What are our governing principles for privacy & security?
“We comply with GDPR regulation”
In doing so we strive to be in compliance with the key principles of the EU’s General Data Protection Regulation (GDPR), in that our processing is lawful, fair and transparent. Lawful in that all processing is based on a legitimate purpose. Fair in that we take our responsibility seriously and do not process data for any purpose other than the legitimate purposes. Transparent in that we inform data subjects about the processing activities on personal data. (‘Processing” and ‘Personal data/information’ shall have the meaning ascribed to them under the General Data Protection Regulation (Regulation (EU) 2016/679)).
What information do we collect?
We receive and store information about you that we receive from you or your institution. This information may include personal information such as your name and email address – as well as information that is needed for using our feedback and assessment services in practice, such as classes and courses you teach or are enrolled in, and a profile picture if you have uploaded one.
We receive and record information on our server logs from your browser including your IP address and the page you requested. We also record the details of your activity on our platform, such as the number of feedback comments, time spent on studying each feedback, and the student feedback on the comments.
How do we use your information?
We use the information we receive from you or your institution only to meet the overall goal of enhancing learning and teaching at your institution through feedback and assessment services for written assignments and everything related to them – assignment prompts, feedback commentary, rubrics, student uploads, etc.
You will at all times retain 100% ownership of your content. We do not, and will not, use the content created by you using our services for any purpose other than to deliver, support, and develop our services.
We will not sell or rent your information to anyone outside of the company. Only with your consent, we may share your personally identifiable information with third parties for the purpose of providing the services, for example in order to integrate with your institution’s learning management system (LMS/VLE), plagiarism control provider or publishers’ online learning materials your institution subscribes to.
How do we keep your information safe?
We take all measures within our means and resources to keep your personal data safe and secure at all times. Our data is stored in the EU with physical, digital and procedural safeguards in place to protect your personal data from being accessed, disclosed, altered, or destroyed, including the use of SSL encryption and redundant servers and data centers. We store information both on our own servers, co-located at a server center in Denmark, and on Microsoft Azure cloud servers located in Germany.
Passwords are required to access your personal data. We cannot ensure the safety of your data if you in anyway compromise the security measures put in place around your access to our services. We therefore kindly ask you to keep your password safe.
The services may contain links to other sites. We are not responsible for the privacy policies and practices on other sites, e.g. via links inserted by users.
Where necessary, for data transfers outside the EEA, we accommodate GDPR requirements by utilising the Model Contractual Clauses of the EU Directive 95/46/EC.
What information can you access?
Depending on the service used, you can at all times access and/or modify your profile data through the service’s profile page.
You can at all times request to get a copy of your data by writing to firstname.lastname@example.org. The format will depend on which of our services and products (Edword, Edword Office, EasyCorrect for Word, EasyCorrect for Google Docs) you use, the requested data and your preferences. User information, assignments and comment sets will typically be delivered in a JSON format, but other formats such as CSV and XML can also be accommodated for.
Large parts of your data can be downloaded directly from our services. Regarding the right to be forgotten, see the section below.
How can you delete your information?
You can at any moment contact us at email@example.com and request all data related to you and your activity be deleted. Our prefered standard procedure is to keep the data in an anonymized form, not to be shared with any third party, with the purpose of developing and improving our services. If you do wish to fully delete all data pertaining to your activity in the platform simply clarify this and we will do so. Any deletion or anonymization of your data on your request will be performed within 48 hours during normal business hours.
If you decide to withdraw from our services, but do not explicitly request us to delete your data, we will save your profile in a disabled state as well as your platform activity data for three years from the date your last license expires. We do this in order to enable you to, at a later time, reactivate your profile without having to recreate content. After three years we will keep the data in an anonymized form, not to be shared with any third party, with the purpose of developing and improving the services, but we cannot revert this anonymization.
If you have any questions, do not hesitate to contact us at firstname.lastname@example.org.