- Data controller:
- Information We Obtain
We directly collect specific information from you, such as data you input yourself, details about your content consumption, and data from third-party platforms with which you connect to Xiphos. Additionally, we automatically gather certain data, such as information about your device and your interaction with or utilization of various parts of our Services.
All the data mentioned in this section is subject to the following processing activities: collection, recording, structuring, storage, modification, retrieval, encryption, pseudonymization, deletion, consolidation, and transmission.
2.1. Data You Provide to Us
The data we collect from or about you may vary based on how you employ the Services. Here are some examples that can help you comprehend the information we collect.
When you create an account and utilize the Services, either directly or through a third-party platform, we gather any data you provide, which includes:
- Processing Account Data – To access certain features and create a user account, we collect and store your email address, password, account settings, and, for affiliate accounts, your name, email address, password, and account settings. Additional information such as occupation, ID information, and phone number may be required when using specific site features. Upon creating an account, a unique identifying number is assigned to you. Legal basis: Performance of contract, Legitimate interests (service provisioning, identity verification, fraud prevention and security, communication.
- Profile Data – You have the option to provide profile information such as a photo, headline, biography, language, website link, social media profiles, country, or other data. Your Profile Data is visible to the administrators of your company team and our administrators and instructors. Legal basis: Performance of contract and Legitimate interests (enhanced platform functionality, conveying content source information).
- Shared Content – Interacting with other users or sharing content publicly on the Services, such as posting reviews, asking, or answering questions, messaging instructors, or uploading photos or other work, may make the shared content viewable by others depending on the posting location. Legal basis: Performance of contract and Legitimate interests (service provisioning, enhanced platform functionality).
- Learning Data – When accessing content, we collect specific data including courses, assignments, labs, workspaces, quizzes started and completed; content and subscription purchases and credits; subscriptions; completion certificates; interactions with instructors, teaching assistants, and other students; and items submitted for course and related content requirements. Legal basis: Performance of contract and Legitimate interests (service provisioning, enhanced platform functionality)
- Student Payment Data – For purchases, we collect data necessary to process orders, such as name, billing address, and company info. Payment and billing data are directly provided to our payment service providers (Stripe), including name, credit card information, billing address, and ZIP code. Limited information, such as new card notifications and last four digits of the card, may be received from payment service providers to facilitate payments. Sensitive cardholder data is not collected or stored by Xiphos. In compliance with applicable laws, trusted third parties collect tax information, including residency information, tax identification numbers, biographical information, and other personal information required for taxation purposes. Legal basis: Performance of contract and Legal obligation and Legitimate interests (payment facilitation, fraud prevention and security, compliance)
- Data About Your Accounts on Other Services – Information from your connected social media or online accounts may be obtained if linked to your Xiphos account. When logging in through third-party platforms or services, we may request permission to access specific information from those accounts, such as name, account ID number, and login email address. The availability and extent of information depend on your privacy settings and the discretion of the platform or service. When using our Services through a third-party platform, the privacy policies, and agreements of that third party apply to the collection, use, and sharing of your data. Legal basis: Legitimate interests (identity verification, user experience improvement).
The aforementioned data is stored by us and linked to your account.
2.2. Data Collected through Automated Means
When you utilize the Services (including browsing content), we automatically collect certain data, which includes:
- System Data – Technical information about your computer or device, such as your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain, and other system-related data, and platform types. Legal basis: Performance of contract, Legitimate interests (service provisioning, customer and technical support, fraud prevention and security, communication, product improvement)
- Usage Data – Statistics regarding your usage of the Services, including accessed content, time spent on pages or the Service, pages visited, features utilized, search queries, click data, date and time, referrer, and other data related to your use of the Services. Legal basis: Legitimate interests (service provisioning, user experience improvement, product improvement)
- Approximate Geographic Data – An approximate geographic location, which may include country, city, and geographic coordinates. This information is derived from your IP address. Legal basis: Legitimate interests (user experience improvement, fraud prevention and security, compliance)
The aforementioned data is collected through the utilization of server log files and tracking technologies, as outlined in the “Cookies and Data Collection Tools” section. It is stored by us and linked to your account.
2.3. How We Obtain Data About You
We utilize tools such as cookies and similar tracking technologies to collect the aforementioned data. Some of these tools provide options for opting out of data collection.
- Cookies and Data Collection Tools
We employ cookies, which are small text files stored by your browser, to collect, store, and share data regarding your activities across websites, including on Xiphos. They enable us to remember information about your visits to Xiphos, and enhance the usability of the site. To learn more about cookies, you can visit https://cookiepedia.co.uk/all-about-cookies. Additionally, we may use clear pixels in emails to track deliverability and open rates.
Xiphos, along with service providers acting on our behalf (such as Google Analytics and third-party advertisers), utilize server log files and automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints, and web beacons (collectively referred to as “Data Collection Tools”) when you access and use the Services. These Data Collection Tools automatically track and gather certain System Data and Usage Data during your use of the Services.
3.1. Purpose of Data Collection Tools
Xiphos utilizes the following types of Data Collection Tools for the purposes described:
- Strictly Necessary: These Data Collection Tools enable you to access the site, provide essential functionality (such as logging in or accessing content), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorized use of your account. Disabling these tools may result in certain parts of the site breaking or becoming unavailable.
- Functional: These Data Collection Tools remember information about your browser and preferences, provide additional site functionality, affiliate information, customize content to be more relevant to you, and retain settings that affect the appearance and behavior of the Services (such as preferred language or video playback volume).
- Performance: These Data Collection Tools assist in measuring and improving the Services by providing usage and performance data, visit counts and traffic sources. These tools help us test different versions of Xiphos to determine user preferences for features or content, and identify which email messages are being opened.
- Advertising: These Data Collection Tools are employed to deliver targeted advertisements (on the site and/or other sites) based on information we know about you, such as your Usage and System Data, as well as information gathered by ad service providers through their tracking data. The ads may be tailored to your recent activity, activity over time, and across other sites and services. To enable personalized advertising, we may provide these service providers with a hashed and anonymized version of your email address (in a non-human-readable form) and publicly shared content on the Services.
- Social Media: These Data Collection Tools enable social media functionality, such as content sharing with friends and networks. These cookies may track a user or device across other sites and create a profile of user interests for targeted advertising purposes.
You can configure your web browser to notify you about attempts to place cookies on your computer, restrict the types of cookies you allow, or reject cookies altogether. However, doing so may limit your access to certain features or render some or all of the Services less functional. For further guidance on managing Data Collection Tools, please refer to Your Choices About the Use of Your Data section below.
- How We Use Your Data
We utilize your data to provide our Services, communicate with you, address issues, ensure security and integrity, improve, and update our Services, analyze usage patterns, deliver personalized advertising, and fulfill legal requirements or safety measures. We retain your data for as long as necessary to fulfill the purposes for which it was collected.
We employ the data we collect through your use of the Services to:
- Provide and administer the Services, including facilitating participation in educational content, issuing completion certificates, displaying customized content, and enabling communication with other users (Account Data, Shared Content, Learning Data, System Data, Usage Data, Approximate Geographic Data).
- Process payments to affiliates (Affiliate Payment Data).
- Process your requests and orders for educational content, products, specific services, information, or features (Account Data, Learning Data, Student/Company Payment Data, System Data, Communications and Support).
- Communicate with you regarding your account by responding to your inquiries and concerns, sending administrative messages and information (including messages from instructors and teaching assistants), notifications about changes to our Service, and updates to our agreements. Additionally, we may provide information via email or text messages about your progress in courses and related content, rewards programs, new services, new features, promotions, newsletters, and other instructor-created content (Account Data, Shared Content, Learning Data, Sweepstakes, Promotions, and Surveys, System Data, Communications and Support).
- Manage your account, account preferences, and personalize your experience (Account Data, Learning Data, Student Payment Data, Instructor Payment Data, System Data, Usage Data, Cookie Data).
- Facilitate the technical functioning of the Services, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse (Account Data, Student Payment Data, Affiliate Payment Data, Communications and Support, System Data, Approximate Geographic Location).
- Verify the identity of affiliates (Account Data, Affiliate Payment Data).
- Gather feedback from users (Account Data, Communications and Support).
- Market products, services, surveys, and promotions (Account Data, Learning Data, Promotions, and Surveys, Usage Data, Cookie Data).
- Market subscription plans to prospective customers (Account Data, Learning Data, Cookie Data).
- Identify unique users across devices (Account Data, System Data, Cookie Data).
- Customize advertisements across devices (Cookie Data).
- Improve our Services and develop new products, services, and features (all data categories).
- Analyze trends and traffic, track purchases and usage data, and gather insights (Account Data, Learning Data, Student Payment Data, Communications and Support, System Data, Usage Data, Approximate Geographic Data, Cookie Data).
- Comply with legal obligations or requirements (all data categories).
- Ensure the safety and integrity of our users, employees, third parties, the public, or our Services, as determined at our discretion (all data categories).
We utilize your data for these purposes in accordance with applicable privacy laws and regulations.
4.1. Who We Share Your Data With
- Affiliates: We share data with our affiliates, which are entities through whom you came to our service.
- Service Providers, Contractors, and Agents: We share your data with third-party companies that perform services on our behalf, such as payment processing, fraud prevention, email and hosting services. These service providers are required to use your personal data solely as directed by us to provide the requested services.
- Instructors and Teaching Assistants: We share data with instructors and teaching assistants to improve educational content and personalize the learning experience. This data may include information such as your country, browser language, operating system, device settings, referring site, e-mail address, enrolled courses, and course reviews. Additionally, depending on your settings, your shared content may be publicly viewable, including by instructors and other users in shared groups.
- Promotions and Surveys: We may share your data as necessary to administer, market, or sponsor promotions and surveys in which you choose to participate, as required by applicable law or in accordance with the rules of the promotion or survey.
- Security and Legal Compliance: We may disclose your data to third parties if we have a good faith belief that such disclosure is required:
- as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- to detect, prevent, or address fraud, abuse, misuse, potential violations of law or security or technical issues;
- to protect the rights, property, or safety of Xiphos, our users, employees, the public, or our Services;
- as otherwise required or permitted by law.
- Change in Control: In the event of a merger, acquisition, corporate divestiture, or dissolution of Xiphos (including bankruptcy) or a sale of all or a portion of our assets, we may share, disclose, or transfer all of your data to the successor organization during the transition or in anticipation of it.
- Aggregated or De-identified Data: We may disclose or use aggregated or de-identified data for any purpose.
We employ appropriate security measures based on the type and sensitivity of the data we store. While we take reasonable steps to protect your personal data, no system is completely secure. Therefore, we cannot guarantee the absolute security of your data or the communications between you and Xiphos. It is important for you to safeguard your password and notify us immediately if you suspect any unauthorized access to your account. We have implemented optional two-factor authentication to enhance the security of our educational system, so we encourage you to use it.
- Your Rights
You have certain rights regarding the use of your data, including the ability to opt out of promotional emails, cookies, and the collection of your data by certain third parties.
5.1. Your Choices Regarding Data Use
You have the option to withhold certain data from us, although it may restrict your access to certain features of the Services.
- To stop receiving promotional communications, you can unsubscribe using the provided mechanism in the promotional emails or modify your email preferences in your account settings. Please note that we will continue to send you transactional and essential messages related to the Services.
- You can adjust your cookie settings at any time by selecting the appropriate option in your browser or use the button in the bottom of our webpage. To manage cookies and learn more about them, visit cookiepedia.co.uk/how-to-manage-cookies.
- Your browser or device may offer controls to manage cookies and local data storage. Refer to the instructions provided by your specific browser or device.
- If you wish to opt out of analytics services provided by Google Analytics, please refer to the respective opt-out mechanisms: Google Analytics Opt-out Browser Add-on.
- For tailored advertising within mobile apps, refer to the instructions provided by Apple iOS, Android OS, and Microsoft Windows. Other devices and operating systems may have similar privacy settings.
If you have any questions about your data, its usage, or your rights, you can contact us at email@example.com.
5.2. Accessing, Updating, and Deleting Your Personal Data
You can access and update your personal data collected by Xiphos in the following ways:
- Log into your account to directly update the data you have provided.
- Students: Visit your profile settings page and modify your data.
- Affiliates: Visit your profile settings page and modify your data.
- To terminate your account:
- Contact our support team at https://support.xiphos.co. Please note that even after your account is terminated, certain data may still be visible to others, such as copied or shared content, or data posted on third-party platforms. We retain your data for as long as necessary to fulfill legal obligations, resolve disputes, and enforce agreements.
- To request access, correction, or deletion of your personal data, please use our online form on https://support.xiphos.co or send a written request to Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia. Please allow up to 30 days for a response. We may require verification of your identity and retain certain data as required by law.
5.3. Our Policy Concerning Children
We are committed to protecting the privacy of children and encourage parents and guardians to be involved in their children’s online activities. We do not knowingly collect information from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child under this age, we will take steps to delete it. Parents who believe that their child’s information has been collected by Xiphos can contact us at firstname.lastname@example.org for assistance in removing the information.
5.4. Jurisdiction-Specific Rules
Users in California
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). These rights include:
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, as well as access a copy of your personal information.
- Right to Correction: You can request the correction of inaccurate personal information.
- Right to Deletion: You can request the deletion of personal information we have collected about you.
- Right to Non-Discrimination: Exercising your rights under CCPA will not result in any discriminatory treatment.
Users in Nevada
Xiphos does not sell personal information of its users. However, Nevada residents have the right to request that we do not sell their covered personal information. To submit such a request, please email email@example.com or write to us at Xiphos d.o.o., Fabijaniceva 60, 10040 Zagreb, Croatia.
Users in Australia
If you are an Australian resident and have a complaint, you may contact the Office of the Australian Information Commissioner (OAIC) by visiting www.oaic.gov.au, emailing firstname.lastname@example.org, calling 1300 363 992, or writing to OAIC at GPO Box 5218, Sydney NSW 2001. For privacy-related complaints about Xiphos, please email email@example.com, and we will respond within 30 days.
Users in the European Economic Area (EEA) and United Kingdom (UK)
If you are located in the EEA or UK, you have certain rights regarding your personal data, including the right to access, rectify, erase, restrict processing, and object to processing. If you have concerns, you can also lodge a complaint with the supervisory authority in your country.
- Updates & Contact Info