Data privacy is a core aspect of the company. That is why we focus on implementing all the necessary measures to ensure the protection and privacy of the user’s data.
The data gathered is only used to provide the best service to our customers and will never be sold to third parties. According to the Service Agreement, all the collected data is deleted after providing the service.
Gaining the trust of our customers and users for whom we handle data is a big part of how we provide our service. We want our customers and users to consider why and what personal data will be used.
It is necessary to consider that the European guidelines follow the most ethical way to collect, process, disclose, store and delete personal data.
Smowltech, as a European company, is committed to complying with the GDPR.
Furthermore, as our company is financed with the support of the European Community within the H2020 program, we are bound by strict ethical standards to maintain data privacy.
We work with AWS (Amazon) to allocate our servers in the regions needed by our customers to comply with any data protection regulation. Our servers are located in the EU. We do not carry out any data transfer to any country outside the EU, allowing us to comply adequately with the GDPR.
Smowltech may also gather information during the interaction with technical support or sales teams. All the information will be stored and treated under the GDPR terms. All the users will have the right to access, correct, export, delete, withdraw consent, object to processing, or suspend their personal information.
What data is gathered?
The data gathered will depend on the type of service that the customer requires. Smowltech has defined a modular service that collects the minimum data to fulfil the customer needs. Smowltech always works on being proportional concerning the client’s requirements and the data to be ordered. Therefore, we will never ask for any additional data from the users than the previously agreed contract with the customer.
To obtain the minimum possible data and always maintain the privacy and anonymity of the user, we link the data gathered from users to an idUser code they have on the platform, instead of using names, surnames, mails, etc.
What is the GDPR?
- The General Data Protection Regulation
It is a legal framework that sets guidelines for collecting and processing personal information. It is the core of Europe’s digital privacy legislation.
- For Who?
It applies to organisations in all member-states and has implications for businesses and individuals across Europe and beyond.
It aims to simplify the regulatory environment for business so both citizens and companies in the European Union can fully benefit from the digital economy.
It demands information on how to contact the DPO and other relevant staffers. These must be accessible so that users may exercise their EU data rights.
How does Smowltech comply with the GDPR?
We have developed our SMOWL system thinking about the importance of the privacy of its users and complying with all the guarantees required by European regulations on the protection of personal data.
FERPA: Protection and Privacy of Educational Records
FERPA (Family Educational Rights and Privacy Act) is a federal law in the United States that protects the privacy of student’s educational records. The law gives parents and students the right to review academic records and request corrections. Also, it limits who can share these records without explicit consent from parents or students.
At Smowltech, we are committed to protecting the privacy of students’ educational records during the proctoring process. We comply with data privacy regulations, including FERPA, the EU’s GDPR, and California’s CCPA. We work closely with educational institutions that adopt our proctoring solution to ensure compliance with regulations and offer training and guidance to ensure they understand how student information is handled.
We use encryption and store student data on secure AWS servers. Only institutions that have adopted our proctoring solution can access their users’ data, and data is stored for the time stipulated by law. Our employees receive training in privacy and data protection. We notify our clients by email in case of privacy breaches.
At Smowltech, we constantly work to ensure that our processes and technologies meet the strictest requirements for data protection. Users can trust that their educational records are secure at all times.
REGISTRATION OF TREATMENT ACTIVITIES:
We have a record of treatment activities according to the personal data protection regulations, determining the purpose for which the data is processed, type, time of conservation of the same, etc.
IMPACT ASSESSMENT ON DATA PROTECTION (DPIA):
To analyse, evaluate and manage the risks associated with the processing of personal data from your SMOWL system, which allows you to regularly improve everything related to the security and privacy of the personal data of its users. In addition, a template is available to make it easier for new clients to develop their DPIAs.
PROACTIVE RESPONSIBILITY AND SECURITY:
We comply with the principles established in the regulations and with particular emphasis on privacy in the design and by default in all the technological development that it carries out and on proactive responsibility in establishing the highest security standards for all the data it deals with in its systems. In addition, it is always sought to obtain and process the minimum possible user data to respond to the intended purpose, thus complying with the principle of data minimization. You will not have access at any time to the identity of the student or any personal data, and the images will be assigned exclusively to a code granted by the training centre for each student.
Finally, annual audits are carried out to improve security continuously. Finally, we confirm that Smowltech processes and stores all data within the European Union. Likewise, it has all the necessary documents and contracts in compliance with European and Spanish regulations on data protection and the development of privacy policies following European rules.
It has developed adequate procedures to respond to the rights of users (right of access, rectification, portability, forgetting, limitation of treatment, opposition and deletion of personal data), as well as the system to notify gaps in security if they could proceed.
DATA PROTECTION DELEGATE:
A Data Protection Delegate has been appointed to ensure compliance. Do not hesitate to get in touch via email at [email protected].
Which are our Privacy Principles?
- Gather only the necessary personal information, which would not be excessive or kept for longer than needed for providing the service.
- Guarantee that the information is processed fairly and lawfully.
- Provide transparency with the information collected only for specific and lawful purposes.
- Constantly work on making safer products and services.
- Provide communication channels to contact us easily.
- Anonymize data before making secondary use in statistics.
- Ensure that the information will be kept secure and inaccessible to those who don’t have the right to access it.
- We will never keep, export or sell personal information for any other purpose.
Information from Children
- Parental consent is required to use our services under the age of 16. We do not knowingly collect, maintain, or use personally identifiable information from children under 16.
- If we discover that a child under 16 years of age has provided us with Personal Information, we will delete such information.
- A treatment manager contract between your organisation and Smowltech will be signed where the obligations and responsibilities in personal data protection are established.
- Carry out a privacy impact assessment to analyse, evaluate, and manage the risks associated with the processing of personal data and determine the proportionality and need for the system.
- Include the Smowltech system within the records of treatment activities that the organisation has to determine the type of processed data.
- Determine the necessary legitimacy and establish the systems to have the consent (if applicable) so that its users, students, etc., can use SMOWL following data protection regulations.
- Develop the appropriate procedures to respond to the rights that users are entitled to (right of access, rectification, portability, forgetfulness, limitation of treatment, opposition and deletion of personal data), as well as the system to notify breaches of security if they could proceed.
- Appoint a Data Protection Officer if you do not have one.
The entity responsible for collecting and processing your data is the company Smiley Owl Tech, SL (hereinafter Smowltech) with CIF B75073452 and registered office at c / Arturo Campion 22 20018 Donostia – San Sebastián (Spain). Smowltech respects and is committed to protecting the privacy of anyone who provides us with personal information.
Smowltech adapted the website to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 regarding the protection of natural persons concerning the processing of personal data and the free circulation of these data and by which Directive 95/46 / CE (GDPR) is repealed.
Smowltech will ensure that any person authorised to process the personal data will be under the corresponding obligation of confidentiality (either a contractual or legal duty) about the confidentiality of the processing. We recognize and take our responsibility very seriously to protect the information entrusted to us. Therefore, at Smowltech, we have adopted the necessary measures to prevent the alteration, loss, treatment or unauthorised access of personal data.
While Smowltech makes all reasonable efforts to protect your personal information and prevent unauthorised access, Internet security measures are not infallible. In any event, in the event of a security incident, Smowltech will notify you without undue delay and provide you with timely information related to such incident, as known or when reasonably requested.
The Smowltech company reserves the right to modify this Policy to adapt it to new legislation or jurisprudence and industry practises. In such cases, the changes introduced will be announced on this page with reasonable anticipation of their implementation. This Policy was updated on November 3rd. 2020.
Changes to this Policy
Please review this Policy periodically, especially before you provide any Personal Information. Smowltech reserves the right to change this Policy from time to time by posting an updated policy to this site, and the “last updated date” will be updated. We may also provide you additional notice, such as adding a statement to the home screen or sending you an email notification. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.
This document was last updated on February 10, 2022.