Privacy Notice

Skillsoft Corporation and its subsidiaries (“Skillsoft”) take the privacy of personal data seriously. This Privacy Notice (“Policy”) explains how we collect, use, and disclose data, and your choices and rights with respect to your data. The Policy applies to data we collect about you in the course of our business, including through our various websites that link to this Policy and our platform (collectively, the “Services”). This policy centers around 7 pillars of data privacy – click on any of them to learn more.

1. Transparency

We are committed to providing you with information about what data is being collected about you, how it will be used, and to whom we disclose it.
A. The data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified, either directly or indirectly. The data we collect about you depends on the Services you use, how you use them, and the information you provide to us. We collect data (1) when you or your employer provide it directly to us, (2) automatically through technology when you use the Services, and (3) from other sources.

  1. Data you or your employer provide directly to us

    You or your employer may provide data to us when you use the Services, such as when you register for an account, participate in one of our programs, or communicate with us. This data may include:

    • Identity Data includes first name, last name, username or similar identifier, title, and your employer.
    • Contact Data includes business address, corporate or personal email address and telephone numbers.
    • Marketing and Profile Data includes your interests and preferences in receiving marketing from us and select third parties, your communication preferences and survey responses.
    • Customer Service and Inquiry Data, such as information you provide us when you contact customer support or ask us a question about our Services.
    • User-Generated Content, such as information you provide to our instructors and coaches in connection with your participation in our business Services.
  2. Data collected automatically when you use the Services

    When you use our Services, we may automatically collect certain data using a variety of tools, including server logs, cookies, and other technologies. This data may include:

    • Device and Network Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
    • Usage Data includes information about how you use the Services, such as which Services you use, content accessed within the Services, date and time of use, amount of time spent on the Services, navigation within the Services, and entering and exiting URLs.
  3. Data from other sources

    We may also collect data about you from other sources, such as information you post publicly on social media platforms.

    De-Identified Data. We may also aggregate or de-identify personal data such that it does not directly or indirectly reveal your identity (“De-Identified Data”). For example, we may aggregate information about use of our websites to calculate the percentage of users accessing specific website features. We may use and disclose such De-Identified Data for any purposes. However, if we combine or connect De-Identified Data with your personal data so that it can directly or indirectly identify you, we treat the combined data in accordance with this Privacy Notice.

    We do not collect any Special Categories of Personal Data about you – also considered sensitive data. Special Categories of Personal Data include, but are not limited to, details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, or political opinions. Nor do we collect any information about criminal convictions and offences.

B. What we do with your data

How we use your data depends on your relationship with us and the Services that you use:

  1. Data collected from Learners under an enterprise (employer) account

    We process data collected from individuals in their capacity as learners associated with enterprise accounts in accordance with the relevant customer’s instructions and in fulfillment of the contractual relationship with such customer. This data may include the learner’s identity data, contact data, device and network data, and usage data. Consistent with our contractual commitments, we use this data to provide the Services to learners, support, and troubleshooting, to analyze and improve the Services, to secure our Services, and for legal and compliance purposes, or as otherwise requested by the customer.

  2. Data collected from learners with a direct relationship with Skillsoft

    We process data collected from individuals in their capacity as learners who have a direct relationship with us pursuant to our contractual relationship. This data may include the learner’s identity data, contact data, device and network data, usage data, and customer service and inquiry data. We may use this data to provide the Services, support and troubleshoot the Services, to analyze and improve the Services, to market our other Services to you, to communicate with you about the Services (such as updates or notices about changes to our terms or policies), to secure the Services, and for legal and compliance purposes, or for other purposes for which we seek your consent.

  3. Data collected from website visitors and others

    We process data collected from individuals outside of their capacity as learners (such as visitors to our website) for a variety of purposes. This data may include any of the data listed in Section 1.A above. We may use this data to provide the Services, support and troubleshoot the Services, to analyze and improve the Services, to provide you with information about our other Services, to communicate with you about the Services (such as updates or notices about changes to our terms or policies), to market and advertise our Services, to personalize the Services, to secure the Services, and for legal and compliance purposes, or for other purposes for which we seek your consent.

C. Disclosure of your data

We disclose your data in the following ways:

  • Within the Skillsoft family of companies: We disclose your data within the Skillsoft family of companies under common ownership and/or control to provide and enhance the Services and to operate our business.
  • With your employer. If you are a learner using a Skillsoft Business Services account provided by your employer, information about your activity on Skillsoft is accessible to, and may be disclosed to, your employer. Please note that this does not apply to information we collect from individuals who have established an independent relationship with us.
  • With our service providers. Skillsoft may share your personal data with vendors and other partners that provide services on our behalf. We require all service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • Online advertising partners. We work with third-party online advertising partners that, where permitted by law and consistent with any consent or opt out elections you have made, collect information both on our Services and on third-party platforms to help tailor and serve you advertisements online. These partners may use cookies, pixel tags and similar technologies on many online services, including ours, to collect information to serve you more relevant ads. You can learn more about how we and our partners use cookies and similar technologies, and about your rights and choices with respect to cookies, by reviewing our [Cookie Policy] and following the instructions in the "Individual Rights and Choices" section below.
  • Business transfers. We may also share your data with third parties to whom we may choose to sell, transfer, or merge all or parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
  • Legal, compliance, security, and safety. We may also disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Please note that Skillsoft is a global company and serves customers and individuals around the world. As such, when we disclose data as described above, we may transfer data to other jurisdictions that may have data protection laws that differ from those in your home country. When we transfer, store, or process your data, we take reasonable steps to protect your personal data in accordance with this Privacy Notice and applicable laws.

  • SCCs: For instance, we may implement Standard Contractual Clauses (SCCs) to govern the transfer of your data, or other means recognized by applicable laws in compliance with the GDPR and other applicable laws and regulations.
  • Data Privacy Framework (DPF): Also, Skillsoft complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce (See, Section 1.D. below).
D. DPF

Skillsoft adheres to the Data Privacy Framework Principles (DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF; and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF; and from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  • Contact information: In compliance with the DPF, Skillsoft commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact Skillsoft at: dpo@skillsoft.com.
  • Data protection authorities: In compliance with the DPF, Skillsoft commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF.
  • Arbitration: Please note that as part of the DPF individuals may invoke binding arbitration by delivering proper notice to Skillsoft and following the procedures and subject to the conditions of the DPF. You can find more information on this from the International Centre for Dispute Resolution.
  • Onward transfers: When Skillsoft uses third-party vendors in the provision of its services, it remains liable under the DPF to its customers for onward transfers of personal data to such vendors.
  • Covered entities: Skillsoft’s DPF certification covers the following US based entities: Skillsoft (US) LLC, Codecademy LLC, and Global Knowledge Training LLC. All of these entities adhere to the DPF Principles.
  • US jurisdiction: Skillsoft is subject to the investigatory and enforcement power of the US Federal Trade Commission (FTC).
E. Using artificial intelligence (AI)

Skillsoft leverages AI technologies to improve our products and services, providing a better experience for our learners. The use of AI, and similar emerging technologies must be done in accordance with our code of conduct and AI-related policies and procedures – in compliance with applicable law and regulations. Our policies and procedures ensure that any use of AI is done in an ethical and responsible manner. Generally, and with the exception of a very limited set of circumstances, personal data is not used or processed using AI.

2. Purpose specification

Skillsoft collects and uses personal data for specific purposes and does not use the data in ways that are incompatible with those purposes.

We will only use your personal data for the purposes stated in this Privacy Notice, for other purposes we have specifically disclosed to you, or for which we seek your consent.

Our Services are not intended for children, and we do not knowingly collect data relating to children. If you become aware that a child has provide us with information, please contact us immediately at privacy@skillsoft.com so we can delete such information from our system.

The laws in some jurisdictions require us to tell you about the legal bases we rely on to use or disclose your “personal data” as such term is defined under applicable law. To the extent that those laws apply, our legal grounds are as follows:

  • To honor our contractual commitments: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ requests in anticipation of entering a contract with them. For example, we handle personal data on this basis to provide learners with the Services.
  • Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as to provide customer support and troubleshooting and to protect and secure our Services.
  • Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent, such as when we seek your consent to engage in direct marketing where legally required.
  • Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.
  • Vital interest: To protect the vital interests of the individual or others.

3. Data minimization

We collect and retain the personal data we deem necessary for the purposes for which it was collected and for the length of time required for our legitimate business and legal purposes.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data – see, “Individual rights” (below) for further information.

4. Accuracy

We take reasonable steps to ensure that personal data is accurate and up to date.

Where Skillsoft acts as a controller of data, Skillsoft takes reasonable steps to ensure that personal data is accurate and up to date. We have implemented technical and organizational measures to ensure the information we collect remains accurate

Users have the right to update or correct their personal data, and Skillsoft provides mechanisms to enable users to do so – see, “Individual rights” (below) for further information. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

5. Security

Skillsoft takes appropriate measures to protect personal data from unauthorized access, use, disclosure, alteration, and destruction.

Skillsoft takes a variety of measures to protect personal data from unauthorized access, use, disclosure, alteration, and destruction, including encryption, access controls, and monitoring. Skillsoft conducts regular security assessments and maintains an incident response and notification plan in the event of a data breach. However, please note that no transmission of data across the internet can be guaranteed to be secure.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Our website, products, and services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy and security practices or statements. When you leave our environment, we encourage you to read the privacy policy of every website you visit.

6. Individual rights and choices

This section explains your rights and choices with respect to your data where Skillsoft acts as a data controller; e.g., for learners with whom we have a direct relationship and website visitors. If you are a learner using a Skillsoft Business Services account, please contact your employer to exercise your rights under applicable law. We cooperate with our enterprise account customers to respond to individual requests in accordance with our contractual obligations.

A. Exercising your rights and choices

Skillsoft provides mechanisms to enable users to exercise their rights under applicable law with respect to their data and to make requests concerning their personal data. If you wish to make any of the requests set out below, please fill-out our form [hyperlink] and select the type of request you are making.

  • Access: Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
  • Correction: Request correction of the personal data that we hold about you. This enables you to request correction of any incomplete or inaccurate data, though we may need to verify the accuracy of the new data you provide to us.
  • Deletion: Request erasure of your personal data. This enables you to ask us to delete or remove personal data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Objection: Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You may also object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Restriction: Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Transfer: Request transfer of your personal data to you or to a third party. To the extent required by law, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Please note that these rights are not absolute and are subject to certain exceptions. If we cannot act on your request, we will explain the reason(s) why. For example, a request might impact the rights of another person or another company. Depending on applicable law, you may have the right to appeal our decision to deny your request; if you would like to exercise this right, please email us at privacy@skillsoft.com.

B. No Fee Usually Required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

C. What We May Need from You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights), which may include verification of your contact information and about the Services you use. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

D. Time Limit to Respond

We try to respond to all verified requests within one month of our receiving them. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.

E. Data Protection Officer

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, contact our DPO at dpo@skillsoft.com. You may also contact us by telephone at (866) 754-5435, or by mail to Skillsoft Corporation, Attn: DPO, 300 Innovative Way, Suite 201, Nashua, New Hampshire 03062, U.S.A. with any general questions about our websites.

F. Complaints

If you have any concerns or complaints about our data processing activities, we urge you to first try to resolve your issue directly with us by contacting our Data Protection Officer via dpo@skillsoft.com or the contact information provided above. However, you also may have the right to make a complaint to the data protection supervisory authority in the country where you are based.

G. Marketing Opt Out

You can ask us or third parties to stop sending you marketing messages at any time by checking or unchecking relevant boxes to adjust your marketing preferences or by following the “Unsubscribe” links on any marketing message sent to you.

Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us because of a product/service purchase, warranty registration, product/service experience or other transactions.

H. Sale/Targeted Advertising Opt Out Rights

Under the laws in certain US states, you also have the right to opt out of our processing or disclosure of your information for online targeted advertising purposes. Note that certain US states also allow you to opt out of the "sale" of your information to third parties in exchange for valuable consideration (monetary or otherwise). While we do not sell your personal data in exchange for money, we may use online advertising and related analytics tools that result in the disclosure of your information to our third-party partners and that are subject to this opt out right. You can opt out of these activities by clicking "Your Privacy Choices."

7. Accountability

Skillsoft is responsible for implementing processes to comply with the data privacy principles discussed in this Privacy Notice.
A. Skillsoft’s role and responsibilities

Skillsoft is responsible for complying with data protection laws and regulations and has designated a DPO to oversee compliance. Skillsoft has implemented policies and procedures to ensure compliance with data protection laws and regulations, including regular audits and employee training. Skillsoft also conducts due diligence on its vendors and partners to ensure that they comply with applicable data protection laws and regulations.

Your use of Skillsoft Business Services is administered by your employer pursuant to a business-to-business (“B2B”) contract between Skillsoft and your employer. Skillsoft is the processor of, and responsible for, processing personal data in connection with the performance of its contractual duties and the provisions of the Skillsoft Business Services to its corporate clients (“B2B” relationship). The agreement between Skillsoft and its business customer, your employer, takes precedence when in conflict with this Privacy Notice. It follows that your employer may have access to your personal data processed by a Skillsoft Business Service and that your employer may have its own privacy policy applicable to your use of one or more Skillsoft Business Services. Your employer – as the controller of your personal data – administers your use of the applicable Skillsoft Business Services. Accordingly, please contact your employer with any privacy questions related to your use of Skillsoft Business Services or about your employer’s privacy policy governing the same.

Skillsoft is the controller of, and responsible for, the contact information we collect in connection with the provisions of direct-to-consumer services (“B2C”), and also our marketing initiatives and employment opportunities that often originate with our website located at Skillsoft.com.

The table below summarizes Skillsoft’s role according to the relationships it has with the data subject.

Data Subject(s)

Controller

Processor

What governs the handling and use of the Personal Data of the Data Subject(s) as between
Controller and Processor?

Licensed end-user

Corporate (B2B) Customer

Skillsoft Corporation

Master Services/License Agreement together with a Data Protection Addendum, as applicable.

Marketing contacts (e.g., whitepaper registrants, webinar attendees) and job applicants

Skillsoft Corporation

Our various service providers (e.g., Marketo)

Skillsoft’s Privacy Notice.

Individual learner customer employee

Employers under B2B contract

Skillsoft Corporation

Skillsoft’s Privacy Notice and Employer’s privacy notice or analogous document disclosing for what purpose (e.g., corporate training) and by whom (e.g., Skillsoft) the personal data of an employee may be processed.

Individual leaners and direct consumer

Skillsoft Corporation

Our various service providers (e.g., Pendo.io)

Skillsoft’s Privacy.

B. Contact Us

If you have any questions about this Privacy Notice or would like to otherwise contact us about our privacy practices, please email us at dpo@skillsoft.com.

C. Changes to this Privacy Notice

We may update this privacy notice to reflect changes to our data governance practices. If we propose to make any material changes, we will notify you as required by applicable law prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

This version was last updated on March 15, 2024.