Pearson Education Asia Limited Privacy Notice

Updated: October 18, 2021

This Privacy Notice explains how personal information will be used by Pearson Education Asia Limited (“PEA", “we”, “our” or “us”) in relation to the products and services that link to this Privacy Notice, including Pearson websites at www.pearson.com.hk, www.longman.com.hk , www.pearsoned-asia.com , www.ilongman.com, and Pearson’s digital products (e.g. App) ("Sites"). In this Privacy Notice we call these our "Services."

It covers the handling of personal information by PEA as a data processor when institutional or corporate customers purchase access to our Services. It also covers the handling of personal information by PEA as a data controller when individual consumers purchase access to our Services, and when the Services are used outside of an institutional setting.

Which services does this Privacy Notice apply to?

This Privacy Notice applies to the Services that link to it. Use of other sites and services may be subject to different terms and privacy notices. This Privacy Notice may be supplemented by a separate agreement between PEA and an institutional customer.

Who is a user? And who is an institutional customer?

When we say "users" we mean the individuals who use the Services. Users could include an institutional customer's learners, teachers and administrators, or individual subscribers who purchase access to the Services for themselves or for a child in their care.

When we say "institutional customers", we mean learning providers such as schools, colleges, local education authorities, private language schools, education agencies or any other organisations that purchase access to the Services for use by users in its organisation.

Services purchased by an institutional customer

If your access to the Services was purchased for you by an institutional customer, then the institutional customer is the data controller for any personal information which is uploaded or accessed by the Services. The institutional customer is responsible for ensuring it has a legal basis for processing this personal information. PEA only processes this personal information on the institutional customer's behalf, as a data processor.

For institutional customers registering users who are learners under the age of 18: please only upload school-issued email addresses for learners (not personal email addresses such as Hotmail accounts).

What personal information do these Services collect?

Limited personal information is collected during the registration process for the Services. We request the following data fields for users who are learners:

  • Name
  • Contact details including contact name, postal address, telephone number, fax number, e-mail address
  • Pearson Fan Club identification details including name and membership details
  • MyPearson ID and Longman Education Access code Program identification details including Log-in ID, Password, name, telephone number
  • Longman English Plus APP accounts, nick name, avatar, sex, user learning records/result, communication/feedback records, and verification information, and usage data.
    Details of school attending including school name, adoption and purchase record of Pearson materials, including Longman branded textbooks.
  • Internet browser type and version
  • Personal computer operating system
  • User device information

We request the following data fields for users who are teachers:

  • Details of school employed at including school name, school address, academic subjects of interest, academic subjects taught
  • Results, records, and accumulative progress from visiting interactive content
  • Occupation, employment position, number of years working experience
  • Suggestions, personal opinions, enquiries
  • Internet browser type and version
  • Personal computer operating system.

If you would like to find out exactly what personal data will be collected as part of your Services please contact: dataprivacy@pearson.com

How do the Services collect my personal information?

We collect your information in three ways:

  1. When you, your parent/carer or your institution (including your teacher) disclose your information through using the Services, registering you to use the Services (including when an institutional customer instructs us to register you to use the Services), contacting us (online or offline), ordering Services from us.
  2. When you interact with the Services, our website, our mobile applications or when you open our email communications. We use cookies to collect this information. To find out more, please see the Cookie & Domain Name Server (DNS) Address section below.
  3. From specified third parties if you use Services which incorporate or link to third party products. For example, if you use a Service to obtain a personalised learning pathway that includes courses from third party providers, those third party providers may provide PEA with limited information relating to your activity on that course including whether course checkout/onboarding is completed, start and end dates, what was charged for the course, whether or not it was completed and if a certificate was provided upon completion. If this data sharing takes place that will be made clear as part of the Services and before any data sharing takes place.

In a separate automatic operation we may collect application and system logs data which could include data such as your IP address, internet service provider and browser type, type of computer/device, and details of the website, application or email communication you came from before entering the Services. This information is used to:

  • work out how many times the Services are visited;
  • record which parts of the Services have been visited so we can improve the content and layout of the Services;
  • understand the effectiveness of our email communications;
  • monitor the health of the Services, detect unauthorised access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the Services.

We may from time to time supply third parties with an anonymised form of this data for uses in connection with our Services.

Cookies & Domain Name Server (DNS) Address

Pearson web server will also collect data relating to visitors' online session, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that Pearson may better meet the demands and expectations of visitors to our sites. This type of data includes:

  • the browser type and version
  • page visited
  • frequency and duration of visits
  • results, records, and accumulative progress from visiting interactive content
  • operating system, or
  • the DNS address and/or domain name

Certain Pearson web pages may place a "cookie" on visitors' browser in order to provide personalized services and/or maintain their identity across multiple pages within a single session.

What is the legal basis for PEA using my personal information?

Where a consumer purchases access to the Services from PEA, or where we contact you in accordance with the section headed Marketing communications and opting out, we are acting as a data controller. The European General Data Protection Regulation requires data controllers to tell you the legal bases for handling your personal information, so we have described these here. We may use your personal information:

  • to enter into or perform a contract with you (e.g. to provide you with access to the Services you have purchased); and/or
  • with your consent (e.g. we may sometimes ask you for specific consent to use your personal information in a particular way); and/or
  • to comply with our legal obligations (e.g. we might have regulatory obligations to report or share or archive personal information).
  • for a variety of business purposes which are in our legitimate interests (where the applicable laws permit ) as a commercial provider of educational products and services (e.g. as described in the section headed Marketing communications and opting out)
  • for the publicly disclosed personal information (where the applicable laws permit)

Where we are handling personal information on behalf of an institutional customer, the institutional customer is the data controller and will establish the legal basis for handling your personal information. If you have any queries, you should direct these to the institution which provided you with access to the Services.

Will PEA share my personal information with anyone else?

We will never sell users' personal information. We may disclose and share personal information:

  • with our service providers (for example, suppliers who develop or host our Services) in which case we will require them to implement appropriate technical and organisational measures to meet the requirements of applicable law; and/or
  • if required or permitted by law; and/or
  • with relevant third parties (such as law enforcement agencies, your employer or educational institution) if we reasonably believe a user may be in breach of the law (e.g. if a user has posted defamatory content on our Services) or may have engaged in any academic dishonesty or misconduct, or may be in breach of any terms of use or end user licence agreement which apply to the Services, or in breach of any other contract with the user or the user's educational institution or employer; and/or
  • with an institutional customer or parent/carer where the institutional customer or parent/carer has purchased access to the Services on the user's behalf; and/or
  • with specified third parties if you use Services which link to third party products and services that you may elect to use, in which case you will be notified of that data sharing in advance; and/or
  • with our group companies who may use the information in accordance with the Marketing communications and opting out section below. Please note information on learners aged under 18 will not be shared with group companies for marketing purposes; and/or
  • in connection with a sale, joint venture or other transfer of some or all of our company or assets, subject to the commitment of the acquiring entity to comply with this Privacy Notice; and/or.
  • to protect the security and safety of the user and other persons, data, assets and systems, consistent with applicable law; and/or
  • in other situations with the user's consent.

We also use personal information in aggregate form (so that no individual user is identified by name) to identify types of user, audit and analyse how our Services are used, to help with the strategic development of our Services, to conduct educational research, and to develop new products and services. When doing so we remove any direct identifiers so that the data is no longer considered personal data for the purposes of data privacy laws and regulations.

What will PEA do with my personal information?

The personal information that is collected will be used by PEA to provide the Services (including to communicate with users regarding service updates) and in accordance with this Privacy Notice. In addition, where an institutional customer has purchased access to the Services, personal information will also be used by PEA in accordance with the institutional customer's instructions. This may include analysis of users' use and progress across a variety of Services so that we can help learners make progress with their learning - for instance to evaluate the educational efficacy and effectiveness of the Services and to make appropriate recommendations to users and institutional customers based on this evaluation.

Email addresses for learners are collected in order to be able to issue passwords securely through our systems and to send out service messages where necessary. Please also refer to the section headed Marketing communications and opting out to see how else email addresses may be used.

Some Services may have the capability to connect to your Google Drive so that you can upload or download documents directly from or into your Google Drive. Before they do so, you will receive a prompt asking you to click "Allow" to enable the Services to connect to your Google Drive. You may remove this connection in the My Account settings for your Google account at any time. PEA will use this connection to access your Google Drive only for the purpose of uploading or downloading documents that you specifically select with limited metadata to allow identification and retrieval, so that you can access and use the documents within the Services or download them to Google Drive. PEA will use, process and store these documents and associated personal data in accordance with this Privacy Notice.

Marketing communications and opting out

Marketing will not be sent to any learners aged under 18 registered to use the Services unless consent has been provided on behalf of the learners, in which case such consent may be withdrawn at any time.

Contact details for teachers, learners who are 18 or over, and adult subscribers to the Services may be used for these purposes:

  1. to contact the user with more information about our products and services and those of our group companies, except where the user has told us not to;
  2. to invite the user to participate in surveys, discussions and prize draws and ask for the user's views on our Services via online surveys and discussion forums.

Participation in surveys and discussion forums is entirely voluntary. Users may unsubscribe from being contacted for these purposes at any time. Survey information will be used for market research with the aim of improving our Services.

We will not send marketing emails to a user who has opted out of receiving them. Any marketing communications we send will include an unsubscribe link at the end of the email.

How does PEA keep personal information safe?

At PEA we maintain appropriate technical and organisational measures against unauthorised or unlawful processing of personal information and against accidental loss, theft, destruction of or damage to personal information.

We seek to protect the safety of all personal information. In particular, provided a user's browser accepts HTTPS (Hyper Text Transfer Protocol Secure) encryption, we seek to protect payment information against unauthorised access through a secure server. Where we use third parties to process personal information, we require them to ensure the safety of personal information.

Please be careful if you post any personal information on a bulletin board or discussion forum or similar interactive area of the Service as it may be collected and used by others. You understand we cannot control the actions of other users.

For how long will PEA keep personal information?

We will keep your personal information only for as long as reasonably necessary to fulfil the purposes for which we are processing your personal information, unless the law permits or requires longer. For example, we might need to keep your personal data for quality assurance of the service we have provided, or we might need to keep it to defend future legal claims.

Will PEA send my personal information to another country?

For some Services we might need to send your personal information to another country or process it in another country.

If you are based in the EEA and we contract service providers who will process your personal information outside the United Kingdom or EEA we will take appropriate steps to ensure your personal information is given the same level of protection as described in this Privacy Notice.

We have entered into an intercompany data processing agreement using the European Commission standard contractual clauses (in the absence of an adequacy decision) for data transfers to our group companies located outside of the UK and the EEA. We rely on adequacy decisions or adequate data transfer mechanisms adopted by the European Commission or a supervisory authority from time to time for transfers of European personal information to third parties located in countries outside of the UK or EEA.

If you are based in China, we comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to outside China. In particular, we use contractual protections for the transfer of personal information outside China.

What if I am under 18 years old?

These Services may be aimed at learners aged under 18.

Visitors to the web site who are under 18 years old must obtain permission from parents or legal guardians before undertaking any of the following activities:

  • sending any individual personal information or any information about others
  • entering any contest, game or lucky draw

It should be noted that once permission is obtained, the user should only submit a first name or initials to be publicly posted on the web site. A full name should never be used.

By providing your personal information to us, you represent and warrant that you are adults or have otherwise permission from parents/legal guardians to provide your personal information and transact on our Site.

In the event that collecting personal information of under 18 year old persons upon permission from their parents/legal guardians, we will only use or disclose to public such information under the condition that it is permitted by law, or by their parents/legal guardians, or it is necessary to do so to protect them.

If we found that we collected any under 18 year old person’s personal information without any prior permission from their certified parents/legal guardians, then we will exert our best effort to delete such information immediately.

If a learner is under 18 and has any questions in relation to their personal information and the Services, we recommend that the questions are directed to their parent or legal guardian, or to the learner's teacher where relevant.

Misuse of personal information

To protect personal information, users and institutional customers are urged to: (a) protect and never share passwords; (b) only access the Services using secure networks; (c) maintain updated internet security and virus protection software on their devices and computer systems; (d) immediately change a password and contact PEA if there is a suspicion that the password has been compromised; and (e) contact PEA if there is another security or privacy concern or issue.

Any improper collection or misuse of personal information by any user is a violation of this Privacy Notice and of our terms of use. Please report it by emailing dataprivacy@pearson.com.

Institutional customers and users must not misuse any personal information available on the Services or gather personal information or use robots or other automated scripts, codes or functionalities to do so.

We may immediately suspend or terminate users' and institutional customers' access without notice if we become aware that they are in breach of our Terms and Conditions or of this Privacy Notice.

What rights do I have?

In some countries and regions such as China and the EEA (European Economic Area) you may have certain rights in relation to your personal information including the right to ask the data controller to update and correct your personal information, to request access to and obtain a copy of your personal information, rectification of your personal information if it is no longer accurate or erasure of your personal information if our retention is no longer necessary for the purposes for which it was collected, to restrict or object to the processing of your personal information in certain circumstances, and data portability (if applicable).

If access to the Services was provided by your institution, then you should address any such request to your institution. If you (or your parent/guardian) purchased your access to the Services, then you should address your request to PEA using the details set out in the Contacting PEA section below. We will consider and act upon any request in accordance with applicable data protection laws.

If you (or your parent/guardian) purchased your access to the Services you may contact us or have the right to complain to your local data protection supervisory authority, if you are unhappy with our privacy practices notified under this Privacy Notice.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will always include the date of a new version so that you know when there has been a change.

Contacting PEA

If you have any questions about our Privacy Notice, please do not hesitate to contact us at:

Data Protection Officer
Pearson Education Asia Limited
28/F, 1063 King's Road
Quarry Bay, Hong Kong

or email us at dataprivacy@pearson.com.

 

This Privacy Notice applies to the products and services which link to it. It is provided on behalf of Pearson Education Asia Limited.