SIGNPOST GROUP PRIVACY NOTICE
With this Privacy Notice, the Signpost Group (hereinafter referred to as “Signpost”, the “Signpost Group” or “we”) intends to be transparent about how we collect and use your personal data. This Notice explains, among other things, why we process your personal data and how we handle it. It also sets out the procedures we apply to safeguard your right to privacy and how you can exercise your data‑related rights.
We are committed to protecting your personal data with the utmost care and to processing it only fairly and lawfully, in line with the General Data Protection Regulation (GDPR) provisions and all applicable national or international laws or regulations implementing or future laws or regulations replacing GDPR (hereinafter collectively referred to as the “Applicable Data Protection Law”).
Where your personal data is collected and used by a Signpost Group entity, that entity acts as the **Controller**. We recognise the trust you place in us and comply with the Applicable Data Protection Law at all times. Each Signpost Group entity will always handle your personal data with great care.
The Signpost Group is comprised of several entities which, as the case may be, will act as the Controller of your personal data. This Notice applies to each of these entities.
The Signpost Group uses the following websites: signpost.eu, signpost.be, signpost.nl, academicshop.eu, academicsoftware.eu, academicsoftware.com, fourcast.be, signpostacademy.eu, www.campuspdi.com, www.icono.net/es/inicio, www.signposteducation.co.uk, www.ilonait.fi and www.studentenlaptop.be, www.asknet.com, www.asknet-solutions.com, www.studyhouse.de/.ch, academiccenter.de/ch, www.fourcastacademy.be.
|
Signpost |
|
|
Signpost België BV, registered office at Bouwstraat 14 Y1, 9160 Lokeren (Belgium), and company number 0886.007.502 |
www.signpost.be |
|
Signpost Nederland B.V., registered office at Wijchenseweg 6, 6537TL Nijmegen (Netherlands), and company number 81197810 |
www.signpost.nl |
|
Signpost SARL, registered office at 130, BD DE LA LIBERTE, 759800 Lille , and company number FR29889064887 |
www.signpost.be |
| Signpost Educación S.L., registered office at Calle Balmes, 59 P PR, 08007, Barcelona (Spain), and company number B01999960 | www.signpost.be |
| CampusPDI S.L., registered office at Calle Narcis Monturiol, 17B – Edificio as center II, 46980, Paterna, and company number B97203871 | https://www.campuspdi.com/ |
| Solucions Informàtiques Icono S.L., registered office at Avda. Indústria 94B, 07730 Alaior (Menorca) (Spain), and company number B57043135 | https://www.icono.net/es/inicio |
| Signpost Education LTD, registered office at Northumberland Avenue 8, WC2N 5BY London (United Kingdom), and company number 15128801 | https://signposteducation.co.uk/ |
| Academic Software | |
| Academic Software BV, registered office at Bouwstraat 14 Y1, 9160 Lokeren (Belgium), and company number 0635.738.394 | https://academicsoftware.com/nl-be/ |
| Fourcast for Education BV, registered office at Bouwstraat 14 Y1, 9160 Lokeren (Belgium), and company number 0735.998.881 | https://fourcast.be/nl-be/ |
| Ilona IT Oy, registered office at Energiakuja 3, Technopolis Ruoholahti 2, 2 krs, 00180 Helsinki (Finland), and company number 2319462-9 | https://www.ilonait.fi/ |
| ACADEMIC SOFTWARE POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, registered office at UL. MARSZAŁKOWSKA 126/134, 00-008 Warsaw (Poland), and company number 0001180148 (NIP: 5253051361) | https://academicsoftware.com/pl-pl/ |
| Asknet GmbH, registered office at Hertzstraße 16a, 76187 Karlsruhe (Germany), and company number HRB 753519 | https://asknet-solutions.com/ |
| ACADEMIC SOFTWARE FRANCE SARL, registered office at Boulevard de la Liberté 130, 59800 Lille (France), and company number 889064887 | https://academicsoftware.com/fr-fr/ |
| Lernova | |
| LERNOVA NV, registered office at Bouwstraat 14 Y1, 9160 Lokeren (Belgium), and company number 0892.653.980 | https://www.lernova.be/ |
If, for any reason, you do not provide certain personal data to us, we may be unable to offer our products or to deliver our services (fully). Where that is the case, we will inform you.
This Privacy Notice concerns only (personal) data that we process. To the extent permitted by law, we do not assume responsibility or liability for the operation and/or content of third‑party services or websites.
Signpost reserves the right to amend this Privacy Notice from time to time. The most recent version is available on our websites.
1. Which personal data do we process, for which purposes and on what legal basis?
Personal data can be defined as any information that can be used to identify a natural person, directly or indirectly. You may provide us with personal data in the context of the following activities, for the corresponding purposes and on the stated legal basis:
| Purpose | Which personal data | Legal basis |
| Provision of our products and/or services: We process personal data to register customers, deliver products and/or services, handle payments, and manage correspondence and follow‑up with the customer. | a) First and last name b) Address details c) Telephone number d) Email address e) Details of the school you are affiliated with (e.g. name and registration/student number) f) Teacher or student card number g) VAT/tax identification number h) Payment data i) All data concerning purchased products |
Performance of a contract |
| Access to and use of the platform via the school account: We process personal data to enable access to the platform through the school’s identity provider (e.g. Microsoft or Smartschool) and to create or update an internal user profile linked to your school identity. The profile is used to manage your role, permissions and settings on the platform, provide usage functionality, generate reports for schools, conduct educational analytics and statistics, and offer personalised support or communications. | a) First and last name b) Email address (linked to the school account) c) Details of the school you are affiliated with (e.g. name and registration/student number) d) Teacher or student card number e) Role on the platform f) Group or class assignment on the platform g) Personal settings and preferences (e.g. language, notifications or display options) h) Platform usage data (e.g. sections visited and chat messages) i) All data concerning purchased products |
Performance of a contract |
| Supplier management: We process personal data of contacts at our suppliers and service providers to initiate cooperation, perform contracts, make payments and manage correspondence. | a) Contact person’s first and last name b) Function or role within the company c) Business email address d) Business telephone number e) Supplier address details f) Payment data |
Performance of a contract |
| Use of the website: We process personal data to enable the use of the website, secure it, and tailor/improve it. | a) Device data (e.g. device type) b) Account data (where applicable) c) Usage data (e.g. pages and items visited, login session data, values selected, preferences and settings) d) Technical data (IP address, hostname associated with the IP address, browser type, operating system) e) Cookies (see also the “Cookies” section of this Notice) |
Legitimate interests |
| Creation of anonymised statistical data: We process personal data to gain insights into the use of our services and into customer and/or user preferences and to optimise our services. Data processed for this purpose is anonymised. | a) First and last name b) Address details c) Telephone number d) Email address e) Details of the school you are affiliated with (e.g. name and registration/student number) f) Teacher or student card number g) All data concerning purchased products |
Legitimate interests |
| Questions and/or complaints: We process personal data to be able to respond to possible questions and/or complaints. | a) First and last name b) Email address c) Telephone number d) Correspondence history e) Account data (where applicable) |
Legitimate interests |
| Marketing of educational and software‑related content to B2C contacts: We process your personal data to inform you about new software, student discounts and free trials, free software, and relevant offers and software‑related content (e.g. study tips, case studies and free webinars) — only if you have given explicit consent. | a) First and last name b) Address details c) Telephone number d) Email address e) Details of the school you are affiliated with (e.g. name and registration/student number) f) Teacher or student card number g) All data concerning purchased products |
Consent |
| Marketing of educational and software‑related content to B2B contacts: We process the personal data of our business contacts to inform them about new software, relevant offers and software‑related content (e.g. case studies, product updates and free webinars), insofar as we can rely on our legitimate interests to promote our services and products in a professional context. | a) Contact person’s first and last name b) Business email address c) Company name d) VAT/tax identification number e) Function or role within the organisation f) All data concerning purchased products |
Legitimate interests |
| Vacancies and internships: We process your personal data to inform you about job and internship opportunities that match your profile, only to the extent that you have given explicit consent. Aggregated personal data may be shared with third parties. | a) First and last name b) Email address c) Education level, field of study and year d) Availability e) LinkedIn profile f) Curriculum vitae (CV) g) Future plans h) Personal preferences |
Consent |
| Applications: We process your personal data when you apply for a role with us or request information about a specific vacancy. | a) First and last name b) Address details c) Telephone number d) Email address e) CV |
Consent |
| AI chatbot: We process your personal data when you use our AI chatbot “MILA”, for example to ask questions, obtain support or search for information. This data may be used to improve the functionality of the chatbot as well as our products and/or services. See also the section “Artificial Intelligence (AI)” of this Notice. |
a) First and last name b) Email address c) Account data d) Chat content e) IP address f) Device data g) Usage data h) Any preferences |
Consent |
2.1. Disclosure of personal data within the Signpost Group
The personal data we collect may be shared with other Signpost Group entities. These entities are listed in the introduction to this Notice. Such sharing takes place in the context of performing a contract or on the basis of the Signpost Group’s legitimate interests, for example to improve and streamline IT services, statistics or analytics. This will be of benefit to the services we provide. Personal data may also be shared between Signpost Group locations where necessary to provide our products or services, in line with the predetermined purpose as shown in the table above. In all other cases, we will obtain your prior explicit consent.
2.2. Disclosure of personal data to third parties
Your personal data will only be shared with third parties in the following specific cases:
- Service providers and subcontractors: personal data may be shared with external providers to whom we have outsourced certain processing activities. For example, your name and address may be provided to a supplier to ship ordered products; we also use service providers that operate our websites. In addition, your name, address details, email address and school‑related information may be provided to a software publisher to verify your entitlement to the relevant software. These parties may process your personal data only in accordance with our instructions and solely to perform the agreed services. Where required, we conclude a data processing agreement that obliges them to comply with the Applicable Data Protection Law.
- Legal obligations: we may disclose your personal data to third parties where we are legally required to do so — e.g. under laws or regulations, in the context of legal proceedings, or where we deem it necessary to protect our rights.
The Signpost Group ensures that these third parties comply at all times with the same standards and laws and regulations for the protection of personal data.
2.3. International transfers of personal data
As a rule, your data is processed within the European Economic Area (EEA). Insofar as data is functionally shared with Signpost Group affiliates or with processors outside the EEA — such as Signpost Education LTD (United Kingdom) or our partner in North Macedonia — hosting and processing take place exclusively on systems within the EEA, either in the cloud or on‑premises in Lokeren.
Should personal data actually be transferred in the future to third countries outside the EEA, the Signpost Group will implement appropriate safeguards to protect your data. Where possible, transfers are based on an adequacy decision by the European Commission. In the absence of such a decision for a third country, Signpost implements appropriate safeguards by basing the transfer on, and complying with, the European Commission’s Standard Contractual Clauses.
3. How long do we retain your personal data?
We retain your personal data carefully and no longer than necessary for the purposes for which it was collected. The retention period always depends on the specific purpose of collection. Where we process personal data on the basis of performance of a contract, we generally apply a maximum retention period of five (5) years after termination of the relevant contract. Longer periods apply where required by law (e.g. tax law requires certain personal data to be kept for seven (7) years).
Personal data collected on the basis of your consent is retained for as long as your consent remains valid.
In all cases, personal data may be kept for longer where there is a legal or regulatory reason to do so, or for a shorter period if you object to the processing and there is no longer a legitimate reason to retain the data. We ensure that your data is deleted or anonymised once the retention period has expired.
4. How do we protect your personal data?
The Signpost Group implements appropriate technical and organisational measures to protect your personal data against unlawful or unauthorised processing and against accidental loss or compromise of integrity. These measures have been adopted, taking into account our IT infrastructure, the potential impact on your privacy and the costs, and in line with industry standards and practices.
We ensure that your personal data is stored in a sufficiently protected environment and that only those who need access can obtain it. Your data is stored on our own secure servers or on third‑party servers — in all cases within the EEA — either in the cloud or on‑premises (in Lokeren).
5. Cookies
The Signpost Group’s websites use cookies. These are small text files stored on your device’s hard drive. Cookies are used to provide the website in a user‑friendly way or to obtain information about the website’s quality or effectiveness. For more information about our use of cookies, see our Cookie Policy available via this link.
6. Artificial Intelligence (AI)
When you use our AI tool, MILA, your personal data may be processed by this AI system. However, personal data provided to MILA is not used for further training or improvement of the AI system. The Signpost Group also takes appropriate measures to ensure the confidentiality and security of your personal data in this context.
MILA provides access to various underlying Large Language Models (LLMs) that may be operated by third parties. These LLMs may autonomously process personal data depending on the prompts entered. The Signpost Group has no control over the operation of these external models and accepts no liability for processing that takes place outside its area of responsibility.
Users are reminded that they are responsible for the content of the prompts they submit. It is prohibited to share third‑party personal data via the AI tool without consent or to enter prompts with unlawful, discriminatory, hateful or otherwise inappropriate content. This includes, among other things, racist, homophobic or violent statements and information relating to child abuse, organised crime, drug trafficking or human trafficking.
We recommend reading and complying with the applicable terms of use and conduct guidelines (the “clean‑prompting policy”) before using the AI tool.
7. Your rights
Subject to the conditions and limitations under the Applicable Data Protection Law, you as a data subject can exercise the following rights:
- Access and rectification: you have the right to access your personal data. Before providing access, we may ask you to verify your identity and to provide sufficient information about your interactions with us so that we can locate your data and verify your identity. If the data we hold about you is inaccurate, you may request correction.
- Right to object to processing: you have the right to object to the processing of your personal data when we no longer have a right to use them, to request deletion if we retain it for too long, or to request restriction of processing in certain circumstances. In particular, you have the right to object to direct marketing (e.g. emails) at any time, free of charge and without giving reasons.
- Right to restriction of processing: you have the right to request restriction of the processing of your personal data, for example while the accuracy of your data is being verified.
- Right to erasure: you have the right to request the deletion of all your personal data, subject to certain exceptions, for example to evidence a transaction or where there is a legal retention obligation.
- Right to data portability: under certain conditions, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine‑readable format and to transmit your personal data to a third party of your choice.
- Right to withdraw consent: where your personal data is processed on the basis of your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
The above rights can only be exercised reasonably and in accordance with applicable law. If you wish to exercise these rights, please contact us at: privacy@signpost.eu.
In principle, you can exercise these rights free of charge; however, for disproportionate, manifestly unfounded or very frequent requests, we may charge a reasonable administrative fee.
We will respond to your request within one (1) month of receipt. In cases of complex or numerous requests, this period may be extended by up to two (2) additional months. We will inform you of any extension within one (1) month.
8. Questions, complaints and feedback
We strive to strictly comply with this Privacy Notice. If you have a complaint, question or comment about this Notice or about our processing of your personal data, you can contact us at privacy@signpost.eu or by post at: Bouwstraat 14 Y1, 9160 Lokeren (Belgium), for the attention of our privacy officer. If you do not live in Belgium, you can also address your request to the registered office of the Signpost Group entity that acted as Controller in the specific case (the addresses of all affiliated entities are listed in the initial overview of this Notice).
You also have the right at any time to lodge a complaint with the competent supervisory authority, in the member state of your habitual residence, your place of work or the place of the alleged infringement. Below you will find the contact details of the supervisory authorities in the countries where the Signpost Group is active.
|
BELGIUM |
NETHERLANDS |
|
FRANCE |
SPAIN |
| UNITED KINGDOM Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (UK) Tel: +44 0303 123 1113 https://ico.org.uk/ Note that the United Kingdom is not part of the European Union and is therefore not subject to the GDPR. The United Kingdom has its own data protection legislation (the UK Data Protection Act). The authority listed above is competent for complaints under this national law. |
FINLAND |
|
POLAND |
GERMANY |