Introduction – Cross-border Data Transfers
The Lynda.com Services require data to flow from the European Union (EU) to the United States (US) and back. To help ensure an adequate level of protection for EU personal data when it is transferred outside the EU, the Data Protection Directive 95/46/EC and, as of May 25, 2018, the General Data Protection Regulation mandate that such transfers take place using certain legal mechanisms described in this EU Data Protection Unit FAQ.
On July 12, 2016, the US Department of Commerce and the European Commission adopted the EU-US Privacy Shield agreement, which replaced the EU-US Safe Harbor as a mechanism for enabling the transfer of personal data from the EU to the US. A similar mechanism called the Swiss-US Privacy Shield came into effect on April 12, 2017 and allows for data transfers from Switzerland to the US. As of July 18, 2017, LinkedIn certified to the US Department of Commerce its adherence to the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks for the protection of Lynda.com's customers' personal data sent from the EU and Switzerland to the US.
In many cases, we will continue to use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers from the EU. Learn more about the Standard Contractual Clauses adopted by the EU Commission. As explained in the EU Data Protection Unit FAQ, these clauses are contractual commitments between companies transferring personal data (for example, from LinkedIn Ireland Unlimited Company or its customers to LinkedIn Corporation), binding them to protect the privacy and security of the data. LinkedIn companies accordingly adopted Standard Contractual Clauses so that the data flows necessary to provide, maintain, and develop our services take place legally.
Note: Lynda.com's data centers storing personal data are currently located in the US.
Section 6 – Lynda.com Deletion Practices
The following are Lynda.com’s current practices regarding deletion of consumer account data.
Section 8 – Lawful Bases for Processing Data
Where we process data based on consent, we will ask for your explicit consent. Where we rely on contract, we will ask that you agree to the processing of personal data that is necessary for entering into or the performance of your contract with us.
We may process your personal data for the purposes of our legitimate interests or for the legitimate interests of third parties (e.g., your employer or company), provided that such processing shall not outweigh your rights and freedoms. For example, we may process your personal data to:
- Protect you, us or others from threats (such as security threats or fraud);
- Comply with laws that apply to us;
- Enable or administer our business, such as for quality control, consolidated reporting, and customer service;
- Manage corporate transactions, such as mergers or acquisitions;
- Understand and improve our business or customer relationships generally.
Section 16 – Additional Rights of Residents in Designated Countries
If you are a resident of one of the Designated Countries you have the right to file a complaint with the Irish Data Protection Commissioner, whose contact details can be found here.