Foxize LMS Privacy Policy

1. Introduction

This Privacy Policy governs the processing of personal data carried out by FOXIZE SCHOOL S.L. (“FOXIZE”) in connection with the use of the LMS service in SaaS Cloud mode, contracted by corporate (B2B) clients for the training of their employees, learners or collaborators.

FOXIZE complies with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and all other applicable regulations.

2. Data Controller

Identity: FOXIZE SCHOOL S.L.

Tax ID: B-65798472

Address: C/ Diputació 305, 3º 2ª, 08009 Barcelona, Spain

General contact email: info@foxize.com

Rights-request email: bajas@foxize.com

In B2B environments, FOXIZE usually acts as Data Processor, while the corporate client acts as Data Controller, except in cases where FOXIZE is the controller of its own data (admin accounts, support, communications).

3. Nature of the Service and Data Processed

FOXIZE provides an LMS where the client (company or organization) uploads and manages data of its own users. FOXIZE only accesses the data to deliver the service.

A. Data processed on behalf of the client (B2B)

– Identification data: name, surname(s), corporate email

– Academic data: progress, grades, completed activities, interaction with content

– Usage data: access dates, time spent, activity logs

– Professional data provided by the client (position, department, etc., if applicable)

B. Data processed as controller (FOXIZE’s own data)

– Contact data of the client’s administrators

– Billing data

C. Technical data

– IP address

– Browser / device information

– Cookies (see Cookie Policy)

No special categories of data (Art. 9 GDPR) are processed.

4. Purposes of Processing

A. Provision of the SaaS Service (Processor)

– Hosting and platform maintenance

– User and course management and monitoring

– Generation of academic reports

– Access and security logs

B. FOXIZE’s own purposes (Controller)

– Management of the commercial relationship with the client (B2B)

– Necessary operational communications

– Technical support

– Billing and legal compliance

FOXIZE does not use the client’s end-user data for its own purposes, for commercial use or for profiling.

5. Legal Basis

A. In B2B environments (client as controller)

FOXIZE acts under a Data Processing Agreement (Art. 28 GDPR).

B. FOXIZE’s own data

– Performance of the contract with the client

– Legitimate interest (service improvement and security)

– Legal obligation (billing)

6. Sub-processors

FOXIZE uses a single sub-processor:

Amazon Web Services (AWS)

– Cloud infrastructure provider

– Data centres located in the European Union (EU-West region)

– Services certified under ISO 27001, ISO 27017, and ISO 27018

Processing takes place within the European Economic Area. No international transfers occur unless expressly requested by the client. FOXIZE has a Processor/Sub-processor agreement with AWS pursuant to Art. 28 GDPR.

7. Data Retention

– Data managed by the client: retained for the duration of the contractual relationship and deleted or returned within up to 6 months once the service termination is confirmed.

8. User Rights

End users must exercise their rights with the Data Controller (the B2B client). FOXIZE will assist the client in fulfilling its obligations.

Client administrators and FOXIZE customers may exercise their rights by writing to bajas@foxize.com.

Complaints may be submitted to the Spanish Data Protection Authority (www.aepd.es).

9. Cookies

The service uses necessary technical cookies and optional analytics cookies. These can be configured through the cookie settings panel.

10. Security

FOXIZE applies appropriate technical and organizational measures, including:

– Encryption in transit and at rest

– Secure authentication

– Periodic audits

– Back-ups

– Monitoring

– Hosting on AWS with security certifications

11. Modifications

FOXIZE may update this Policy. Any substantial changes will be communicated to the B2B client.

12. Artificial Intelligence Technologies

The website may use artificial intelligence (AI) technologies to provide certain functionalities, such as automated responses or personalized content.

These systems do not collect or process users’ personal data. All generated information is based on anonymous or predefined data, and no identifiable information is stored.

13. Limitation of Liability for AI-Generated Content

AI-generated responses or content are purely informational and must not be considered professional advice.

Although accuracy is pursued, the website owner does not guarantee the precision, completeness, or timeliness of such information and is not liable for decisions made by users based on it.