1. Introduction
We are committed to ensuring the highest standards of privacy and personal data protection. This page outlines our Privacy Policy and the security measures in place to safeguard our user’s data.
We collect only the minimum amount of personal information needed for the effective usage of our online platform. Through the access to the features in the NUADU platform, we’ll provide you with assignments and results as well as other educational materials.
We strive to provide the safety and security of our registered users, including students, teachers, school administrators and parents. We are sensitive to our users’ concerns about the security of personal information provided to us.
We provide our employees with training on data security and privacy as well as their obligations regarding confidentiality.
When using NUADU platform there is no ability for students to contact or communicate directly with each other. There is no chat function and each user can maintain privacy.
We strive to be fully compliant with all applicable laws such as GDPR in the EU and any national laws of any country in which our users reside. This Privacy Policy should be read together with the Terms & Conditions. Any amendments to the Privacy Policy and Terms and Conditions will be communicated via NUADU service.
2. Data collection
2.1. What personal information does NUADU platform collect?
We collect only the minimum amount of personal information needed for the eective usage of our online platform, such as:
- Initial letter/name and surname of the Student
- Class, School, Teacher Name
- Student or Teacher emails (optional)
- Parent – student account connection (if a Parent account is created – this will depend on school preferences);
2.2. What personal information do we NOT collect?
NUADU does NOT collect personal information such as:
- A photograph (unless you provide it voluntarily for your profile photo)
- Telephone number (unless you provide it voluntarily in your profile)
- Geolocation information sufficient to identify street name and name of a city or town
3. Processing and rights
3.1. Purpose and legal basis of data processing
We process personal data to:
- Display personalized messages on our website
If user will decide to log in to the NUADU educational platform, NUADU will process personal data to:
- Create profile within our online platform,
- Give access to the features of the online platform (provide with assignments and results as well as other educational materials made available through the platform) while ensuring the integrity, accessibility and confidentiality of data,
The legal basis for processing of personal data is:
- If users register an account with NUADU service:
-
- processing for the purpose of entering into an agreement – data required for account registration,
-
- performance of the agreement – data relating to user’s activity within the online platform,
-
- NUADU legitimate interest – for the exercise of NUADU rights in the event of a breach of the terms and conditions of use of the online platform.
- User’s data may be transferred to suppliers or service providers engaged by NUADU, e.g., to provide maintenance services for the online platform operated by NUADU (hosting providers, software developers). NUADU subcontractors will be selected with due diligence and provide adequate guarantees to implement the appropriate technical and organizational measures to ensure that the processing is secure and private.
- User’s data is processed by NUADU subcontractors within the Territory of the European Union:
-
- NUADU Sp z o.o., Kapitanska 47 street, 81-249 Gdynia, Poland – platform maintenance, technical assistance and support,
-
- Tenesys Sp. z o.o. ul. Rubież 46, 61-612 Poznań; Poland – maintenance and hosting services provider,
-
- APN Promise S.A. ul. Domaniewska 44a, 02-672 Warsaw, Poland – hosting services provider
-
- CRISP IM SARL 2 Boulevard de Launay, 44100 Nantes, France – archive of messages and user’s activities via chat.
- Suppliers and service providers will only process data based on agreements made with NUADU and in line with our instructions.
- The data provided by users is subject to automated data processing to enable users to log in to NUADU online platform, give assignments and present results, as per parameters set by an author of each respective assignment. User’s data will not be used for profiling (we will not predict your future actions based on user’s data).
- NUADU will keep your personal information confidential and not sell or divulge user’s information to advertisers or any external third parties.
3.2. User rights associated with personal data processing:
Users have the right to access and correct any personal Information contained on NUADU platform, as specified below. Changes to personal information will apply to both NUADU platform services and related third parties such as Microsoft Azure. Users may also email and request changes to be made.
The rights of the individuals as provided under GDPR include the following rights:
- right to demand access user’s personal data – user have the right to obtain. confirmation from NUADU whether any of his/her personal data has been / is being processed;
- right to demand rectification of user’s personal data – user have the right to obtain from us the rectification of user’s inaccurate personal data;
- right to demand deletion of user’s personal data;
- right to demand limitation of processing of user’s personal data;
- right to object to the processing of user’s personal data due to special circumstances
- right to portability of your personal data, i.e. right to receive your personal data from us in a structured, commonly used and machine – readable format. You have the right to transmit that data to another data controller or demand that we send it to another data controller, where technically feasible. You will have that right in respect of data that is processed under an agreement made with you or based on your consent;
- Right to lodge a complaint with a supervisory authority, i.e. President of Personal Data Protection Office.
4. Security
- We are committed to ensuring that the User’s information is secure.
- We use all reasonable endeavors to keep the personal information we collect and use in a secure environment, and we have implemented technical, administrative and physical security measures that are designed to protect personal information from unauthorized access, disclosure, use and modification. As part of our privacy compliance processes we review these security procedures to consider appropriate new technology and methods.
- Any information provided by you (including your answers) is transmitted to us through the use of SSL.
- The NUADU platform infrastructure is located on the Azure platform and meets all safety certificates. The Azure platform meets a wide set of international and industry compliance standards. In addition, the Azure platform has implemented one of the first in the world standard solutions for private privacy in the cloud, ISO/IEC 270.
- Microsoft infrastructure:
-
- Compliance with the EU Data Protection Directive (95/46 / EC) and the Safe Harbor Framework enables the storage and processing of personal data of EU citizens, including citizens of the Republic of Poland, in the Microsoft cloud.
-
- 28 inspectorates for the protection of personal data (including the Polish General Inspector for Personal Data Protection) approved Microsoft’s commitments in the field of cloud solutions.
-
- Microsoft data centers are subjected to cyclical Security Audits carried out by independent entities – Customers have full access to reports and analyzes.
-
- The Microsoft infrastructure meets the certification requirements, including for:
-
-
- ISO / IEC 27001: 2005 and SOC 1 / SSAE 16 / ISAE 3402 and SOC 2;
-
-
- Cloud Security Alliance (CSA) and FedRAMP
-
-
- Payment Card Industry (PCI) Data Security Standards (DSS)
-
-
- UK G-Cloud, HIPAA BAA, EU model clauses, IRAP, MTCS.
- NUADU will use all reasonable endeavours to keep the personal information NUADU collects and use in a secure environment, and we have implemented technical, administrative, and physical security measures that are designed to protect personal information from unauthorised access, disclosure, use and modification. As part of our privacy compliance processes we review these security procedures to consider appropriate new technology and methods.
Further information regarding data storage and security of the Microsoft Azure Cloud, including the latest update and compliance information, can be found at http://news.microsoft.com/security2015 and https://www.microsoft.com/en-us/trustcenter/security/azure-security.
User data is uploaded to and stored on our servers located in the Amsterdam, Holland which are maintained by Microsoft Azure. (https://azure.microsoft.com/en-au/regions) Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex international regulations.
Data controler of user’s personal data:
The Data Controller, that is the entity deciding how your personal data will be used, is NUADU Sp. z o.o. with its registered office in Gdynia, al. Zwycięstwa 241/13, 81-521 Gdynia, Poland (KRS 0000522737, NIP: 5862292090) Email address: biuro@NUADU.pl
Data protection supervisor:
The Data Protection Supervisor is a point of contact regarding all matters associated with personal data processing (including your rights associated with data processing): krzysztof.jankowski@litwic.pl
5. Cookies
Cookies are text files that are stored on users’ device (e.g. computer, smartphone) when visiting various websites. They enable the use of full functionality of a given website, make it easier to navigate and display a page tailored to your individual needs. Cookies usually contain the name of the website they come from, have their own unique number and specify the time for which they will be stored on your device.
Cookies in NUADU platform:
- are used also for needs of statistics – cookies analyse data about web page traffic and improve the NUADU platform Service in order to tailor it to customer needs.
- are placed as Users enter and exit NUADU platform. Cookies do not interfere with the operation of User’s end device;
- are not used to identify individuals or to establish the identity of Users.
Each User has the right to object to placement of cookies on its device. Most web browsers automatically accept cookies, but the User can usually modify browser setting to decline cookies. This may prevent the User from taking full advantage of NUADU platform Services.
6. Data holding
Users’ personal data shall be kept for a period not longer than is necessary for the purposes for which the data is provided. After the licence period has expired, all NUADU platform user data will then be irrevocably deleted. Schools are typically licensed for a one-year period, which can then be renewed. NUADU may however retain and use personal information as necessary to comply with our legal and regulatory obligations, to resolve disputes and to enforce our agreements.
NUADU reserves the right to change, modify, or revise this Privacy Policy in order to comply with any applicable laws, to reflect changes in our processes or for any other reason at any time. Material changes in our Privacy Policy will be communicated through the NUADU platform and website.