Last Updated: May 17, 2018
Particularly Important Information
Who we are: For the purpose of applicable data protection legislation, the data controller of your personal data is OPEN ASSESSMENT TECHNOLOGIES S.A., located at 40 Parc d’Activités de Capellen, L-8308 Capellen, LUXEMBOURG. All data privacy correspondence should be sent to this address, “c/o Data Protection Officer”.
Must Read Sections: We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”
- Purposes of Processing
What is personal data?
We collect information about you in a range of forms, including personal data. As used in this Policy, “personal data” is as defined in the EU General Data Protection Regulation (GDPR, https://www.eugdpr.org) and any successor legislation. This includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
Why do we need your personal data?
We will only process your personal data in accordance with applicable data protection and privacy laws. We may collect personal data from you to allow us to provide the Services such as to answer to any question asked through the contact form on our website. You may also provide us with your personal data when you sign up to receive news and announcements, when you fill in the contact form or make download material through our website.
We may use your personal data as follows:
- to operate, maintain, and improve our websites, products, and services;
- to manage your account, including to communicate with you regarding your account, if you have an account on our Services;
- to operate and administer our rewards program and other promotions you participate in on our Services;
- to respond to your comments and questions and to provide customer service;
- to send information including technical notices, updates, security alerts, and support and administrative messages;
- with your consent, to send you marketing e-mails about educational content, upcoming events, promotions and other news, including information about products and services offered by us and our affiliates. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you;
- to link or combine user information with other personal data;
- as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and
- as described in the “Sharing of your Personal Data” section below.
- Collecting Your Personal Data
We collect information about you in the following ways:
Information You Give Us. This includes:
- the personal data you provide when you register to use our Services or contact us, including your name, postal address, email address, telephone number, username, password and demographic information (such as your title);
- the personal data that may be contained in any video, comment or other submission you upload or post to the Services;
- the personal data you provide in connection with our rewards program or other promotions we run on the Services;
- the personal data you provide when you report a problem with our Services or when we provide you with customer support;
- the personal data you provide when you make a purchase through our Services;
- the personal data you provide when you correspond with us by phone, email or otherwise;
- any personal data you put on the TAO platform such as, but not limited to education related personal data: test results, grades, accommodations.
Information from Social Networking Sites. Our Services include(s) interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Services, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS
Information We Get from Others. We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners that distributes our content, we may add this to information we get from our Services. This may include but not limited to the personal data you provide when you register with our partners, such as your name, postal address, email address, telephone number, username, password and demographic information (such as your title).
Information Automatically Collected. We automatically log information about you and your computer or mobile device when you access our Services. For example, when visiting our Services, we log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Services, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Services. We collect this information about you using cookies. Please refer to the sections on cookies, Flash Technology and Pixel Tags below.
Automated Decision Making and Profiling. We may use automated decision making and/or profiling in regard to your personal data for some services and products, for example evaluate your propensity and readiness to purchase our Services based on demographic data and activity history. You can request a manual review of the accuracy of an automated decision that you are unhappy with or limit or object to such automated decision making and/or profiling by contacting us at email@example.com.
What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Services use the following types of cookies for the purposes set out below:
|Type of cookie||Purpose|
|Essential Cookies||These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.|
|Functionality Cookies||These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.|
|Analytics and Performance Cookies||These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We use Google Analytics and CrazyEgg for this purpose, who both use their own cookies. These cookies are only used to improve how our Services work. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies, and CrazyEgg cookies here: https://www.crazyegg.com/cookies.
You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en
|Social Media Cookies||These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.|
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Services.
- Pixel Tags
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Site and/or Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of our Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
- Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track”, please visit http://www.allaboutdnt.com.
- Sharing Your Personal Data
We may share your personal data as follows:
- Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.
- Our Third-Party Service Providers. We may share your personal data with our third-party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.
- Affiliates. We may share some or all of your personal data with our affiliates and, notably, with Open Assessment Technologies Corp in the USA, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.
- Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
- International Data Transfer
Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.
You are informed that data transfers to such third parties will, depending on the nature of the transfer, either:
- be covered by appropriate safeguards such as standard contractual clauses approved by the European Commission, in which case you may obtain a copy of such safeguards by contacting the Company; or
- be authorised under applicable data protection law, as the case may be, as such transfer is consented to by you or is necessary for the performance or execution of a contract concluded in your interest or for the establishment, exercise or defence of legal claims or for the performance of a contract between you and the Company.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
- Anonymous Data
When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.
We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyses usage patterns in order to make improvements to our Services.
- Third Party Sites
Our Services may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.
- User Generated Content
You may share personal data with us when you submit user generated content to our Services, including via our rewards program, forums, message boards, blogs, or other types of interaction on our Services. Please note that any information you post or disclose on our Services will become public information, and will be available to other users of our Services and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Services. Such personal data and other information will not be private or confidential once it is published on our Services.
If you provide feedback to us, we may use and disclose such feedback on our Services, provided we do not associate such feedback with your personal data. If you have provided your consent to do so, we may post your first and last name along with your feedback on our Services. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy.
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 17 below.
We will only retain your personal data as long as reasonably required for you to use our Services and/or to provide you with the Services unless a longer retention period is required or permitted by law (for example for regulatory purposes).
- Our Policy on Children
Our Services are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 17 below. We will delete such information from our files as soon as reasonably practicable.
- Sensitive Personal Data
Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
When you use the TAO platform, the Company will only act as a data processor for the personal data you choose to disclose on the platform. In this respect, you guaranty that you provided the related individuals with prior information on the way their data will be processed and, in the case of sensitive data, that you have obtained their prior consent.
The Company will only implement appropriate technical and security measures to protect such personal data.
- Your Rights
- Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; or (iii) our collection of sensitive personal data.
Please note that your use of some or all of the Services may be ineffective upon opt-out.
- Access, free of charge at reasonable intervals, the personal data held about you and receive additional information about how it is processed;
- Rectify any inaccurate personal data or complete any incomplete personal data;
- Seek the erasure of your personal data when the processing of your data is no longer necessary for the purposes described above, when you have withdrawn your consent to a specific processing (to the extent that consent justifies this processing), when the processing is not or no longer lawful for any reasons, when the erasure is necessary to comply with applicable law or when you object to the processing either in the absence of any overriding legitimate ground for such processing or when the processing is carried out for direct marketing purposes;
- Object at any time to processing for direct marketing purposes and to object, on grounds relating to your particular situation, to any processing based on the Comapny’s legitimate interests;
- Receive your personal data and transmit them to another company to the extent that the legitimacy of the processing lies on contractual performance and is carried out by automated means; and
- Seek the restriction of the processing for instance when you contest the accuracy of the data or when the processing is not or no longer compliant with applicable law and you have objected to the erasure of the data. Such restriction will result in the personal data being, with the exception of storage, only processed in specific cases (including with your consent or for the establishment, exercise or defense of the Company’s legal claims).
If you wish to exercise any of these rights, please contact us using the details in Section 17 below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion, in accordance with applicable law.
We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at firstname.lastname@example.org. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.
- Contact Information
We welcome your comments or questions about this Policy. You may contact us in writing at email@example.com or 40 Parc d’Activités de Capellen, L-8308 Capellen, LUXEMBOURG.