Privacy Policy 

GEC, LLC d/b/a ImpactLearn 
Effective as of [Insert Date] 

GEC, LLC, doing business as ImpactLearn (“ImpactLearn,” “we,” “us,” or “our”), provides global professional training, certification, and learning services in the field of sustainable and impact investing. As the official learning partner of the CFA Society UK for the Impact Investing Certificate and in partnership with Xu Group, we deliver online learning experiences and offer pre-registration tokens for professional exams. 

This Privacy Policy describes our practices regarding the collection, use, and sharing of personal information when you interact with our websites (including impactlearn.com), platforms, courses, or related services (together, the “Services”). 

ImpactLearn operates globally, including in the European Union, and complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws worldwide. 

What is this policy? 

This Privacy Policy explains how we collect, use, and share information, as well as the rights you may have depending on your jurisdiction. By using our Services, you agree to the practices described herein. 

If you are located in the U.S., additional rights may apply to you under state privacy laws (see “Additional U.S. State Privacy Rights” below). 

If you are located in the EU, UK, or EEA, please see the “GDPR and International Transfers” section below. 

Information We Collect 

We collect information in the following ways: 

1. Information You Provide to Us

• Registration data: name, email, phone, institution, role/title, billing details. 

• Course participation data: assignments, assessments, discussion posts, certifications earned. 

• CFA pre-registration token purchase data: name, email, exam registration details shared with CFA Society UK to enable token redemption. 

• Payment data: processed by third-party payment processors (e.g., Stripe). We do not permanently store credit card numbers. 

• Communications data: when you contact us via forms, email, or surveys. 

2. Information We Collect Automatically

• Usage data (pages viewed, time spent, clicks, referring links). 

• Device and browser identifiers (IP address, operating system, language, location, etc.). 

• Cookies and similar technologies for functionality, analytics, and personalization. 

3. Information From Third Parties

• From our learning partner Xu Group (hosting platform and learning experience provider). 

• From CFA Society UK (exam token redemption, exam eligibility, certification status). 

• From analytics and service providers such as Google Analytics. 

• From institutions or employers that purchase group licenses or tokens. 

How We Use Your Information 

We use your information for the following purposes: 

• Provide Services: enable access to courses, exams, certifications, and learning experiences. 

• Process Payments: manage transactions securely via third-party processors. 

• Support Learning Partners: share necessary information with Xu Group to deliver course functionality and with CFA Society UK to fulfill exam registration and certification. 

• Improve Services: analyze usage, develop new features, and enhance user experience. 

• Communicate: send updates, course notifications, marketing (if opted in), and support responses. 

• Compliance & Security: detect fraud, enforce Terms of Use, protect our rights, and comply with legal obligations. 

• Aggregate & De-Identify Data: create statistical insights to inform product development. 

Information Sharing 

ImpactLearn does not sell, rent, or trade your personal information to third parties for their independent marketing purposes. Any sharing of your information is done solely as described in this Privacy Policy. We share information only as necessary: 

• With Xu Group (for course delivery and platform access). 

• With CFA Society UK (for exam token pre-registration and certification records). 

• With service providers (payment processors, hosting providers, analytics, email services). 

• For legal purposes (in response to valid legal requests, to enforce rights, or protect safety). 

• In corporate transactions (if ImpactLearn is acquired, merged, or restructured). 

Cookies and Tracking 

We use cookies and similar tracking technologies for the following purposes: 

• Essential site functionality. 

• Remembering user preferences. 

• Analytics and performance monitoring. 

• Limited marketing communications (opt-out available). 

You can control cookies through your browser settings. While you may disable cookies, doing so may limit certain functionalities of our Services. For essential cookies that are strictly necessary for the Services to function, you cannot opt out. For all other cookies, you have the right to withdraw consent at any time. 

GDPR and International Transfers 

If you are in the EU, UK, or EEA: 

• ImpactLearn is a “controller” of your personal data. 

• Legal bases for processing include contract performance (delivering Services), consent, legal obligations, and legitimate interests (improving Services). 

• You have the right to access, rectify, erase, restrict processing, object to processing, and request data portability. 

• We may transfer your information to the United States or other countries where our partners or service providers operate. When we do so, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and implement supplementary measures as required by applicable data protection laws. You can obtain a copy of these safeguards by contacting privacy@impactlearn.com. 

To exercise GDPR rights, email: privacy@impactlearn.com. 

Children’s Privacy 

Our Services are designed for adults and professionals. We do not knowingly collect personal data from children under 16 without parental or institutional consent. If we learn we have inadvertently collected such data, we will delete it promptly. 

Data Retention 

We retain personal data as long as necessary to provide Services, comply with legal obligations, and resolve disputes. Certification and exam-related records may be retained as required by CFA Society UK or regulators. 

Security 

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, regular security assessments, and employee training. While we strive to protect your information, no system is completely secure. In case of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities where and as required by applicable law. 

Additional U.S. State Privacy Rights 

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with privacy laws may have additional rights, including: 

• Right to know what personal information we process. 

• Right to access, correct, delete, or obtain a copy of your data. 

• Right to opt out of targeted advertising or sale of personal information. 

• Right to non-discrimination for exercising these rights. 

Requests can be submitted to: privacy@impactlearn.com. 

Updates to This Policy 

We may update this Privacy Policy. If changes are material, we will notify you by posting a notice on our site or emailing you. The effective date above will always reflect the most recent update. 

Contact Us 

If you have questions or wish to exercise your privacy rights, please contact us: 

GEC, LLC (DBA ImpactLearn) 
1200 N. Ashland Avenue, Suite 500 
Chicago, IL 60622 
Email: privacy@impactlearn.com