GDPR, COPPA and FERPA
Augmented Classroom is a product of CleverBooks Ltd.
RESIDENT OF EUROPEAN UNION From the 25th of May 2018, the processing of Personal Information of users based in the European Union (“EU”) is subject to the EU General Data Protection Regulation (“GDPR”). This section provides information as relates to EU users’ rights, and CleverBooks’ responsibilities, under this regulation.
CleverBooks is headquaertered in Dublin, Ireland and has operations and service provided throughout the world. CleverBooks Ltd takes the protection and security of personal data extremely seriously and has standardised policies and procedures to manage and protect the data that we process on behalf of our clients. We have significant experience in the education sector, working with hundreds of primary schools in Europe and globally. With the General Data Protection Regulation (GDPR) coming into effect in May 2018, we carried out technical and organisational measures to ensure that we comply with GDPR, and updated our policies and procedures accordingly.
We have implemented a plan to achieve GDPR compliance:
- All our staff have undergone GDPR awareness training sessions
- DPO has been appointed to address GDPR queries
- Conducted an audit of all personal data we hold or process, including where it comes from
- Requested from all users data storing and processing consent
- We have reviewed the legal basis for all personal data processing to ensure we are compliant and to ensure that, if required, we have the appropriate consent in place. Added GDPR consent confirmation request from all new subscribers (eg., Mailchimp email subscription)
- We have reviewed and updated our policies and procedures to ensure that we comply with all the rights of individuals under GDPR including processes for secure data deletion, handling Subject Access Requests etc.
- We have data protection by design throughout our processes and we will continue with this policy
- We have updated our Privacy policyto make it clearer and more understandable
COPPA and FERPA compliance:
Because some of our users may be interested in it, we have included some information below related to the Children’s Online Privacy and Protection Act (“COPPA”) and he U.S. Family Educational and Privacy Act (FERPA).
Data collected by CleverBooks may include personally identifiable information from education records that are subject to FERPA (“FERPA Records”). In order to allow CleverBooks to provide the user with the Services, you hereby designate CleverBooks as a “school official” under the direct control of the school with regard to the use and maintenance of the FERPA Records and will comply with FERPA.
COPPA requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under 13. Therefore, CleverBooks only collects personal information through the Services from a student under 13 where their school, district, and/or teacher has agreed in order to obtain parental consent to use the Services and disclose personal information to us for the use and benefit of the learning environment. Such consent shall not be deemed as consent pursuant to Art. 6 (1) a) GDPR.
If you believe that a student under 13 may have provided us personal information in violation of this paragraph, please contact us at support@cleverbooks.eu
Personal Information
CleverBooks relies on consent in connection with Personal Information collections or uses (if required to use CleverBooks services and/or receive information and/or communication from CleverBooks via email subscription) that are necessary to enhance the user experience, to enable optional services or features, or to communicate with you.
- Withdrawal of consent – CleverBooks believes that we are only entitled to access or use your Personal Information if we have your consent to do so. Whenever we rely on your consent, you will always be able to withdraw that consent.
- Deletion – If the user requests that his/ her personal information kept with CleverBooks be erased/deleted, the same will be obliged through us. User data will be deleted without any backup thus user when requesting data deletion needs to be aware of this consequence.
- Access to personal information – CleverBooks does not share any personal information with third parties. CleverBooks educational platform collects and stores personal data from registered clients to enable work storage on the website for further user(s) reference.
Type of personal data
To provide the core service, CleverBooks processes the following personal data:
Pupils: No individual data is being processed on students, neither an individual is being recognized and/or identified when using CleverBooks solutions. When using mobile apps from CleverBooks, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477). In the case of use of CleverBooks educational platform the principle device=user is implemented. CleverBooks does not identify how many students are using the same mobile device at a time
Teacher/school staff: Name, email, registration group/classes only via CleverBooks education platform. When using CleverBooks apps, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).
Parent/guardian: Name, email, registration group/classes only via CleverBooks education platform. When using CleverBooks apps, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).
Who can access personal data?
Where it is necessary to access client data, for example to investigate a support case, only approved CleverBooks Ltd support and technical staff can access it.
CleverBooksLtd staff are vetted and are subject to contractual data access policies and confidentiality clauses.
How are errors in data corrected?
User data is obtained from the user who makes registration to use the software from CleverBooks, i.e. registers as account administrator. Account administrators can correct user data generated within CleverBooks platform.
Support and assistance is available from our support team support@cleverbooks.eu
How do I make a Subject Access Request or implement the Right to be Forgotten?
Where Subject Access Requests and/or Right to be Forgotten are applicable to client data in an CleverBooks Ltd product we provide, or will provide, means for authorised client users to carry out activities directly. Support and assistance is available from our support team support@cleverbooks.eu
How does CleverBooksLtd protect personal data and where is it processed?
Our platform and client data are stored on approved and compliant cloud infrastructure. Our servers are hosted in Europe to ensure client data is retained within the European Economic Area (EEA). We use multiple protective layers within the platform to protect our services, including encryption and firewalling. We routinely carry out vulnerability and penetration testing on our platforms and promptly address any issues identified.
All transfers of client data use TLS 1.2 whilst being transmitted over public and private networks. All data at rest is encrypted with AES256 block-based encryption.
Rights of the person concerned:
Pursuant to Section III of the GDPR, the person concerned shall be entitled to exercise their right to:
- access personal data (you will therefore have the right to have free information about the personal data held by the Data Controller, as well as to obtain a copy thereof in an accessible format);
- amend incorrect, inaccurate or old data (upon your request, where the data do not express evaluation elements);
- withdraw consent (if you had consented to the processing, you may withdraw your consent at any time and upon such revocation of consent your data shall no longer be processed);
- cancel their personal data – right to be forgotten (for example, in case of withdrawal of consent, if there is no other legal basis for data processing);
- restrict data processing (in certain cases – dispute the accuracy of the data, within the timeframe necessary for verification; dispute the lawfulness of the processing with refusal to the cancellation; your need to use the data to exercise your defense rights, while they are no longer useful for the purposes of the processing; in the event that the processing has been denied, while the necessary checks are being carried out – the data will be stored in such a manner that they may be restored if need be, but, in the meantime, cannot be consulted by the Controller if not in relation to the validity of your request for restriction);
- deny consent to the processing due to legitimate reasons (under certain circumstances, you may in any case object to the processing of data, and in any case you may refuse processing for direct marketing purposes);
- data portability (upon your request, the data shall be transmitted to the subject indicated by you in such a format that they can be easily consulted and used);
- advance a dispute to the Supervisory Authority (Privacy Authority).
Exercise of users’ data protection rights: You may contact us via email at dpo@cleverbooks.eu, in order to assert your rights, namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. You may also object at any time to the possible profiling of your personal data.
How can I contact CleverBooks’ DPO?
If your school would like further information on GDPR compliance in CleverBooks Ltd products then please contact our support team at dpo@cleverbooks.eu