individual)Legitimate interests (where our customer is an organisation, as necessary to fulfil the terms of the contract between our businesses)
Purposes
- Handling requests for support
Justification
- Performance of contract (where our customer is an individual)Legitimate interests (where our customer is an organisation, as necessary to fulfil the terms of the contract between our businesses)
Purposes
- Administering and protecting our platform, services and systems
Justification
- Legitimate interests (necessary to provide our products and services, monitor and improve network security and prevent fraud)
Purposes
- Providing insight on how our platform and services are being used
Justification
- Legitimate interests (where our customer is an organisation, to provide an overview of how learners’ they have enrolled engage with the service)Legitimate interest (for all types of learners, so we identify areas for improvement and inform service development)
Purposes
- Investigating and responding to complaints (including allegations of bullying or unacceptable conduct)
Justification
- Legitimate interest (to safeguard other Learners, lecturers and staff members)
Purposes
- Facilitating request for reasonable adjustment
Justification
- Legal obligation (necessary to comply with our obligations of non-discrimination)
Purposes
- Assess your performance and decide whether you have passed the course (and provide you your results)
Justification
- Performance of contract (where our customer is an individual)Legitimate interests (where our customer is an organisation, as necessary to fulfil the terms of the contract between our businesses)
Purposes
- Sending you marketing communications by email
Justification
- Consent (where you are an individual)Legitimate interest (where your email address belongs to a corporate body)
Purposes
- Asking you to participate in surveys and other types of feedback
Justification
- Legitimate interest (necessary for us to improve our products and services)
Purposes
- Issuing, responding or defending legal claims
Justification
- Legitimate interest (in defending ourselves against legal claims and responding to breaches of contract)
Purposes
- Notifying you about changes to our privacy notice
Justification
- Legal obligation (necessary to comply with our obligations under data protection law).
4. Marketing
Where you are an individual, we always ask for consent before we send your marketing information. If you work for our Partner or are a key contact, we market on a business-to-business basis – so we make sure we only ever send marketing communications to work contact details. We always include a link in our emails so you can unsubscribe at any time.
FourthRev uses HubSpot to help us deliver and monitor the communications we send. Their digital tools let us see whether a recipient has clicked any of the links in our email, which help us understand what content that recipient appears to be interested in and allow us to personalise the content of future of our messages.
Pixels (which are a similar technology to cookies) within those emails enable us to see:
- if the email was opened
- where the device opening the email was located (based on the device’s IP address)
- the type of email service (e.g. Outlook) that was used
- if the email (or its content) were shared on social media
- if the email was flagged as spam
5. Who we share your information with
We share (or may share) your personal data with:
- Our staff: FourthRev employees (or other types of workers) who have contracts containing confidentiality and data protection obligations. As a group of companies, the different FourthRev entities share information internally. We have a legal mechanism in place to ensure the safe transfer of information between our entities and employees located in different parts of the world.
- Your employer: we have a service contract with all our business customers which sets out what information we share with them as part of our services. As we act as independent controllers, you should check the privacy information provided by our Partner to understand how they use your information.
- Our Partners: we have contracts and data processing agreements in place with all our partners to clearly define our relationship and responsibilities in relation to your information.
- Our supply chain: other organisations help us provide our services (such as hosting our IT infrastructure, providing analytics insight, technical support, marketing, customer support, security monitoring, payment services). We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations.
- Awarding bodies: where your certificate is awarded by an examination or accreditation body (that is not also a Partner), we have a contract in place with that awarding body which contains confidentiality and data protection obligations.
- Third parties linked to our website: where you click a link on our website which transfers you to a third-party website (such as LinkedIn, Twitter, Facebook, YouTube, a Partner website)
- Regulatory authorities: such as national tax authorities (e.g. HM Revenue & Customs in the UK)
- Our professional advisers such as our accountants or legal advisors where we require specialist advice to help us conduct our business, or IT specialists to conduct audits on the security of our Services.
- Any actual or potential buyer of our business
If FourthRev were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response. If we are the processor for that information, we will also check with the controller before any information is released (unless the law does not allow us to do so).
6. Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).
If you access our online courses because you have been registered by an organisation (e.g. your employer) or whilst abroad then your personal data may be stored on services located in the same country that the organisation or you are.
7. How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
- access controls and user authentication
- internal IT and network security
- regular testing and review of our security measures
- staff policies and training
- incident and breach reporting processes
- making regular back-up copies of information
- business continuity and disaster recovery processes
If there is a security incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on your account (or believe your account has been otherwise compromised) please let us know by emailing us at [email protected]
8. How long we keep your information
If you are a learner, we keep your information for 3 years after you last access your account.
If you submit an enquiry via our website, but do not register to become a learner or become our business customer, we delete your details after 6 months.
If you browse our website, we keep analytical information collected by cookies (and similar technologies) for up to two years.
For key contacts working for prospective or ex-Partners, we keep your information until you ask us to remove your details from our records or we are informed you no longer work for that business.
We may, in rare circumstances, keep your information for longer than the periods stated above. We only do this if we have a very good reason (for example, because we need to respond to a legal claim) and where possible we will notify you if this is the case.
9. Your legal rights
You have specific legal rights in relation to your personal data. If you want to make any of the legal requests below, you can contact us as [email protected]
It is usually free for you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens we will always inform you in writing.
We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive.
We do not respond directly to requests which relate to personal data where FourthRev act as the processor. In this situation, we forward your request to our business customer and await their instruction before we take any action.
Your legal rights
Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law
Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct)
Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
Portability: You can ask us to send you or another organisation an electronic copy of your personal data
Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. Please contact us at [email protected]
10. Our cookie policy
Our website and platform uses cookies and similar technologies (such as beacons and pixels).
What are cookies?
Cookies are small text files that are downloaded to your device. Cookies contain a uniquely generated references which are used to distinguish you from other users. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a better user experience (like remembering your login credentials so you don’t have to type them in every time) and a website owner with statistics about how you interact with their (and sometimes third party) webpages.
Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).
What do FourthRev use cookies for?
- to track how visitors use our website and Learners interact with our platform
- to keep you signed into our platform
- to show advertisements for FourthRev products and services to website visitors after they browse away from our main website
The cookies we use are:
Set by
.fourthrev.com
Technical info
_fbp
What it does
This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
Set by
.fourthrev.com
Technical info
_ga_90MH8W7Z0F
What it does
This cookie is installed by Google Analytics.
Set by
.fourthrev.com
Technical info
_ga
What it does
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
Set by
.fourthrev.com
Technical info
_tccl_visitor
What it does
This cookie is set by the web hosting provider GoDaddy. This is a persistent cookie used for monitoring the website usage performance.
Set by
.fourthrev.com
Technical info
_tccl_visit
What it does
This cookie is set by the web hosting provider GoDaddy. This is a persistent cookie used for monitoring the website usage performance.
Set by
.facebook.com
Technical info
fr
What it does
The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
Set by
Technical info
bscookie
What it does
This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
Set by
.ads.linkedin.com
Technical info
lang
What it does
This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
Set by
.linkedin.com
Technical info
bcookie
What it does
This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
Set by
.linkedin.com
Technical info
lidc
What it does
This cookie is set by LinkedIn and used for routing.
Set by
.linkedin.com
Technical info
lang
What it does
This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
Set by
.linkedin.com
Technical info
UserMatchHistory
What it does
Linkedin – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.
Set by
.linkedin.com
Technical info
AnalyticsSyncHistory
What it does
This cookie is set by LinkedIn and is used to store information about the time a sync with the lms_analytics cookie took place for users in the European Economic Area
Set by
.linkedin.com
Technical info
li_gc
What it does
This cookie is set by LinkedIn and is used to store consent of guests regarding the use of cookies for non-essential purposes
Accepting or declining cookies (and how to delete them)
We can only use cookies with your permission (you will be prompted by a message when you first visit our Website, also known as a cookie banner, where you can choose to accept or decline our cookies).
You can choose to decline cookies but if you turn off necessary cookies, some pages and functions of our website and services may not work properly.
You can also manage cookies through your browser settings or device settings (your user manual should contain additional information).
You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website).