Privacy Policy

Last Updated: 08 April 2025
Prior Privacy Policy version:
PP 23 Jan. 2024 to 07 Apr. 2025

What Is the Purpose of this Policy?

This Privacy Policy explains how Notabene, Inc. collects, uses, safeguards, and discloses personal data about you, as a result of our Services. By using our Services (explained below), you agree to the collection and use of your personal data in accordance with this policy.

What Is Personal Data?

Personal data means data or information about you, a natural person (also called a “data subject”) who can be identified from that data. Some examples of personal data (detailed further below) may include your name, your email address, cookies, details about your device, data relating to your use of our Services, such as your browsing actions or usage patterns, and various technical data. Under this policy, personal data does not include any data we handle that is anonymous or has been anonymized, whether in an aggregated form or not.

What are Our Services?

The Services that we provide and that are covered by this policy include our website at www.notabene.id, our applications and platform at  app.notabene.id/ and app.notabene.dev/and associated webpages (collectively, “Websites"), our web-based services including our courses, blogs, and other resources, and other online products, services, and applications. In this policy, we describe our practices that relate to your personal data in conjunction with these Services.

What Is Our Role?

For purposes of this policy, we are a “data controller” of your data, which means that we determine the purposes for which your personal data are processed and how your personal data are processed. We may use the services of various service providers (“Data Processors”) to process your personal data more effectively pursuant to our instructions.

How Do We Collect Your Personal Data?

We may collect your personal data directly from you when you provide it to us. You also may provide us with personal data via our Services or via an integration on the platform of our third-party partners.

We may collect personal data indirectly through automated means, such as through cookies or other tracking technologies. We also may collect personal information that you have made publicly available online or that is published by third parties and contains information about you (such as news articles).

There are certain types of personal information that we may collect from business intelligence providers or other third parties.

What Are Our Obligations to You?

We are committed to protecting and safeguarding your personal data with state-of-the-art security protections that meet and exceed market standards and that comply with our obligations under applicable privacy laws. We describe and explain these security measures further below.

We maintain integrity and confidentiality and adhere to the principles of legality, fairness, accountability, accuracy, and transparency. In addition, we limit the purpose and amount of the personal data that we collect and store.

Can You Choose Not To Have Your Personal Data Collected?

Yes. This is an important option that we provide to you. You may instruct us to stop collecting your personal data and/or opt out of receiving any or all of our communications to you by clicking on “manage preferences” at the bottom of every email you receive. You are able to unsubscribe from any stream of communications that you choose. You also have the option of unsubscribing completely by clicking on “unsubscribe from all emails.” By doing this, you will not receive any communications from us.

Please note that if you choose not to provide certain requested information, we may not be able to provide you with certain Services or features or they may be available only in a limited way.

In addition, if we request and receive your consent for us to share your personal data with one of our partners, but you then notify us that you wish to withdraw this consent, we will accordingly notify this partner to cease using your personal data.

What Types of Personal Data Do We Collect?

There are at least four types of personal data that we may collect from you. These are described below with non-inclusive examples in each category:

  • Profile data: first and last name, email address, other contact information, employer, business address, job title, identification information, subscription data (user name and password), images, and other information you may choose to share.
  • Usage data: the pages or locations of our Services that you visit, the pages and files you view, the time and date of your visits, the time spent there, frequency of visits, searches and other actions you take, and information about your device, such as unique device identifiers.  
  • Technical data: information that your browser sends whenever you visit our Services. This may include information such as your internet provider, mobile carrier, internet protocol (IP) addresses, browser type, browser version, and operating system type or version.
  • Performance data: assessments, tests, results, and other types of records from your performance in our learning courses.

If you provide us with any personal data relating to other individuals, you represent that you have the authority to do so and, where required, that you have obtained the necessary consent. You furthermore acknowledge that this personal data relating to other individuals may be used in accordance with this policy.

How Do We Use Your Personal Data?

Unless we hear from you otherwise, we may use your personal data for the purposes described below. For each use, we explain which type of personal data we would use and the legal basis for this use.

Please note that we create anonymous, aggregated, and/or de-identified data from your personal data and from the personal data of other users or others whose data we collect. We do this by removing information that makes the data identifiable to you (and to others). In this way, the resulting anonymous, aggregated, and/or de-identified data is no longer personal data.

Use of Personal Data Type of Data Legal Basis for Processing
Services and Customers
Provide and maintain our Services Technical data
Usage data
Profile data		 Necessary for the performance of a contract
Provide customer support and manage customer relationships Profile data
Technical data
Usage data		 Necessary for our legitimate interests in managing the provision of our Services to customers and improving our Services
Monitor and analyze the use of our Services and improve our Services and your use of the Services Technical data
Usage data
Profile data		 Your consent
Detect, prevent, and address technical and security issues Technical data
Profile data		 Necessary for our legitimate interests in maintaining the performance and security of our Services
Notify you about changes to our Services Profile data
Usage data		 Necessary for the performance of a contract
Referring customers and network participants to our partners for Services that you request or in which you express interest Profile data Necessary for our legitimate interests in helping you identify services that are useful to you
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for payments, billing, collection, and license requirements Profile data
Usage data		 Necessary for the performance of a contract
Promotions and Marketing
Capture new leads and manage the sales process Profile data
Usage data		 Necessary for our legitimate interests in expanding our business
Provide you with marketing or promotional materials, including (but not limited to) updates, news, special offers, informational resources, event invitations, and other information or communications that may be of interest to you Profile data
Usage data		 Your consent
Understand and track who is registering for and attending our in-person events and webinars Profile data
Usage data		 Your consent
For in-person events, enable security measures, comply with venue requirements, and take photos and videos Profile data Your consent
Publish press releases, public announcements, and case studies Profile data
Usage data		 Your consent
Learning Courses
Enroll you in our learning courses and issue certifications accordingly Profile data
Performance data		 Necessary for the performance of a contract
Legal and Contracts
Complying with legal obligations, such as cooperating with governmental authorities, courts, or regulators Profile data
Usage data
Technical data		 Compliance with legal obligations

You may contact us at [email protected] or [email protected] if you would like more information about how we balance our legitimate interests against the potential impact to your privacy. Some of the factors we consider include the nature of the personal data, the impact on you, our reason for processing your data, and how we can minimize impact.

Regarding our contractual obligations referenced above, the consequences we may suffer as a result of breaching these obligations include contractual breach, financial liabilities, damages, loss of business, impact to reputation, and lawsuits and other legal proceedings.

How Do We Use Cookies?

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from our Websites and stored on your device. Other tracking technologies are also used, such as beacons, tags, and scripts to collect and track information and to improve and analyze our Services.  

We may choose to use the following categories of cookies:

  • Essential cookies are necessary for the basic functioning of our Websites. They enable core features such as secure logins, session management, and accessibility preferences. Without these cookies, the Websites may not function properly. You are not able to reject these essential cookies. For example, a cookie from Okta may be loaded into your browser to ensure that you are logged in correctly, and a cookie from Intercom may provide you with a support chat.
  • Marketing cookies are used to track and collect information about your browsing habits and interactions with our Websites. These cookies help us deliver targeted promotional content that is relevant to your interests. For example, cookies from HubSpot may be loaded into your browser to track your interest in our products.
  • Personalization cookies allow us to customize your experience on our Websites based on your preferences and past interactions. They remember your settings, such as language preferences, and provide personalized recommendations or content suggestions.
  • Analytics cookies help us gather information about how you use our Websites, and include the number of visitors, pages visited, and sources of traffic. This data is anonymous and helps us analyze and improve the performance and usability of our Websites. For example, we may use Google Analytics and DataDog to check page views and statistical data on use of our Websites.

We may use marketing cookies, personalization cookies, and analytics cookies only with your informed consent. You may opt-out from marketing and personalization cookies by denying the storage of cookies (except for essential cookies) and/or providing us with your preferences by clicking the buttons on the banners and popup on our website www.notabene.id and on the login page of our application app.notabene.id/.

We also offer you a cookie management tool to select your cookie preferences and control the use of cookies when you visit our Websites. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. This tool allows you to customize your cookie settings based on your preferences. By accessing the cookie settings or following the instructions provided in the cookie banner or pop-up, you can make choices regarding the types of cookies you accept or reject. However, if you do not accept cookies, you may not be able to use some portions of our Services.

‍Do We Store or Transfer Your Personal Data?

We store the personal data you provide to us on secure servers in the United States and the European Union, which are protected by industry-standard security measures. Your personal data may also be stored on secure third-party servers or cloud-based systems which adhere to our data security standards.

We may transfer your personal data outside your jurisdiction. Whenever we do so, we take all reasonable measures to ensure that appropriate safeguards are in place to protect your information. We will also implement adequate technical and organizational security measures.

‍How Do We Secure and Protect Your Personal Data?

The security of your personal data is our highest priority. We maintain and enforce various policies, standards and processes, available in our Trust Center at trust.notabene.id/, which are designed to secure personal data and other data to which our personnel are provided access. We regularly review and update these policies and processes to ensure we are up-to-date with the latest security standards.

We also implement appropriate physical, technical, and organizational measures, available in our Trust Center at trust.notabene.id/, to ensure a level of security adequate for the risk and to protect your personal data from unauthorized access, theft, loss, or misuse.These measures take into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the likelihood and severity of risk to your rights and freedoms. For example, we store your personal data in secure servers with limited access, and we encrypt personal data during transmission.

While we follow industry-accepted security procedures, no transmission or data storage method over the internet is 100% secure. Therefore, we cannot guarantee the absolute security of your personal data, but we will make every effort to protect your personal data to the best of our abilities. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.

Do We Share Your Personal Data with Third Parties?

We do not sell your personal data to third parties.  

We may share your personal data with third parties at your direction or with your consent or permission. There are additional instances where we may disclose or share your personal data with third parties under carefully selected circumstances, including, but not limited to, the following recipients:

  • Our affiliates in the normal course of business
  • Courts, law enforcement, or public authorities if required by law or in response to valid requests or processes or to exercise or defend our legal rights
  • Auditors as required by regulators or our customers pursuant to applicable law and/or governing contracts
  • Acquirers, investors, partners, or purchasers if we or our affiliates are involved in a business transaction, such as a financing, joint venture, merger, acquisition, asset sale, or other corporate transaction
  • Professional advisors, including lawyers, accountants, and consultants
  • Banks, as well as payment processors who process invoices and payments on our behalf
  • Marketing partners or consultants to enable us to communicate with you about our products and services and market them to you
  • Our partners that refer potential customers to us and to whom we refer potential customers
  • Our service providers

Our service providers, along with their purpose, processing jurisdictions, and safeguards are available upon request.

For How Long Do We Retain Your Personal Data?

We adhere to the principle of minimizing our retention of your personal data, and we keep different categories of personal data only as long as necessary to fulfill the purpose for which they are collected. For example, service logs are retained for 12 months and access logs can be retained for up to 24 months. If you want to learn more, please review our data deletion policy. For further information, please reach out to our Data Protection Officer (“DPO”) at [email protected] (or using the additional contact details at the end of this policy) or to [email protected].

We may retain and use personal data for longer if necessary in order to comply with our legal obligations (such as defending or asserting a legal claim) or to maintain financial or operational records, resolve disputes, or enforce our agreements.

What Are Your Data Protection Rights Under GDPR?

We comply with the General Data Protection Regulation (“GDPR”) when collecting, using, sharing, and handling your personal data. As mentioned above, for the purposes of this policy, we are a “data controller” under the GDPR in relation to the personal data that you provide to us, and we are legally responsible for how this personal data is handled. (Please note that, with respect to personal data provided to us by our customers, we are a “data processor,” which comes with different responsibilities.)  

Under certain circumstances, you have the right to do the following with respect to your personal data that we use and collect as a “controller:”

What Are Your Data Protection Rights under CCPA?

We comply with the California Consumer Privacy Act (“CCPA”) in relation to the personal data of California residents. If you are a California resident, you have the right to learn what personal data we collect about you, ask us to delete your personal data, and ask us not to share it. We do not sell your personal data.

In addition, upon your legitimate request, we will provide you with the following information as it pertains to personal data we have collected about you or disclosed in the past twelve months:

  • Categories and specific pieces of personal data that we have collected about you
  • Categories of sources from which we collect your personal data
  • The business or commercial purpose for collecting your personal data
  • Categories of personal data that we have disclosed for a business purpose
  • Categories of third parties, including companies, with which we share your personal data
  • Confirmation that we do not sell your personal data

You are entitled to ask us for this information no more than twice in a rolling twelve-month period. The information we provide to you may be limited to the personal data we collected about you in the previous twelve months.

If you are a California resident and wish to exercise these rights, please contact our DPO at [email protected] (or using the additional contact details at the end of this policy). Please explain the right that you wish to exercise and what appropriate steps you seek for us to take to facilitate your request. If you need further support, you may also email us at [email protected] and [email protected]. Please note that your personal data may be processed in order for us to respond to your request.

What Should You Know About Links to Other Sites?

Our Services may contain links to other websites, services, and applications that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit and every service or application that you use. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party sites, services, or applications. If possible, we will endeavour to make you aware of third-party cookies that are being placed.

How Do We Protect Children's Privacy?

Our Services are not intended for use by children under the age of 18, and we do not knowingly collect personal data from children under 18. If you become aware that a child under the age of 18 has provided us with personal data, please contact our DPO at [email protected](or using the additional contact details at the end of this policy) and/or by emailing [email protected] and [email protected]. If we become aware that we have collected personal data from children under 18 without verification of parental consent, we will promptly take steps to remove that personal data from our servers.

When and How May We Change This Policy?

We may update this privacy policy from time to time. Any changes will become effective when we post the revised privacy policy on our website. Your use of the Services following these changes means that you accept the revised privacy policy.

How Do You Contact Us?

Please contact us by sending emails to [email protected], [email protected], and [email protected] if you have inquiries about this policy, if you believe your personal data has been improperly provided to us, or if you want to exercise your rights related to your personal data.

As mentioned above, we have designated a Data Protection Officer and have also appointed EU and UK Representatives under Article 27 of the GDPR and UK Data Privacy Act, respectively. Please find their contact details below.

Our Data Protection Officer:
dam Brogden
GDPRLocal Ltd
[email protected]
+441772 217772

Our EU Representative:
Adam Brogden
Instant EU GDPR Representative Ltd
[email protected]
+353 15 549 700
Office 2, 12A Lower Main Street, Lucan Co.
Dublin, Ireland
K78 X5P8

Our UK Representative:
GDPR Local Ltd.
Adam Brogden
[email protected]

+44 1772 217800
1st Floor Front Suite
27-29 North Street
Brighton, England
BN1 1EB

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept