Grade Academy Data Protection Statement
Date last updated: 5-07-20
This data protection statement has been compiled to better serve those who are concerned with how their Personal Data is being used online. “Personal Data” means data which identifies a person or could identify a person, such as their name, contact details, purchase history or web browsing history. It applies to Personal Data that we collect, use and otherwise process in connection with your relationship with us as a customer, supplier, partner, investor, visitor to our website or prospective employee. Please read our Data Protection Statement carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personal Data.
1. ABOUT US
We are Grade Academy, an online platform that helps second-level students by providing them with learning content supplied by teachers. This Data Protection Statement covers how we process Personal Data where we are controllers for the purposes of the General Data Protection Regulation (“GDPR”). Please contact us if you have any questions about this Data Protection Statement or the Personal Data we hold about you by email at: email@example.com
2. WHAT PERSONAL DATA DO WE PROCESS IN ORDER TO OPERATE OUR BUSINESS?
We engage with students mainly but also with parents and teachers who are providing support to students when studying for the leaving certificate.
When registering on our site or using our website, as appropriate, you may be asked to enter your name, email address, phone number, credit card information, or other details to help you with your experience.
3. WHEN DO WE COLLECT PERSONAL DATA?
We collect information from you when you pre-register on our site, subscribe to our newsletter, fill out a form or enter information on our site, respond to a survey or marketing communication, surf our website, apply for a job at Grade Academy, attend a Grade Academy event, or engage with us as a partner, investor, customer or supplier.
4. HOW DO WE PROCESS YOUR PERSONAL DATA?
We process your Personal Data for the following purposes:
• to improve our website in order to better serve you;
• to allow us to better serve you in responding to your customer service requests;
• to contact you in connection with our services;
• to contact you repayments to and from you;
• to notify you of any updates to this Data Protection Statement;
• for customer relationship management and support;
• to provide you with information about our events and services;
• for communications between us in connection with our products/services or for our events;
• to process payments to and from our business;
• for internal research to better understand the accuracy of our platform and hence improve our services over time.
5. LAWFULNESS OF PROCESSING
All processing of Personal Data under the GDPR must be lawful. Processing will only be lawful if we have a legal basis for processing. Here we provide further information about the legal grounds we have for processing Personal Data.
Processing is lawful if it is necessary for the performance of a contract. We undertake the following processing under this heading:
• in order to contact you in connection with our products/services under the contract;
• to contact you regarding payments to and from you;
• to manage the service we provide to you; and
• to process payments to and from our business.
Where we process Personal Data with your consent, we will ensure that consent is specific, informed and unambiguous. You may withdraw consent for processing by sending an email to firstname.lastname@example.org. We sometimes process Personal Data on the basis of consent where we send you Yooni related information as part of our newsletters or similar communications and for certain events that we organise.
5.3. LEGITIMATE INTERESTS
We will only process Personal Data under this legal ground where we have assessed and verified that the legitimate interest pursued does not override your rights to privacy. Our legitimate interests include:
• our interest in providing the best service we can to our customers and growing our business;
• our interest in conducting research and analytics on our products and services so that we can understand which services are most popular on our website;
• our interest in obtaining payment for products and services provided;
• our interest in protecting our intellectual property rights;
• our interest in promoting and developing our business;
• our interest in recruiting the best possible talent for our business;
• our interest in ensuring the safety and security of users of our website and our products and services.
5.4. COMPLIANCE WITH LEGAL OBLIGATIONS
We will process Personal Data where we have a legal obligation to do so.
6. SHARING OF PERSONAL DATA
In order to provide our products and services we will need to share your Personal Data with third parties. Any transfer of Personal Data will only be undertaken in compliance with the GDPR. In this section we provide information on the categories of recipients of the Personal Data we process.
6.1. BUSINESS PARTNERS, INVESTORS, CUSTOMERS & SERVICE PROVIDERS
Will receive your Personal Data if:
• you have requested us to refer your details on;
• if we are collaborating on an event or similar activity;
• you have agreed to share feedback as a customer reference;
• in connection with, or during the negotiation of any investment, merger or sale of the business;
• we engage with marketing partners to market our products/services;
• we engage data analytics providers to develop our website;
• we engage software developers to further develop our website or software service;
• we need to engage with consultants, lawyers, accountants, insurers and other professional service providers; and
• if we require help to deliver our services to you including for example:
o CRM application suppliers;
o payment processors and facilitators; and
o IT and Cloud solution providers including back up and hosting of Personal Data.
6.2. LAW ENFORCEMENT OFFICERS, DATA PROTECTION COMMISSION, GOVERNMENT OFFICIALS OR SIMILAR PARTIESS
Will receive your Personal Data:
• if required by applicable law, regulation, operating agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns;
• if this is necessary for the purpose of enforcing the terms of any contract that we have entered into with you;
• in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
• to protect our rights, property, or safety, or that of you or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
7. HOW DO WE PROTECT YOUR PERSONAL DATA?
We take the protection of your Personal Data seriously. We have taken the necessary steps to safeguard your Personal Data.
7.1. STEPS WE TAKE
We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law. In particular, we have put in place appropriate physical, technical, and organisational procedures to safeguard and secure the Personal Data we process. To protect the privacy and security of the Personal Data, we will also take reasonable steps to verify your identity before granting access to information as appropriate. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We also use secure connections to protect Personal Data during its transmission using SSL (Secure Socket Layer) technology. In the event that we use a third party processor (see Sharing of Personal Data) your Personal Data may be transferred outside of the European Union or EFTA States. We ensure that any such transfer is undertaken using legally compliant transfer mechanisms in compliance with the GDPR.
We only keep your data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.
8.1. RETENTION PERIODS
We retain certain transaction information for a period of 7 years for the purposes of regulatory, tax, insurance or other requirements. You can request to have your Personal Data deleted. Grade Academy will then delete Personal Data that is it not required to retain. We will restrict internal access to Personal Data that we are required to retain.
9. YOUR RIGHTS
You have a number of rights to control your Personal Data that we collect and how we use it. There are certain exemptions to these rights. We will always communicate with you and let you know if you seek to exercise of your rights and a legal exemption applies.
9.1. RIGHT OF ACCESS
You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge but we may charge you a reasonable fee for any additional copies. We cannot give you access to a copy of your Personal Data if this would adversely affect the rights and freedoms of others.
9.2. RIGHT OF CORRECTION
If we have Personal Data about you that you believe to be inaccurate, you have the right to request correction of your Personal Data.
9.3. RIGHT TO BE FORGOTTEN
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
• your Personal Data is no longer needed for the purpose that it was collected in the first place;
• you have removed your consent for us to use your Personal Data (where there is no other legal reason us to use it);
• there is no legal reason for the use of your Personal Data;
• deleting the Personal Data is a legal requirement;
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
9.4. RIGHT OF RESTRICTION
When Personal Data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
9.5. RIGHT TO DATA PORTABILITY
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability. This right only applies if we’re using your personal information under the lawful grounds of consent or pursuant to a contract and the processing is automated and not manual. It does not apply where it would adversely affect the rights and freedoms of others.
1.1. RIGHT TO OBJECT
You have the right to object to the processing of your Personal Data where processing is:
• on the grounds of public interest or legitimate interest including profiling based on these grounds;
• for direct marketing purposes.
1.2. RIGHT TO MAKE A COMPLAINT
You have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR. The contact details for the Data Commission in Ireland are:
Address: Canal House, Station Road, Portarlington, R32 AP23, County Laois
Tel Lo-Call: 1890 252 231