Privacy policy.
PRIVACY POLICY
We take privacy very seriously and are committed to protecting the data you provide to us. This policy explains the personal information we collect about you, how this information is used, the circumstances under which it may be disclosed to others and how it is kept secure.
On Point Learning, LLC is a limited liability company registered in New York. On Point Learning, LLC is the data controller and On Point Learning decides why and how your personal information is processed.
We may automatically collect information about you which we may observe, detect or create without directly asking you to provide the information to us. In common with most other businesses, we do this through our website. The information we collect is outlined here:
Analytics
This website collects personal data to power our site analytics, including:
Information about your browser, network, and device
Web pages you visited prior to coming to this website
Your IP address.
This information may also include details about your use of this website, including:
Clicks
Internal links
Pages visited
Scrolling
Searches
Timestamps
We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.
Use of cookies and similar technologies
This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.
These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.
These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.
Form submissions
When you submit information to this website via webform, we collect the data requested in the webform to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider, so that they can provide website services to us. We also share this information with OnPoint email addresses for storage.
Website visitors
This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:
Information about your browser, network and device
Web pages you visited prior to coming to this website
Web pages you view while on this website
Your IP address.
Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.
Fonts
This website serves font files from and renders fonts using Google Fonts and Adobe Fonts. To properly display this site to you, these third parties may receive personal information about you, including:
Information about your browser, network, or device
Information about this site and the page you’re viewing on it
Your IP address.
Security measures we put in place to protect your personal information
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorized access.
Links to other websites
Our website may contain links to other websites run by other organizations. This policy does not apply to those other websites and Apps, so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using links that we provide, and their security cannot be guaranteed.
In addition, if you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
Where you provide consent for us to collect your personal data
We may use and process your personal information where you have consented for us to do so via our opt-in consent process for the following purposes:
To send direct marketing information to you which includes information about our products and services, news, events and seminar invitations.
To send you editorial newsletters and information created by On Point Learning, LLC.
We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.
You may withdraw your consent for us to use your information in any of these ways at any time by contacting us using the contact details shown below.
Marketing information
You will only receive direct marketing information from On Point Learning, LLC if you indicate to us a preference (“opt-in”) to do so. You will be invited to complete a client consent/opt-in process by email or check box when any of the following happen:
You become a client of On Point Learning, LLC
You attend an event or seminar hosted, or co-hosted, by or with On Point Learning, LLC
You provide a business card directly to an employee of On Point Learning, LLC at (for example) a trade or networking/business event, or
You register your contact details to obtain information or free downloads from the On Point Learning, LLC website.
We will never share your data with third-party partners for their own marketing purposes.
We do not rely on your consent indefinitely. You will receive an email from us periodically, where you will be asked to re-confirm your consent and preferences to ensure the data, and your contact details, are current and accurate.
You have the right to opt out of our use of your personal information to provide marketing in any of the ways mentioned above, and/or manage your preferences by contacting us using the contact details provided below at any time.
How we use your information
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes.
to carry out our conflict checks to ensure that we can provide services to you
for prevention of fraud and other criminal activities
to verify the accuracy of data that we hold about you and create a better understanding of you as a client
analysis to inform our business and marketing strategy
to manage and deliver internal projects for business improvement
monitoring and management of performance standards within the business
to assess and improve our service to clients through recordings of any calls and live chat/videocall sessions
network and information security for us to take steps to protect your personal information against loss or damage, theft or unauthorized access
to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists to be able to comply with your request)
in the management of queries, complaints, or claims
Our work for you may require us to provide information to third parties who will use your information for the purposes of providing services to us or directly to you on our behalf.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
How long we hold your information
If we collect your personal information, the length of time we retain it is determined by factors including the purpose for which we use that information and our obligations under other laws.
We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for up to 7 years after the date it is no longer needed by us (retention times vary for different types of data) for any other purposes listed under ‘How we use your personal information’.
The only exceptions to this are where:
the law requires us to hold your personal information for a longer period, or delete it sooner
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see ‘Right to Erasure’ below.)
International Data Transfer and Storage Disclosure
Data Storage and Transfers:
As a U.S.-based company, On Point Learning, LLC stores and processes personal data in the United States. While our primary data centers are in the U.S., we ensure that the privacy and security of your data is a top priority.
Compliance with GDPR:
We are committed to complying with the General Data Protection Regulation (GDPR) and have implemented measures to ensure that your data is handled responsibly and in accordance with this regulation.
Protective Measures for Data Transfers:
To safeguard your personal data and ensure compliance with GDPR requirements for international data transfers, we have implemented the following measures:
Standard Contractual Clauses (SCCs): We utilize Standard Contractual Clauses approved by the European Commission, which impose rigorous data protection standards for transferring personal data outside the EU.
Data Security: We employ robust security measures to protect your data from unauthorized access, disclosure, alteration, and destruction. These include encryption, access controls, secure data storage, and regular security audits.
Transparency: We maintain transparency about our data practices and will notify you of any changes to how we process or store your data.
Your rights under GDPR
Under the General Data Protection Regulation (GDPR), users (referred to as "data subjects") have several important rights regarding your data. These rights are designed to give you more control and transparency over your information. Here are your key rights.
Right to Be Informed: Individuals have the right to be informed about the collection and use of their personal data. This is outlined in our privacy policy above.
Right of Access: Individuals have the right to access their personal data. You can request a copy of the personal data held about you at any time by contacting us using the contact details provided below.
Right to Rectification: If personal data is inaccurate or incomplete, individuals have the right to have it corrected. You can request that we correct any inaccuracies or incomplete data by contacting us at any time by using the contact information provided below.
Right to Erasure (Right to be Forgotten): Under certain conditions, individuals can request the deletion or removal of personal data where there is no compelling reason for its continued processing. You can request that we delete part or all the data we hold about you at any time using the contact information provided below.
Right to Restrict Processing: Individuals have the right to request the restriction or suppression of their personal data, meaning that the data can be stored but not used. When you complete online forms, you are required to give us explicit consent to send updates, but you can change this consent at any time by contacting us using the contact information provided below.
Right to Data Portability: This right allows individuals to obtain and reuse their personal data for their own purposes across different services. This means they can transfer their data from one IT environment to another safely and securely.
Right to Object: Individuals have the right to object to the processing of their personal data in certain circumstances, such as for direct marketing purposes. If you do not wish to receive marketing information, you can contact us to request that your data is not used for marketing purposes at any time using the contact details provided below.
Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects concerning you or significantly affects you. If you believe a decision has been wrongly made against you, you can contest it by emailing support@learnwithonpoint.com
Right to Withdraw Consent: If the processing of personal data is based on consent, the individual has the right to withdraw that consent at any time. You have the right to withdraw any explicit consent you have given to us at any time by contacting us using the contact details provided below.
Right to Complain to a Supervisory Authority: You have the right to complain to a data protection authority if you believe that your data is not being processed in accordance with GDPR.
Data Protection Officer (DPO) Contact information
For privacy-related inquiries contact our DPO, Amy Drury amy@learnwithonpoint.com.
If you prefer to telephone, please call (+1).347.556.5992
If you would like to write to us the address is 54 State Street, Ste 804 #1016, Albany, New York 12207 USA.
On Point Learning, LLC Data Protection Breach Notification Policy
1. Purpose:
This policy outlines the procedure to be followed by On Point Learning, LLC in the event of a data breach, particularly breaches involving personal data of individuals within the European Union, to comply with the General Data Protection Regulation (GDPR).
2. Scope:
This policy applies to all employees, contractors, and third-party service providers of On Point Learning, LLC who have access to personal data processed by our organization.
3. Identification of a Data Breach:
A data breach is defined as a security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
4. Reporting a Breach:
All staff members must report any suspected or actual data breach immediately to the designated Data Protection Officer (DPO) or the data breach response team.
The report should include details of the breach, including the type of data involved, the potential impact on the data subjects, and any corrective action taken.
5. Assessment and Investigation:
Upon receiving a breach notification, the DPO or response team will assess the scope and impact of the breach.
An investigation will be initiated to understand the cause, extent, and severity of the breach.
6. Notification Procedures:
If the breach is likely to result in a high risk to the rights and freedoms of individuals, On Point Learning, LLC will notify the affected data subjects without undue delay.
Notifications to data subjects will include the nature of the data breach, the categories and approximate number of data subjects and personal data records concerned, the likely consequences, and the measures taken or proposed to address the breach.
The relevant supervisory authority will be notified within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
7. Documentation:
All data breaches, regardless of their size and impact, will be recorded in a Data Breach Register.
The register will document the facts relating to the breach, its effects, and the remedial action taken.
8. Review and Evaluation:
After managing a data breach, a review will be conducted to evaluate the effectiveness of the response and to identify lessons learned.
This review will inform improvements in data security and breach response procedures.
9. Training and Awareness:
Regular training will be provided to all staff members on data protection and breach response procedures.
This policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR.
10. Contact Information:
Data Protection Officer: Amy Drury, amy@learnwithonpoint.com
Data Breach Response Team: support@learnwithonpoint.com
This policy is effective as of 12/15/23 and will be reviewed annually or as required.