Data privacy is a core aspect of the company. That is why we focus on implementing all the necessary measures to ensure the protection and privacy of the user’s data.
The data gathered is only used to provide the best service to our customers and will never be sold to third parties. According to the Service Agreement, all the collected data is deleted after providing the service.
Our Commitment
Gaining the trust of our customers and users for whom we handle data is a big part of how we provide our service. We want our customers and users to consider why and what personal data will be used.
It is necessary to consider that the European guidelines follow the most ethical way to collect, process, disclose, store and delete personal data.
Smowltech, as a European company, is committed to complying with the GDPR.
Furthermore, as our company is financed with the support of the European Community within the H2020 program, we are bound by strict ethical standards to maintain data privacy.
We work with AWS (Amazon) to allocate our servers in the regions needed by our customers to comply with any data protection regulation. Our servers are located in the EU. We do not carry out any data transfer to any country outside the EU, allowing us to comply adequately with the GDPR.
Smowltech may also gather information during the interaction with technical support or sales teams. All the information will be stored and treated under the GDPR terms. All the users will have the right to access, correct, export, delete, withdraw consent, object to processing, or suspend their personal information.
What data is gathered?
The data gathered will depend on the type of service that the customer requires. Smowltech has defined a modular service that collects the minimum data to fulfil the customer needs. Smowltech always works on being proportional concerning the client’s requirements and the data to be ordered. Therefore, we will never ask for any additional data from the users than the previously agreed contract with the customer.
To obtain the minimum possible data and always maintain the privacy and anonymity of the user, we link the data gathered from users to an idUser code they have on the platform, instead of using names, surnames, mails, etc.
What is the GDPR?
- The General Data Protection Regulation
It is a legal framework that sets guidelines for collecting and processing personal information. It is the core of Europe’s digital privacy legislation. - For Who?
It applies to organisations in all member-states and has implications for businesses and individuals across Europe and beyond. - Objective
It aims to simplify the regulatory environment for business so both citizens and companies in the European Union can fully benefit from the digital economy. - Accessibility
It demands information on how to contact the DPO and other relevant staffers. These must be accessible so that users may exercise their EU data rights.
How does Smowltech comply with the GDPR?
We have developed our SMOWL system thinking about the importance of the privacy of its users and complying with all the guarantees required by European regulations on the protection of personal data.
FERPA: Protection and Privacy of Educational Records
FERPA (Family Educational Rights and Privacy Act) is a federal law in the United States that protects the privacy of student’s educational records. The law gives parents and students the right to review academic records and request corrections. Also, it limits who can share these records without explicit consent from parents or students.
At Smowltech, we are committed to protecting the privacy of students’ educational records during the proctoring process. We comply with data privacy regulations, including FERPA, the EU’s GDPR, and California’s CCPA. We work closely with educational institutions that adopt our proctoring solution to ensure compliance with regulations and offer training and guidance to ensure they understand how student information is handled.
We use encryption and store student data on secure AWS servers. Only institutions that have adopted our proctoring solution can access their users’ data, and data is stored for the time stipulated by law. Our employees receive training in privacy and data protection. We notify our clients by email in case of privacy breaches.
At Smowltech, we constantly work to ensure that our processes and technologies meet the strictest requirements for data protection. Users can trust that their educational records are secure at all times.
REGISTRATION OF TREATMENT ACTIVITIES:
We have a record of treatment activities according to the personal data protection regulations, determining the purpose for which the data is processed, type, time of conservation of the same, etc.
IMPACT ASSESSMENT ON DATA PROTECTION (DPIA):
To analyse, evaluate and manage the risks associated with the processing of personal data from your SMOWL system, which allows you to regularly improve everything related to the security and privacy of the personal data of its users. In addition, a template is available to make it easier for new clients to develop their DPIAs.
PROACTIVE RESPONSIBILITY AND SECURITY:
We comply with the principles established in the regulations and with particular emphasis on privacy in the design and by default in all the technological development that it carries out and on proactive responsibility in establishing the highest security standards for all the data it deals with in its systems. In addition, it is always sought to obtain and process the minimum possible user data to respond to the intended purpose, thus complying with the principle of data minimization. You will not have access at any time to the identity of the student or any personal data, and the images will be assigned exclusively to a code granted by the training centre for each student.
Finally, annual audits are carried out to improve security continuously. Finally, we confirm that Smowltech processes and stores all data within the European Union. Likewise, it has all the necessary documents and contracts in compliance with European and Spanish regulations on data protection and the development of privacy policies following European rules.
USER RIGHTS:
It has developed adequate procedures to respond to the rights of users (right of access, rectification, portability, forgetting, limitation of treatment, opposition and deletion of personal data), as well as the system to notify gaps in security if they could proceed.
DATA PROTECTION DELEGATE:
A Data Protection Delegate has been appointed to ensure compliance. Do not hesitate to get in touch via email at [email protected].
Which are our Privacy Principles?
- Gather only the necessary personal information, which would not be excessive or kept for longer than needed for providing the service.
- Guarantee that the information is processed fairly and lawfully.
- Provide transparency with the information collected only for specific and lawful purposes.
- Constantly work on making safer products and services.
- Provide communication channels to contact us easily.
- Anonymize data before making secondary use in statistics.
- Ensure that the information will be kept secure and inaccessible to those who don’t have the right to access it.
- We will never keep, export or sell personal information for any other purpose.
Information from Children
- Parental consent is required to use our services under the age of 16. We do not knowingly collect, maintain, or use personally identifiable information from children under 16.
- We encourage parents and legal guardians to monitor their children’s Internet usage and help enforce our Privacy Policy by instructing their children never to provide Personal Information on our Services without their permission.
- If we discover that a child under 16 years of age has provided us with Personal Information, we will delete such information.
FAQs
- Entre su organización y Smowltech, se firmará un contrato de gestión de datos donde se establecen las obligaciones y responsabilidades en materia de protección de datos personales.
- Realizar una evaluación de impacto sobre la privacidad con el fin de analizar, evaluar y gestionar tanto los riesgos asociados al tratamiento de datos personales como determinar la proporcionalidad y necesidad del sistema.
- Incluir el sistema Smowltech dentro de los registros de actividades de tratamiento de la organización para determinar el tipo de datos que se procesan.
- Determinar la legitimidad necesaria y establecer los sistemas para contar con el consentimiento (en su caso) para que sus usuarios, estudiantes, etc. puedan utilizar SMOWL de acuerdo con la normativa de protección de datos.
- Desarrollar los procedimientos adecuados para dar respuesta a las solicitudes referentes a los derechos que corresponden a los usuarios (derecho de acceso, rectificación, portabilidad, olvido, limitación del tratamiento, oposición y supresión de los datos personales), así como el sistema para notificar las brechas de seguridad en caso de que procedan.
- Designar un Delegado de Protección de Datos si no lo tiene.
La entidad responsable de la recogida y tratamiento de sus datos personales es la empresa Smiley Owl Tech, S.L. (en adelante Smowltech) con CIF B75073452 y domicilio social en c / Arturo Campion 22, 20018 Donostia – San Sebastián (España). Smowltech respeta y se compromete a proteger la privacidad de cualquier persona que nos proporcione información personal. Para ello, Smowltech ha adaptado este sitio web a los requisitos del Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo de 27 de abril de 2016 relativo a la protección de las personas físicas en lo que respecta al tratamiento de datos personales y la libre circulación de estos datos y por la que se deroga la Directiva 95/46 / CE (GDPR).
Reconocemos y tomamos en serio nuestra responsabilidad de proteger la información que se nos confía. Por ello, en Smowltech hemos adoptado las medidas necesarias para evitar la alteración, pérdida, tratamiento o acceso no autorizado de los datos personales. En cuanto a la confidencialidad del tratamiento, Smowltech se asegurará de que cualquier persona que esté autorizada para tratar los datos personales, estará bajo la correspondiente obligación de confidencialidad (ya sea un deber contractual o legal).
Tenga en cuenta que, si bien Smowltech hace todos los esfuerzos razonables para proteger su información personal y evitar cualquier acceso no autorizado, las medidas de seguridad de Internet no son infalibles. En cualquier caso, en el caso de un incidente de seguridad, Smowltech le notificará sin demoras indebidas y le proporcionará información oportuna relacionada con dicho incidente, según se conozca o cuando se solicite razonablemente.
Smowltech se reserva el derecho a modificar la presente política para adaptarla a novedades legislativas o jurisprudenciales, así como a prácticas de la industria. En tales casos, los cambios introducidos se anunciarán en esta página con una anticipación razonable de su implementación.
Changes to this Policy
Please review this Policy periodically, especially before you provide any Personal Information. Smowltech reserves the right to change this Policy from time to time by posting an updated policy to this site, and the “last updated date” will be updated. We may also provide you additional notice, such as adding a statement to the home screen or sending you an email notification. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.
Contact us
If you have any concerns or questions about our Privacy Policy and the treatment of the data we gather, feel free to reach out to us:
User Support Center
[email protected]
Portuetxe Kalea, 53 B, 20018 DONOSTIA/SAN SEBASTIÁN, GIPUZKOA
This document was last updated on February 10, 2022.