Last reviewed: January 2024
At Elucidat, we’ve always been extremely diligent about looking after the personal data of those who entrust us with it – our clients, learners, authors, business partners and employees.
To ensure ongoing compliance with GDPR and data privacy regulations globally we continually enhance our data protection processes and practices, strengthening our accountability and establishing structures to allow individuals to exercise their rights as data subjects.
Prior to GDPR coming into force in May 2018, we engaged with data consultants to ensure our technical and organisational measures met best practice. This engagement is ongoing to ensure we continue to excel in this area. Since then there have been many changes to the data privacy landscape around the world, including the US/EU/UK data relationships, the effects of Brexit and the ongoing data privacy developments in many other countries . Our external consultants assist us in ensuring that we keep up to date with data privacy regulatory changes and expectations globally.
When it comes to the data we handle for Authors of our software, Elucidat is a Data Controller. We also act as a Data Controller when we handle contact data for our prospective and existing customers. Our lawful bases for operating falls under legitimate interest and contract as we enable and administer your service.
You can find more information on our public compliance pages here. These provide transparency about how, why and where we process data.
We are also a Data Processor for Learners of the courses which our customers create. The customer being the Data Controller in these circumstances.
As a SaaS business it’s important that we hold consistent data processing agreements across our global customer base. This allows us to effectively meet our compliance obligations in all of the jurisdictions in which we operate. We have set out our Data Processor Terms on our compliance pages here, which seek to give reassurance about how we act as a Data Processor. Our compliance pages also list our third party sub processors who are subject to thorough due diligence to ensure their data processes, operations and business partners are compliant with best practise data privacy regulations and their status is regularly monitored.
We know the importance of data availability. Our physical and technical setup is designed to be secure, keeping data confidential and safe, with robust password management and encryption technology used throughout our structure. It’s also designed for swift restoration and containment should an issue or breach occur. We have clear processes in place in the event of an incident.
Our mission is to bake data protection by design into our day-to-day culture at Elucidat. This is supported and endorsed at Director level with clear lines of governance, accountability and practice across our UK and US businesses. It also means that we consider the perspective of our customers - have we thought through what they might expect, what’s fair and would we be able to justify our operations.
We have a framework in place to formally review our policies and processes regularly, including quarterly data privacy reviews with key personnel to ensure we are acting with integrity and accountability. We meet to assess changes and ensure that our reporting and policies are accurate and up to date. We are continually seeking to improve what we do and apply similar expectations to any partners and suppliers which we work with.
For further information or any questions regarding data management and security, contact dpo@elucidat.com.
Registered with the ICO: ZA094651
Useful links: