Privacy Policy

Vantage LMS is a product operated by TXG Limited, a company registered in Gibraltar, whose registered office is at 5-9 Main Street, Gibraltar, GX11 1AA ("we", "us", "our").

We are committed to protecting your personal data and handling it responsibly in accordance with applicable data protection legislation, including:

• The EU General Data Protection Regulation (EU GDPR) (Regulation (EU) 2016/679), where applicable to individuals located in the European Economic Area (EEA)
• The UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and the UK Data Protection Act 2018, where applicable to individuals located in the United Kingdom
• The Gibraltar General Data Protection Regulation (Gibraltar GDPR) as implemented by the Data Protection Act 2004 (as amended) and the Data Protection Act 2021, where applicable under Gibraltar law

References in this policy to "GDPR" apply to whichever of the above frameworks is applicable to you based on your location and how you interact with us.

TXG Limited is the data controller responsible for your personal data. This means we determine the purposes and means by which your personal data is processed.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer (DPO):

Email: privacy@vantagelms.com
Post: Data Protection Officer, TXG Limited, 5-9 Main Street, Gibraltar, GX11 1AA

We may collect and process the following categories of personal data:

• Identity data: name, job title, and employer or organisation
• Contact data: email address, telephone number, and postal address
• Account data: login credentials and account preferences
• Usage data: information about how you use our website and platform, including pages visited and features accessed
• Technical data: IP address, browser type and version, time zone setting, and operating system
• Communications: records of correspondence when you contact us
• Marketing preferences: your preferences in receiving marketing from us

We do not collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless you explicitly provide this to us and we have a lawful basis to process it.

We use your personal data for the following purposes:

• To provide and manage your access to our learning management platform
• To create and administer your user account
• To contact you regarding your account, enquiries, or support requests
• To send service-related communications including updates, security alerts, and administrative messages
• To send marketing and promotional communications where you have consented or where we have a legitimate interest to do so
• To improve our website and services through analysis of usage patterns
• To comply with legal obligations and protect our legal rights
• To process payments and manage billing where applicable

Under the GDPR, we are required to have a valid legal basis for processing your personal data. We rely on the following bases:

• Performance of a contract (Article 6(1)(b) GDPR): where processing is necessary to perform our contract with you or to take steps prior to entering into a contract at your request
• Legitimate interests (Article 6(1)(f) GDPR): where it is in our legitimate business interests to process your data and those interests are not overridden by your rights and freedoms, for example, to improve our services, maintain security, and conduct direct marketing to existing customers
• Legal obligation (Article 6(1)(c) GDPR): where processing is necessary to comply with a legal or regulatory obligation to which we are subject
• Consent (Article 6(1)(a) GDPR): where you have given us clear, freely given, specific, informed, and unambiguous consent to process your data for a specific purpose. You may withdraw consent at any time

As a Gibraltar-based business, TXG Limited operates within a jurisdiction that has been recognised as providing an adequate level of data protection by the European Commission. Gibraltar maintains data protection standards equivalent to those required under EU GDPR.

Where we transfer personal data to third parties located outside Gibraltar, the EEA, or the UK, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office
• Transfers to countries that have received an adequacy decision from the relevant supervisory authority
• Other lawful transfer mechanisms as permitted under applicable data protection law

You may request further information about international transfers and the safeguards we apply by contacting our DPO at privacy@vantagelms.com.

We do not sell your personal data. We may share your information with:

• Service providers and third-party suppliers who assist us in operating our platform, such as hosting providers, payment processors, and IT support, all of whom are bound by appropriate data processing agreements and confidentiality obligations
• Professional advisers including lawyers, accountants, and insurers where necessary
• Regulatory authorities, law enforcement agencies, or courts where we are required to do so by law, including the Gibraltar Regulatory Authority (GRA) and, where applicable, EU or UK supervisory authorities

All third parties with whom we share data are required to respect the security of your personal data and to treat it in accordance with applicable data protection law. We do not allow our third-party service providers to use your personal data for their own purposes.

We retain your personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or regulatory reporting requirements. The criteria we use to determine retention periods include the nature of the data, the purpose for which it is held, and any applicable legal obligations.

When data is no longer required, it is securely deleted or anonymised in accordance with our data retention policy.

Depending on your location and the applicable data protection law, you may have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you (Subject Access Request)
• Right to rectification: to request correction of inaccurate or incomplete data
• Right to erasure:to request deletion of your personal data in certain circumstances (the "right to be forgotten")
• Right to restriction of processing: to request that we limit how we use your data in certain circumstances
• Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transfer it to another controller
• Right to object: to object to processing based on legitimate interests or for direct marketing purposes
• Rights related to automated decision-making and profiling: not to be subject to solely automated decisions that produce significant effects on you
• Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact our DPO at privacy@vantagelms.com or in writing to TXG Limited, 5-9 Main Street, Gibraltar, GX11 1AA. We will respond within one month of receiving your request, as required by GDPR. This period may be extended by a further two months in complex cases, in which case we will notify you.

You also have the right to lodge a complaint with the relevant supervisory authority:

• Gibraltar: the Gibraltar Regulatory Authority (GRA) at www.gra.gi
• EU: the data protection authority in your EU member state of residence
• UK:the Information Commissioner's Office (ICO) at www.ico.org.uk

Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your browsing experience. Cookies may be used for functionality, performance, analytics, and where applicable, marketing purposes. We will obtain your consent before placing non-essential cookies in accordance with applicable law.

You can control and manage cookie settings through your browser at any time. Please note that disabling certain cookies may affect the functionality of our website. For full details, please refer to our Cookie Policy.

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures are reviewed regularly and updated where necessary in line with our obligations under GDPR.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, notify you directly.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and we encourage you to read their privacy policies before providing any personal data to them.

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@vantagelms.com and we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in law, our business practices, or the way we handle personal data. Any changes will be posted on this page with an updated revision date. Where changes are material, we will take reasonable steps to notify you. We encourage you to review this policy periodically.