[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid” flex_column_spacing=”0px” type=”legacy”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” first=”true”][fusion_text]
LAST UPDATED: FEBRUARY 2020
At TeachKloud we are committed to protecting and respecting your privacy. This Privacy Policy will let you know how we look after your Personal Data with regard to your use of this website and in the context of receiving marketing communications from us. It also informs you as to our obligations and your rights under data protection law.
This Privacy Policy applies to Owner Accounts, Educators and Parents (all such terms being defined hereinafter) using this website.
If you are aged 16 or under you should not use this Platform nor should you provide any personal information to us via the website
DEFINITIONS
In this Privacy Policy the following words have the following meanings:
“Biometric Data“ means any Personal Data relating to the physical, physiological, or behavioural characteristics of an individual which allows their unique identification;
“Child Data” means Personal Data of a Child which is provided by way of the relationship between the Owner Account and a Parent, including educational notes and assessments and other Personal Data specifically relating to the Child;
“Data Controller” means the person who or organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, who/which makes independent decisions in relation to the Personal Data and/or who/which otherwise controls that Personal Data;
“Data Processor” means the person who processes Personal Data on behalf of the Data Controller;
“Data Subject” means a natural person whose Personal Data is processed by a Data Controller or Data Processor;
“GDPR” means the EU General Data Protection Regulation (EU Regulation 679/2016);
“Genetic Data” means data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual;
“Owner Account” means a school or educational institution engaging with the TeachKloud Platform pursuant to the EULA;
“Parent” means any parent utilising TeachKloud via the Parent Portal;
“Service” means all or any of the services provided through the website TeachKloud (www.TeachKloud.com) (and “Services” shall be construed accordingly);
“Sub-Processor” means any person or entity appointed by or on behalf of the Data Processor to process Personal Data on behalf of the Data Controller;
“We”, “Our” or “TeachKloud” means the company Serenity Compliance Limited T/A TeachKloud.
The headings below detail an overview of how we collect and process your Personal Data in connection with your use of the TeachKloud website and for marketing purposes:
- Who is responsible for your Personal Data?
- What Personal Data do we collect?
- How do we collect your Personal Data?
- For what purposes do we process your Personal Data and what is our legal basis?
- Do we share your Personal Data with anyone else?
- Keeping your Personal Data secure
- For how long do we keep your Personal Data?
- Your data protection rights
- Cookies we use and their purpose
- Contact us
- Updates to this Privacy Policy
Overview of how we collect and process your Personal Data :
1. Who is responsible for your Personal Data?
TeachKloud acts as the Data Processor:
- Owner Accounts: For the purposes of GDPR, Owner Accounts provide Personal Data relating to their own accounts, other administrators of the account, Educator Accounts, Parent Account and Child Data, TeachKloud is the Data Processor with regard to such Personal Data.
- Parent Accounts: TeachKloud will be the Data Processor in relation to Parents who create an account and interact with the Platform through the Parent Portal on our Platform.
- Educator Accounts: TeachKloud will be the Data Processor in relation to Educators whose data is input by the Owner Account in relation to their staff members who create interact with the Platform through the Parent Portal on our Platform.
- Child Data: Responsibility for input of the Child Data rests with the Owner Account. Consent for the collection of such information rests with the Owner Account and is to be dealt with by way of any onboarding consent process undertaken by the Owner Account. TeachKloud will be the Data Processor in relation to Child Data.
- If you have any questions about this policy or about our data protection compliance please contact us: hello@dev.teachkloud.com.
The Owner Account acts as the Data Controller and TeachKloud as the Data Processor.
Personal Data is supplied to us from the Owner Account which relates to an Educator, a Parent or a Child and which may be collected, stored and processed as a result of use of the TeachKloud website; they will be the Data Controller. TeachKloud will be a Data Processor only.
The Owner Account is collecting, storing and processing Child Data as well as the other data pertaining to Educators and Parents, the Owner Account will determine the purposes for which and the manner in which that Personal Data is, or is to be processed.
The Owner Account will also be responsible for:
- informing its staff and Parents of its privacy policy and practices, including, the lawful grounds upon which the Owner Account is processing any Personal Data;
- compliance with data protection laws;
- drawing the Parents attention to this Privacy Policy as well as implementing all the necessary protocols required for their industry; and
- informing us if any Parent objects to either the Owner Account or our own processing of the relevant data or the Child Data.
- Handling any and all requests in respect of data portability, data transfer and data access requests.
As a Data Controller, the Owner Account will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Parent and Child Data to us for the duration and purposes of the use of the TeachKloud Platform.
As a Data Processor, we will:
- Process that Personal Data only on the written instructions of the Owner Account unless we are required by the laws of any member of the European Union or by the laws of the European Union applicable to us to process Personal Data (“Applicable Laws”);
- Ensure that we have in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, as are appropriate;
- Ensure that our staff who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
- Ensure that where a Sub-Processor is used, we shall:
- Only engage a Sub-Processor with the prior consent of the Owner Account;
- Inform the Owner Account of any intended changes concerning the addition or replacement of Sub-Processors;
- Implement a written contract containing the same data protection obligations as set out in the agreement we entered into with the Owner Account, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Applicable Laws;
- Understand that where any Sub-Processor is used on their behalf, that any failure on the part of the Sub-Processor to comply with the Applicable Laws or the relevant data processing agreement, we, as the initial Data Processor, remain fully liable to the Owner Account for the performance of the Sub-Processor’s obligations;
- Not transfer any Personal Data outside of the European Economic Area unless one of the safeguards described in section 6 below is in place;
- Assist the Owner Account, at their cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the data protection laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- Notify the Owner Account without undue delay on becoming aware of a Personal Data breach;
- Within 20 weeks of the date of termination or cancellation of an Owner Account delete the Personal Data and copies thereof unless required by Applicable Laws to store the Personal Data; and
- Maintain complete and accurate records and information to demonstrate our compliance with these obligations.
We are not liable in respect of any Personal Data and in particular Child Data which is controlled by the Owner Account in breach of data protection laws or outside the scope of the permissions granted to the Owner Account by the Parent on behalf of the Child.
2. What Personal Data do we collect?
For Parents and Educators:
We may collect, use, store and transfer different kinds of Personal Data about which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth.
- Contact Data includes billing address, delivery address, email address and telephone numbers, next of kin address, phone, email, medical care giver.
- Financial Data includes payment card details processed through Stripe (where applicable).
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
We may process some special categories of Personal Data about you via third parties (for example, where an Owner Account gathers details about health and Biometric Data in order to comply with medicolegal documentation obligations) where the third parties act as Data Controllers. Where this happens, it is the duty of the Data Controller to inform you and a higher standard of protective measures will apply.
For Owner Accounts / Business
We may collect, use, store and transfer different kinds of Personal Data about you and your Parents, the Children utilising your services and the Educators working within your organisation, which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, qualifications, accreditations, insurance details, date of birth.
- Contact Data includes website, social media pages, billing address, delivery address, email address and telephone numbers.
- Business Data includes company bio, website, social media pages, address, pricing, opening hours, images that you upload.
- Financial Data includes bank account and payment card details processed through Stripe.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
3. How do we collect Personal Data?
“Personal information” is any information that can be used to identify an individual or device, and may include things such as your name, physical address, email address, phone number, login information, marketing preferences, company affiliation, geographic location, or payment card information. TeachKloud may collect personal information that is necessary for legitimate business purposes, which will be disclosed to you at the time of collection. TeachKloud will use this information for the purposes for which it was collected. TeachKloud may also collect personal information from trusted third-party sources and engage third parties to collect personal information to assist us.
One of the most common methods of collecting personal information is during the online form submission or registration process, including where a website user is requesting a free trial or a courtesy newsletter, registering for an event, or responding to similar offers such as sample reports, white papers, or further product information.
In some instances, TeachKloud and the third parties we engage may automatically collect and aggregate data using cookies, weblogs, web beacons, and other similar applications. This information is used to better understand and improve the usability, performance, and effectiveness of our Platform and to help us tailor content or offers for you. Please read Section 10 (Cookies) below for more information.
4. For what purposes do we process Personal Data and what is our legal basis?
TeachKloud may use your personal information for operational, legal, administrative, and other legitimate purposes permitted by applicable law. Some of the ways we may use personal information include:
- Providing you with requested products or services.
- Providing you with information regarding similar products or events.
- Analysing and monitoring extent of use.
- Providing customised product and service information.
- Allowing users to participate voluntarily in mailings or other events.
- Providing product service updates, information, and alerts.
- Sending communications, including for marketing or other customer satisfaction purposes.
- Order processing and to provide transaction documents.
- Analysing and monitoring extent of use and enhancing TeachKloud’s Platform.
When we process personal information for our and third parties’ legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you.
We have considered whether there are other less intrusive means to reach the purposes identified above while still serving the legitimate interests identified.
Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to you on how your personal data will be used how you can exercise your rights to obtain a copy of your personal data, it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not override your interests, fundamental rights and freedoms.
We use cookies to facilitate the use of our website.
5. Data Portability
In the event of a termination of the relationship between the Company and the Educational Institution or School, Parent accounts shall be notified after an appropriate period of time that access to the parent portal and the data contained therein relating to a child and controlled by a particular School or Educational Institution may be deleted. It will be the responsibility of the Educational Institution or School to comply with the requirements of GDPR in accordance with their own protocols and procedures. Reports such as learning stories, daily records and documentation in the parent library may be downloaded by the parent, but all other information and data shall be made available from the School or Educational Institution. Requests will be forwarded to the school or educational institution by the Company.
6. Do we share your Personal Data with anyone else?
We may share your Personal Data with the following parties in connection with our processing of your Personal Data:
Amazon Web Services | Website and Mobile Application Hosting |
Stripe | Provides our payments services. |
SendGrid | Email relaying service provider |
We require all third parties to enter into a data processing agreements with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your Personal Data on our instructions and in accordance with data protection law. In rare circumstances, we may be obliged to disclose Personal Data if disclosure is required to comply with the law.
7. Keeping your Personal Data secure
We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. We limit access to your Personal Data to those employees, agents and other third parties who are required to have access to your Personal Data and where they have agreed that they are subject to a duty of confidentiality.
We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the Data Subject, where legally required to do so.
We do not transfer your Personal Data out of the European Economic Area, save as detailed herein.
8. For how long do we keep your Personal Data?
Your Personal Data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.
9. Your data protection rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “Data Subject Access Request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Where you as a Parent require information about the health and/or Genetic/Biometric Data relating to your Child from your Account Owner (acting as “Data Controller”, whereby TeachKloud is acting as “Data Processor”) it is the responsibility of the Account Owner to address that Data Subject Access Request, not TeachKloud.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent: where we rely on consent as a legal basis, you may withdraw consent at any time by contacting us. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
In the event that you wish to make a complaint about how your Personal Data is being processed by TeachKloud, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:
Contact:
Data Protection Commissioner
Telephone: +353 57 8684800/+353 761 104 800
Email: info@dataprotection.ie
Post: Office of the Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23 Co. Laois
10. Cookies we use and their purpose
We use four types of Cookies – ‘Strictly Necessary’, ‘Performance’, ‘Functional’ and ‘Targeted Advertising’. A detailed explanation of the types of Cookie and the purposes for which we use them is found within the Cookie Policy. However, if you are just looking for a summary, we use strictly necessary cookies to make our site work. We also like to set optional performance, functional and advertising cookies to help us improve the site and give you a bespoke experience so it works better for you.
11. Contact Us
You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below:
Email: hello@dev.teachkloud.com
12. Updates to this Privacy Policy
Our Privacy Policy may change from time to time, and any changes to this Privacy Policy will be posted on the website and will be effective when posted. As your use of the TeachKloud website is subject to your acceptance of this Privacy Policy, and any amendments thereto, please check back regularly.
[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]